| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet 40 Objekte pup.blabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.10.2012, 10:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malwarebytes findet 40 Objekte pup.blabbers Log ist unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.10.2012, 10:12
| #17 |
 | Malwarebytes findet 40 Objekte pup.blabbers Oh, Entschuldigung. Hier der zweite Versuch:
__________________Code:
ATTFilter OTL logfile created on: 17.10.2012 20:15:45 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thiede\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,61 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 57,75% Memory free 3,21 Gb Paging File | 1,58 Gb Available in Paging File | 49,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 128,18 Gb Total Space | 19,72 Gb Free Space | 15,39% Space Free | Partition Type: NTFS Drive D: | 144,91 Gb Total Space | 144,81 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive H: | 465,73 Gb Total Space | 406,86 Gb Free Space | 87,36% Space Free | Partition Type: NTFS Computer Name: THIEDE-PC | User Name: Thiede | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.17 20:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thiede\Downloads\OTL.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.16 16:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2012.02.16 11:37:16 | 000,322,176 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012.02.15 17:38:10 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012.02.02 16:33:32 | 002,321,072 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011.10.24 17:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2011.10.22 07:24:35 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.25 11:50:50 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2011.08.25 11:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.23 20:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe PRC - [2011.01.23 20:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe PRC - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.04.16 13:23:56 | 000,479,232 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2012.01.31 09:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011.08.25 11:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2011.01.23 20:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe MOD - [2011.01.23 20:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2012.03.22 10:19:48 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.12.15 09:04:50 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.01.25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2010.09.08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2010.04.14 15:01:44 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device) SRV:64bit: - [2010.04.14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.10.10 09:49:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.08 18:34:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.25 11:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010.09.08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010.04.14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2010.04.14 15:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.22 19:52:08 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.03.22 09:26:34 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 20:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2011.03.26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2011.03.26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2011.03.26 11:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 20:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.04 17:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.18 11:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.29 16:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{5E621127-BACD-4949-8908-D9ACA62A1F4C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc} IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{EC97BAA4-1DFE-4DA3-8703-E036763BAA77}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=675fab56-9798-4a8a-806e-a2e77ff85b60&apn_sauid=5C5DD616-3923-4336-B7A0-9B9668B9AB39 IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.08 19:41:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.13 23:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.08 19:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.10.08 19:41:26 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [lxeemon.exe] C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Thiede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3418FBC2-1F91-4907-A007-F4948E2763DC}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1C6DD4B-D96D-40FD-8CE6-ECC0E720E9D7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7101be8e-393b-11e1-8ed2-5404a6705fdf}\Shell - "" = AutoRun O33 - MountPoints2\{7101be8e-393b-11e1-8ed2-5404a6705fdf}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 19:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.16 19:57:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Thiede\Desktop\esetsmartinstaller_enu.exe [2012.10.14 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.14 12:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.14 10:42:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.10.13 22:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.13 22:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.13 22:49:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.13 22:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.08 10:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.08 09:58:57 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.08 09:58:57 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.08 09:58:57 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.08 09:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.08 09:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.17 20:28:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.17 20:27:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.17 20:14:08 | 000,001,428 | ---- | M] () -- C:\Users\Thiede\Desktop\OTL.exe - Verknüpfung.lnk [2012.10.17 19:49:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.17 17:35:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.17 17:35:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.17 17:23:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.17 17:23:06 | 1292,673,024 | -HS- | M] () -- C:\hiberfil.sys [2012.10.17 08:14:48 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.17 08:14:48 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.17 08:14:48 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.17 08:14:48 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.17 08:14:48 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.16 19:57:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Thiede\Desktop\esetsmartinstaller_enu.exe [2012.10.14 11:09:17 | 000,001,076 | ---- | M] () -- C:\Users\Thiede\Desktop\Defogger.exe - Verknüpfung.lnk [2012.10.14 10:42:40 | 000,001,434 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.10.14 10:42:08 | 311,608,156 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.14 10:37:56 | 000,000,000 | ---- | M] () -- C:\Users\Thiede\defogger_reenable [2012.10.13 22:49:49 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.11 20:50:03 | 000,042,865 | ---- | M] () -- C:\Users\Thiede\Desktop\2011_Betriebskosten_Abrechnung_WE05_20121009.pdf [2012.10.11 19:04:37 | 005,432,913 | ---- | M] () -- C:\Users\Thiede\Documents\lego camper.pdf [2012.10.08 19:41:58 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.08 19:29:01 | 000,002,076 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.10.08 10:00:49 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.25 16:59:05 | 000,037,376 | ---- | M] () -- C:\Users\Thiede\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.17 20:13:32 | 000,001,428 | ---- | C] () -- C:\Users\Thiede\Desktop\OTL.exe - Verknüpfung.lnk [2012.10.14 11:01:53 | 000,001,076 | ---- | C] () -- C:\Users\Thiede\Desktop\Defogger.exe - Verknüpfung.lnk [2012.10.14 10:42:08 | 311,608,156 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.14 10:37:56 | 000,000,000 | ---- | C] () -- C:\Users\Thiede\defogger_reenable [2012.10.13 22:49:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.11 20:50:02 | 000,042,865 | ---- | C] () -- C:\Users\Thiede\Desktop\2011_Betriebskosten_Abrechnung_WE05_20121009.pdf [2012.10.11 19:04:36 | 005,432,913 | ---- | C] () -- C:\Users\Thiede\Documents\lego camper.pdf [2012.10.08 10:00:49 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.22 09:50:34 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.22 09:50:34 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.21 22:54:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012.03.21 22:54:22 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.02.22 19:43:00 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll [2012.01.15 23:50:56 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll [2012.01.15 23:50:55 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll [2012.01.15 23:50:55 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll [2012.01.15 23:50:55 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll [2012.01.15 23:50:55 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll [2012.01.15 23:50:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll [2012.01.15 23:50:55 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecoms.exe [2012.01.15 23:50:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll [2012.01.15 23:50:55 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecfg.exe [2012.01.15 23:50:55 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll [2012.01.15 23:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll [2012.01.15 23:50:55 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll [2012.01.15 23:50:55 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeih.exe [2012.01.15 23:50:55 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll [2012.01.15 23:50:55 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll [2012.01.15 23:50:55 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll [2012.01.15 23:50:55 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll [2012.01.15 23:50:55 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll [2012.01.15 23:50:55 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll [2012.01.15 23:50:55 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll [2012.01.07 23:08:43 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.01 00:00:49 | 000,037,376 | ---- | C] () -- C:\Users\Thiede\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.30 21:37:41 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll [2011.11.30 21:37:40 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll [2011.10.22 07:16:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.22 06:44:43 | 1292,673,024 | -HS- | C] () -- \hiberfil.sys [2011.09.13 06:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.11 13:59:50 | 002,097,152 | -H-- | C] () -- \K43BY.BIN [2011.08.11 13:59:50 | 000,000,033 | ---- | C] () -- \RECOVERY.DAT [2011.08.11 13:59:50 | 000,000,019 | ---- | C] () -- \K43BY_K43U_K53BY_K53U_K73BY_WIN7.70 [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.29 08:03:37 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009.07.29 08:03:34 | 000,383,562 | RHS- | C] () -- \bootmgr ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.19 18:20:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\.Syncables [2012.07.19 18:20:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\.syncID [2012.02.07 11:29:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\AAV [2012.07.20 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\AMD [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012.07.08 00:00:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\ASUS [2012.08.14 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cadsoft [2011.11.04 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\ChangeFolderView [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2011.04.13 04:33:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\Downloaded Installations [2011.11.30 21:52:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ezprint [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2011.11.04 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\FolderView [2012.02.20 10:16:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lexmark Pro700 Series [2012.10.16 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lx_cats [2012.01.03 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nuance [2011.04.13 04:48:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\OberonGameConsole [2012.07.19 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\P4G [2011.04.13 04:33:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2011.10.22 07:29:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2012.05.13 11:01:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue [2012.07.20 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Western Digital [2009.07.14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009.07.14 07:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2012.10.16 11:34:02 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2009.07.14 07:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2011.11.30 21:20:18 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2012.07.19 18:41:04 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2012.04.19 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\Thiede\.tfo4 [2012.04.18 09:13:31 | 000,000,000 | ---D | M] -- C:\Users\Thiede\4.0 [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Anwendungsdaten [2011.11.04 15:21:38 | 000,000,000 | -H-D | M] -- C:\Users\Thiede\AppData [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Contacts [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Cookies [2012.10.17 20:13:32 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Desktop [2012.10.11 19:04:36 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Documents [2012.10.17 20:13:00 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Downloads [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Druckumgebung [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Eigene Dateien [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Favorites [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Links [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Lokale Einstellungen [2012.08.21 15:27:25 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Music [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Netzwerkumgebung [2012.10.11 18:44:11 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Pictures [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Recent [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Saved Games [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Searches [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\SendTo [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Startmenü [2012.07.26 18:25:32 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Videos [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Vorlagen ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.30 21:11:03 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Adobe [2011.11.30 22:44:39 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\ASUS WebStorage [2011.11.04 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\ATI [2012.10.08 10:06:40 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Avira [2012.07.26 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\DVDVideoSoft [2012.04.29 19:45:52 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.03 22:53:38 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\FLEXnet [2011.11.04 15:23:00 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Identities [2011.11.30 21:11:06 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Macromedia [2012.10.13 22:50:12 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Media Center Programs [2012.07.07 23:17:55 | 000,000,000 | --SD | M] -- C:\Users\Thiede\AppData\Roaming\Microsoft [2011.11.30 21:14:46 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Mozilla [2012.01.19 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Nero [2012.01.16 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\NeroDigital [2012.01.03 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Nuance [2012.09.19 20:31:40 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Skype [2012.01.08 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\SoftGrid Client [2012.01.07 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\TP [2011.11.30 21:53:39 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
18.10.2012, 10:21
| #18 |
| | Malwarebytes findet 40 Objekte pup.blabbers Oh, doppelt, Verzeihung. Bekomme den Beitrag nicht gelöscht
__________________ |
|
18.10.2012, 12:26
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet 40 Objekte pup.blabbersCode:
ATTFilter DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
Solche Virenscanner wie TrendMicro und Avira sollten nicht parallel betrieben werden! Deinstallieren einen der beiden!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2012, 13:29
| #20 |
| | Malwarebytes findet 40 Objekte pup.blabbers öh - wusste gar nicht, dass ich den Trendmicro habe bzw. was das ist. Der ist jetzt aber weg. Danke für den Hinweis! |
|
18.10.2012, 14:39
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet 40 Objekte pup.blabbers Ok mach dann bitte wieder wie o.g. ein neue OTL-Log
__________________ --> Malwarebytes findet 40 Objekte pup.blabbers |
|
18.10.2012, 20:21
| #22 |
| | Malwarebytes findet 40 Objekte pup.blabbers Bitteschön: Code:
ATTFilter OTL logfile created on: 18.10.2012 20:12:36 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thiede\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,61 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 29,95% Memory free 3,21 Gb Paging File | 1,63 Gb Available in Paging File | 50,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 128,18 Gb Total Space | 23,01 Gb Free Space | 17,95% Space Free | Partition Type: NTFS Drive D: | 144,91 Gb Total Space | 144,81 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive H: | 465,73 Gb Total Space | 406,82 Gb Free Space | 87,35% Space Free | Partition Type: NTFS Computer Name: THIEDE-PC | User Name: Thiede | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.17 20:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thiede\Downloads\OTL.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.16 16:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2012.02.16 11:37:16 | 000,322,176 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012.02.15 17:38:10 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012.02.02 16:33:32 | 002,321,072 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011.10.24 17:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2011.10.22 07:24:35 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.25 11:50:50 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2011.08.25 11:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.23 20:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe PRC - [2011.01.23 20:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe PRC - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.04.16 13:23:56 | 000,479,232 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2012.01.31 09:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011.08.25 11:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2011.01.23 20:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe MOD - [2011.01.23 20:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.22 10:19:48 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.12.15 09:04:50 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.01.25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2010.04.14 15:01:44 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device) SRV:64bit: - [2010.04.14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.10.10 09:49:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.08 18:34:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.25 11:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010.09.08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010.04.14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2010.04.14 15:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.22 19:52:08 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.03.22 09:26:34 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 20:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2011.03.26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2011.03.26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2011.03.26 11:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 20:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.04 17:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.18 11:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.29 16:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{5E621127-BACD-4949-8908-D9ACA62A1F4C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc} IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{EC97BAA4-1DFE-4DA3-8703-E036763BAA77}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=675fab56-9798-4a8a-806e-a2e77ff85b60&apn_sauid=5C5DD616-3923-4336-B7A0-9B9668B9AB39 IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.08 19:41:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.13 23:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.08 19:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.10.08 19:41:26 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [lxeemon.exe] C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Thiede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3418FBC2-1F91-4907-A007-F4948E2763DC}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1C6DD4B-D96D-40FD-8CE6-ECC0E720E9D7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7101be8e-393b-11e1-8ed2-5404a6705fdf}\Shell - "" = AutoRun O33 - MountPoints2\{7101be8e-393b-11e1-8ed2-5404a6705fdf}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 14:36:43 | 000,232,272 | ---- | C] (Trend Micro Inc.) -- C:\Windows\TmNSCIns.dll [2012.10.18 09:50:43 | 000,000,000 | ---D | C] -- C:\Users\Thiede\AppData\Local\2DBoy [2012.10.18 09:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2012.10.16 19:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.16 19:57:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Thiede\Desktop\esetsmartinstaller_enu.exe [2012.10.14 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.14 12:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.14 10:42:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.10.13 22:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.13 22:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.13 22:49:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.13 22:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.08 10:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.08 09:58:57 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.08 09:58:57 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.08 09:58:57 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.08 09:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.08 09:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.18 20:27:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.18 20:07:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 20:07:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 19:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.18 19:58:15 | 1292,673,024 | -HS- | M] () -- C:\hiberfil.sys [2012.10.18 19:49:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.18 19:48:57 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.18 19:48:57 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.18 19:48:57 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.18 19:48:57 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.18 19:48:57 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.18 19:46:29 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.17 20:14:08 | 000,001,428 | ---- | M] () -- C:\Users\Thiede\Desktop\OTL.exe - Verknüpfung.lnk [2012.10.16 19:57:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Thiede\Desktop\esetsmartinstaller_enu.exe [2012.10.14 11:09:17 | 000,001,076 | ---- | M] () -- C:\Users\Thiede\Desktop\Defogger.exe - Verknüpfung.lnk [2012.10.14 10:42:40 | 000,001,434 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.10.14 10:42:08 | 311,608,156 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.14 10:37:56 | 000,000,000 | ---- | M] () -- C:\Users\Thiede\defogger_reenable [2012.10.13 22:49:49 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.11 20:50:03 | 000,042,865 | ---- | M] () -- C:\Users\Thiede\Desktop\2011_Betriebskosten_Abrechnung_WE05_20121009.pdf [2012.10.11 19:04:37 | 005,432,913 | ---- | M] () -- C:\Users\Thiede\Documents\lego camper.pdf [2012.10.08 19:41:58 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.08 19:29:01 | 000,002,076 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.10.08 10:00:49 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.25 16:59:05 | 000,037,376 | ---- | M] () -- C:\Users\Thiede\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.17 20:13:32 | 000,001,428 | ---- | C] () -- C:\Users\Thiede\Desktop\OTL.exe - Verknüpfung.lnk [2012.10.14 11:01:53 | 000,001,076 | ---- | C] () -- C:\Users\Thiede\Desktop\Defogger.exe - Verknüpfung.lnk [2012.10.14 10:42:08 | 311,608,156 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.14 10:37:56 | 000,000,000 | ---- | C] () -- C:\Users\Thiede\defogger_reenable [2012.10.13 22:49:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.11 20:50:02 | 000,042,865 | ---- | C] () -- C:\Users\Thiede\Desktop\2011_Betriebskosten_Abrechnung_WE05_20121009.pdf [2012.10.11 19:04:36 | 005,432,913 | ---- | C] () -- C:\Users\Thiede\Documents\lego camper.pdf [2012.10.08 10:00:49 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.22 09:50:34 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.22 09:50:34 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.21 22:54:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012.03.21 22:54:22 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.02.22 19:43:00 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll [2012.01.15 23:50:56 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll [2012.01.15 23:50:55 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll [2012.01.15 23:50:55 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll [2012.01.15 23:50:55 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll [2012.01.15 23:50:55 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll [2012.01.15 23:50:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll [2012.01.15 23:50:55 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecoms.exe [2012.01.15 23:50:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll [2012.01.15 23:50:55 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecfg.exe [2012.01.15 23:50:55 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll [2012.01.15 23:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll [2012.01.15 23:50:55 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll [2012.01.15 23:50:55 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeih.exe [2012.01.15 23:50:55 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll [2012.01.15 23:50:55 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll [2012.01.15 23:50:55 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll [2012.01.15 23:50:55 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll [2012.01.15 23:50:55 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll [2012.01.15 23:50:55 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll [2012.01.15 23:50:55 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll [2012.01.07 23:08:43 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.01 00:00:49 | 000,037,376 | ---- | C] () -- C:\Users\Thiede\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.30 21:37:41 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll [2011.11.30 21:37:40 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll [2011.10.22 07:16:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.22 06:44:43 | 1292,673,024 | -HS- | C] () -- \hiberfil.sys [2011.09.13 06:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.11 13:59:50 | 002,097,152 | -H-- | C] () -- \K43BY.BIN [2011.08.11 13:59:50 | 000,000,033 | ---- | C] () -- \RECOVERY.DAT [2011.08.11 13:59:50 | 000,000,019 | ---- | C] () -- \K43BY_K43U_K53BY_K53U_K73BY_WIN7.70 [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.29 08:03:37 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009.07.29 08:03:34 | 000,383,562 | RHS- | C] () -- \bootmgr ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.19 18:20:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\.Syncables [2012.07.19 18:20:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\.syncID [2012.10.18 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\2DBoy [2012.02.07 11:29:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\AAV [2012.07.20 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\AMD [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012.07.08 00:00:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\ASUS [2012.08.14 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cadsoft [2011.11.04 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\ChangeFolderView [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2011.04.13 04:33:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\Downloaded Installations [2011.11.30 21:52:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ezprint [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2011.11.04 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\FolderView [2012.02.20 10:16:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lexmark Pro700 Series [2012.10.16 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lx_cats [2012.01.03 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nuance [2011.04.13 04:48:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\OberonGameConsole [2012.07.19 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\P4G [2011.04.13 04:33:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2012.10.18 10:12:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2012.05.13 11:01:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue [2012.07.20 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Western Digital [2009.07.14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009.07.14 07:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2012.10.16 11:34:02 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2009.07.14 07:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2011.11.30 21:20:18 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2012.07.19 18:41:04 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2012.04.19 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\Thiede\.tfo4 [2012.04.18 09:13:31 | 000,000,000 | ---D | M] -- C:\Users\Thiede\4.0 [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Anwendungsdaten [2011.11.04 15:21:38 | 000,000,000 | -H-D | M] -- C:\Users\Thiede\AppData [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Contacts [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Cookies [2012.10.18 08:10:05 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Desktop [2012.10.11 19:04:36 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Documents [2012.10.17 20:13:00 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Downloads [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Druckumgebung [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Eigene Dateien [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Favorites [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Links [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Lokale Einstellungen [2012.08.21 15:27:25 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Music [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Netzwerkumgebung [2012.10.11 18:44:11 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Pictures [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Recent [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Saved Games [2012.07.19 21:57:29 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Searches [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\SendTo [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Startmenü [2012.07.26 18:25:32 | 000,000,000 | R--D | M] -- C:\Users\Thiede\Videos [2011.11.04 15:21:38 | 000,000,000 | -HSD | M] -- C:\Users\Thiede\Vorlagen ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.30 21:11:03 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Adobe [2011.11.30 22:44:39 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\ASUS WebStorage [2011.11.04 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\ATI [2012.10.08 10:06:40 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Avira [2012.07.26 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\DVDVideoSoft [2012.04.29 19:45:52 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.03 22:53:38 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\FLEXnet [2011.11.04 15:23:00 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Identities [2012.10.18 09:48:09 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\iWin [2011.11.30 21:11:06 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Macromedia [2012.10.13 22:50:12 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Media Center Programs [2012.07.07 23:17:55 | 000,000,000 | --SD | M] -- C:\Users\Thiede\AppData\Roaming\Microsoft [2011.11.30 21:14:46 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Mozilla [2012.01.19 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Nero [2012.01.16 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\NeroDigital [2012.01.03 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Nuance [2012.09.19 20:31:40 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Skype [2012.01.08 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\SoftGrid Client [2012.01.07 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\TP [2011.11.30 21:53:39 | 000,000,000 | ---D | M] -- C:\Users\Thiede\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,027,420 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.13 04:33:23 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.04.13 04:33:24 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.23 09:10:44 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\Users\All Users\Temp:81F83028 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028 @Alternate Data Stream - 133 bytes -> C:\Users\All Users\Temp:5D458568 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568 < End of report > |
|
18.10.2012, 21:01
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet 40 Objekte pup.blabbers Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4020342444-2921358176-3579597292-1001\..\SearchScopes\{EC97BAA4-1DFE-4DA3-8703-E036763BAA77}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=675fab56-9798-4a8a-806e-a2e77ff85b60&apn_sauid=5C5DD616-3923-4336-B7A0-9B9668B9AB39
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\Thiede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found
@Alternate Data Stream - 140 bytes -> C:\Users\All Users\Temp:81F83028
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028
@Alternate Data Stream - 133 bytes -> C:\Users\All Users\Temp:5D458568
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568
:Files
C:\Users\Thiede\AppData\Roaming\BrowserCompanion
C:\Users\Thiede\Downloads\speedupmypc.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 10:34
| #24 |
| | Malwarebytes findet 40 Objekte pup.blabbers Hallo Cosinus, bin mir nicht sicher, ob das so richtig war. Eine ganze Zeit tat sich nichts mehr bei OTL und dann ist mein Rechner einfach runtergefahren. Hier der Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4020342444-2921358176-3579597292-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EC97BAA4-1DFE-4DA3-8703-E036763BAA77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC97BAA4-1DFE-4DA3-8703-E036763BAA77}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Thiede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk moved successfully.
ADS C:\Users\All Users\Temp:81F83028 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:81F83028 .
ADS C:\Users\All Users\Temp:5D458568 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:5D458568 .
========== FILES ==========
File\Folder C:\Users\Thiede\AppData\Roaming\BrowserCompanion not found.
C:\Users\Thiede\Downloads\speedupmypc.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Thiede\Downloads\cmd.bat deleted successfully.
C:\Users\Thiede\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Thiede
->Temp folder emptied: 796447622 bytes
->Temporary Internet Files folder emptied: 246994039 bytes
->Java cache emptied: 19799197 bytes
->FireFox cache emptied: 341336246 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 375549557 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2633382465 bytes
Total Files Cleaned = 4.209,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10192012_110904
Files\Folders moved on Reboot...
C:\Users\Thiede\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
19.10.2012, 11:31
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet 40 Objekte pup.blabbers Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 12:35
| #26 |
| | Malwarebytes findet 40 Objekte pup.blabbers Hier der Log: Code:
ATTFilter 13:18:12.0367 2588 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:18:12.0913 2588 ============================================================
13:18:12.0913 2588 Current date / time: 2012/10/19 13:18:12.0913
13:18:12.0913 2588 SystemInfo:
13:18:12.0913 2588
13:18:12.0913 2588 OS Version: 6.1.7601 ServicePack: 1.0
13:18:12.0913 2588 Product type: Workstation
13:18:12.0913 2588 ComputerName: THIEDE-PC
13:18:12.0913 2588 UserName: Thiede
13:18:12.0913 2588 Windows directory: C:\Windows
13:18:12.0913 2588 System windows directory: C:\Windows
13:18:12.0913 2588 Running under WOW64
13:18:12.0913 2588 Processor architecture: Intel x64
13:18:12.0913 2588 Number of processors: 2
13:18:12.0913 2588 Page size: 0x1000
13:18:12.0913 2588 Boot type: Normal boot
13:18:12.0913 2588 ============================================================
13:18:15.0378 2588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:15.0441 2588 Drive \Device\Harddisk1\DR1 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:18:15.0753 2588 ============================================================
13:18:15.0753 2588 \Device\Harddisk0\DR0:
13:18:15.0753 2588 MBR partitions:
13:18:15.0753 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1005B800
13:18:15.0768 2588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1325C800, BlocksNum 0x121D2000
13:18:15.0768 2588 \Device\Harddisk1\DR1:
13:18:15.0768 2588 MBR partitions:
13:18:15.0768 2588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
13:18:15.0768 2588 ============================================================
13:18:15.0831 2588 C: <-> \Device\Harddisk0\DR0\Partition1
13:18:15.0877 2588 D: <-> \Device\Harddisk0\DR0\Partition2
13:18:15.0940 2588 H: <-> \Device\Harddisk1\DR1\Partition1
13:18:15.0955 2588 ============================================================
13:18:15.0955 2588 Initialize success
13:18:15.0955 2588 ============================================================
13:18:26.0267 3540 ============================================================
13:18:26.0267 3540 Scan started
13:18:26.0267 3540 Mode: Manual; SigCheck; TDLFS;
13:18:26.0267 3540 ============================================================
13:18:29.0309 3540 ================ Scan system memory ========================
13:18:29.0309 3540 System memory - ok
13:18:29.0325 3540 ================ Scan services =============================
13:18:29.0512 3540 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:18:29.0933 3540 1394ohci - ok
13:18:30.0042 3540 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
13:18:30.0089 3540 AAV UpdateService - ok
13:18:30.0136 3540 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:18:30.0183 3540 ACPI - ok
13:18:30.0214 3540 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:18:30.0370 3540 AcpiPmi - ok
13:18:30.0541 3540 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:30.0573 3540 AdobeFlashPlayerUpdateSvc - ok
13:18:30.0635 3540 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:18:30.0713 3540 adp94xx - ok
13:18:30.0729 3540 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:18:30.0791 3540 adpahci - ok
13:18:30.0807 3540 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:18:30.0853 3540 adpu320 - ok
13:18:30.0900 3540 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:18:31.0181 3540 AeLookupSvc - ok
13:18:31.0243 3540 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
13:18:31.0353 3540 AFBAgent - ok
13:18:31.0431 3540 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:18:31.0571 3540 AFD - ok
13:18:31.0618 3540 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:18:31.0649 3540 agp440 - ok
13:18:31.0680 3540 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:18:31.0789 3540 ALG - ok
13:18:31.0821 3540 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:18:31.0852 3540 aliide - ok
13:18:31.0914 3540 [ E5011A136CBF4D6DFFFB7ACA500B0AC0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:18:32.0070 3540 AMD External Events Utility - ok
13:18:32.0164 3540 AMD FUEL Service - ok
13:18:32.0211 3540 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:18:32.0242 3540 amdide - ok
13:18:32.0289 3540 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
13:18:32.0320 3540 amdiox64 - ok
13:18:32.0335 3540 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:18:32.0445 3540 AmdK8 - ok
13:18:32.0803 3540 [ 5CE13723454E7852672B323286D60CC1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:18:33.0365 3540 amdkmdag - ok
13:18:33.0443 3540 [ 7975ED962CCFACA2BAB67A3994131B10 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:18:33.0537 3540 amdkmdap - ok
13:18:33.0583 3540 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:18:33.0661 3540 AmdPPM - ok
13:18:33.0708 3540 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:18:33.0739 3540 amdsata - ok
13:18:33.0755 3540 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:18:33.0802 3540 amdsbs - ok
13:18:33.0833 3540 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:18:33.0864 3540 amdxata - ok
13:18:33.0927 3540 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
13:18:33.0958 3540 amd_sata - ok
13:18:33.0989 3540 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
13:18:34.0020 3540 amd_xata - ok
13:18:34.0301 3540 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:18:34.0348 3540 AntiVirSchedulerService - ok
13:18:34.0395 3540 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:18:34.0426 3540 AntiVirService - ok
13:18:34.0473 3540 [ 596FE09BAE862BF29220FC94075ED1CE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:18:34.0535 3540 AntiVirWebService - ok
13:18:34.0597 3540 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:18:34.0863 3540 AppID - ok
13:18:34.0909 3540 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:18:35.0050 3540 AppIDSvc - ok
13:18:35.0081 3540 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:18:35.0221 3540 Appinfo - ok
13:18:35.0268 3540 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:18:35.0299 3540 arc - ok
13:18:35.0331 3540 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:18:35.0377 3540 arcsas - ok
13:18:35.0471 3540 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
13:18:35.0502 3540 ASLDRService - ok
13:18:35.0549 3540 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
13:18:35.0580 3540 ASMMAP64 - ok
13:18:35.0611 3540 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:18:35.0752 3540 AsyncMac - ok
13:18:35.0799 3540 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:18:35.0830 3540 atapi - ok
13:18:35.0923 3540 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:18:36.0095 3540 athr - ok
13:18:36.0157 3540 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:18:36.0189 3540 AtiHDAudioService - ok
13:18:36.0235 3540 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
13:18:36.0282 3540 ATKGFNEXSrv - ok
13:18:36.0345 3540 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
13:18:36.0376 3540 ATKWMIACPIIO_ - ok
13:18:36.0438 3540 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:18:36.0594 3540 AudioEndpointBuilder - ok
13:18:36.0625 3540 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:18:36.0750 3540 AudioSrv - ok
13:18:36.0813 3540 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:18:36.0859 3540 avgntflt - ok
13:18:36.0891 3540 [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:18:36.0937 3540 avipbb - ok
13:18:36.0969 3540 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:18:37.0000 3540 avkmgr - ok
13:18:37.0078 3540 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:18:37.0249 3540 AxInstSV - ok
13:18:37.0296 3540 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:18:37.0405 3540 b06bdrv - ok
13:18:37.0452 3540 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:18:37.0530 3540 b57nd60a - ok
13:18:37.0608 3540 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:18:37.0655 3540 BBSvc - ok
13:18:37.0686 3540 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:18:37.0795 3540 BDESVC - ok
13:18:37.0827 3540 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:18:37.0983 3540 Beep - ok
13:18:38.0061 3540 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:18:38.0232 3540 BFE - ok
13:18:38.0310 3540 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:18:38.0482 3540 BITS - ok
13:18:38.0529 3540 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:18:38.0622 3540 blbdrive - ok
13:18:38.0669 3540 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:18:38.0778 3540 bowser - ok
13:18:38.0794 3540 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:18:38.0919 3540 BrFiltLo - ok
13:18:38.0950 3540 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:18:39.0012 3540 BrFiltUp - ok
13:18:39.0059 3540 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:18:39.0168 3540 Browser - ok
13:18:39.0215 3540 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:18:39.0324 3540 Brserid - ok
13:18:39.0324 3540 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:18:39.0402 3540 BrSerWdm - ok
13:18:39.0418 3540 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:18:39.0496 3540 BrUsbMdm - ok
13:18:39.0511 3540 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:18:39.0574 3540 BrUsbSer - ok
13:18:39.0636 3540 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:18:39.0886 3540 BthEnum - ok
13:18:39.0948 3540 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:18:40.0026 3540 BTHMODEM - ok
13:18:40.0073 3540 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:18:40.0151 3540 BthPan - ok
13:18:40.0229 3540 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:18:40.0354 3540 BTHPORT - ok
13:18:40.0401 3540 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:18:40.0541 3540 bthserv - ok
13:18:40.0588 3540 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:18:40.0650 3540 BTHUSB - ok
13:18:40.0697 3540 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:18:40.0837 3540 cdfs - ok
13:18:40.0869 3540 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:18:40.0931 3540 cdrom - ok
13:18:40.0993 3540 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:18:41.0118 3540 CertPropSvc - ok
13:18:41.0165 3540 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:18:41.0243 3540 circlass - ok
13:18:41.0290 3540 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:18:41.0352 3540 CLFS - ok
13:18:41.0430 3540 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:18:41.0461 3540 clr_optimization_v2.0.50727_32 - ok
13:18:41.0524 3540 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:18:41.0571 3540 clr_optimization_v2.0.50727_64 - ok
13:18:41.0649 3540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:18:41.0711 3540 clr_optimization_v4.0.30319_32 - ok
13:18:41.0758 3540 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:18:41.0789 3540 clr_optimization_v4.0.30319_64 - ok
13:18:41.0820 3540 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:18:41.0898 3540 CmBatt - ok
13:18:41.0914 3540 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:18:41.0961 3540 cmdide - ok
13:18:42.0007 3540 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:18:42.0132 3540 CNG - ok
13:18:42.0195 3540 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:18:42.0226 3540 Compbatt - ok
13:18:42.0241 3540 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:18:42.0319 3540 CompositeBus - ok
13:18:42.0351 3540 COMSysApp - ok
13:18:42.0382 3540 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:18:42.0413 3540 crcdisk - ok
13:18:42.0460 3540 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:18:42.0553 3540 CryptSvc - ok
13:18:42.0663 3540 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:18:42.0756 3540 cvhsvc - ok
13:18:42.0803 3540 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:18:42.0975 3540 DcomLaunch - ok
13:18:43.0037 3540 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:18:43.0193 3540 defragsvc - ok
13:18:43.0240 3540 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:18:43.0365 3540 DfsC - ok
13:18:43.0411 3540 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:18:43.0552 3540 Dhcp - ok
13:18:43.0583 3540 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:18:43.0755 3540 discache - ok
13:18:43.0801 3540 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:18:43.0848 3540 Disk - ok
13:18:43.0895 3540 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:18:44.0004 3540 Dnscache - ok
13:18:44.0035 3540 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:18:44.0176 3540 dot3svc - ok
13:18:44.0191 3540 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:18:44.0316 3540 DPS - ok
13:18:44.0363 3540 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:18:44.0441 3540 drmkaud - ok
13:18:44.0503 3540 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:18:44.0597 3540 DXGKrnl - ok
13:18:44.0659 3540 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:18:44.0784 3540 EapHost - ok
13:18:44.0909 3540 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:18:45.0112 3540 ebdrv - ok
13:18:45.0143 3540 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:18:45.0221 3540 EFS - ok
13:18:45.0315 3540 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:18:45.0439 3540 ehRecvr - ok
13:18:45.0455 3540 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:18:45.0580 3540 ehSched - ok
13:18:45.0642 3540 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:18:45.0720 3540 elxstor - ok
13:18:45.0736 3540 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:18:45.0798 3540 ErrDev - ok
13:18:45.0861 3540 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
13:18:45.0907 3540 ETD - ok
13:18:45.0970 3540 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:18:46.0110 3540 EventSystem - ok
13:18:46.0157 3540 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:18:46.0282 3540 exfat - ok
13:18:46.0329 3540 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:18:46.0453 3540 fastfat - ok
13:18:46.0516 3540 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:18:46.0641 3540 Fax - ok
13:18:46.0672 3540 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:18:46.0750 3540 fdc - ok
13:18:46.0797 3540 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:18:46.0937 3540 fdPHost - ok
13:18:46.0953 3540 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:18:47.0077 3540 FDResPub - ok
13:18:47.0124 3540 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:18:47.0171 3540 FileInfo - ok
13:18:47.0187 3540 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:18:47.0327 3540 Filetrace - ok
13:18:47.0343 3540 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:18:47.0405 3540 flpydisk - ok
13:18:47.0436 3540 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:18:47.0483 3540 FltMgr - ok
13:18:47.0561 3540 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:18:47.0717 3540 FontCache - ok
13:18:47.0779 3540 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:18:47.0811 3540 FontCache3.0.0.0 - ok
13:18:47.0826 3540 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:18:47.0873 3540 FsDepends - ok
13:18:47.0920 3540 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:18:47.0951 3540 fssfltr - ok
13:18:48.0029 3540 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:18:48.0154 3540 fsssvc - ok
13:18:48.0185 3540 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:18:48.0216 3540 Fs_Rec - ok
13:18:48.0263 3540 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:18:48.0310 3540 fvevol - ok
13:18:48.0341 3540 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:18:48.0372 3540 gagp30kx - ok
13:18:48.0435 3540 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:18:48.0591 3540 gpsvc - ok
13:18:48.0653 3540 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:18:48.0700 3540 gupdate - ok
13:18:48.0747 3540 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:18:48.0778 3540 gupdatem - ok
13:18:48.0825 3540 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:18:48.0856 3540 gusvc - ok
13:18:48.0887 3540 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:18:48.0996 3540 hcw85cir - ok
13:18:49.0059 3540 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:18:49.0137 3540 HdAudAddService - ok
13:18:49.0183 3540 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:18:49.0261 3540 HDAudBus - ok
13:18:49.0293 3540 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:18:49.0371 3540 HidBatt - ok
13:18:49.0386 3540 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:18:49.0433 3540 HidBth - ok
13:18:49.0464 3540 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:18:49.0511 3540 HidIr - ok
13:18:49.0558 3540 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:18:49.0683 3540 hidserv - ok
13:18:49.0714 3540 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:18:49.0792 3540 HidUsb - ok
13:18:49.0839 3540 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:18:49.0963 3540 hkmsvc - ok
13:18:49.0995 3540 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:18:50.0104 3540 HomeGroupListener - ok
13:18:50.0151 3540 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:18:50.0229 3540 HomeGroupProvider - ok
13:18:50.0260 3540 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:18:50.0307 3540 HpSAMD - ok
13:18:50.0338 3540 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:18:50.0509 3540 HTTP - ok
13:18:50.0556 3540 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:18:50.0587 3540 hwpolicy - ok
13:18:50.0619 3540 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:18:50.0665 3540 i8042prt - ok
13:18:50.0712 3540 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:18:50.0775 3540 iaStorV - ok
13:18:50.0853 3540 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:18:50.0946 3540 idsvc - ok
13:18:50.0993 3540 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:18:51.0024 3540 iirsp - ok
13:18:51.0071 3540 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:18:51.0227 3540 IKEEXT - ok
13:18:51.0367 3540 [ DDFADF2FA49C078A9C8270F29D6958B1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:18:51.0586 3540 IntcAzAudAddService - ok
13:18:51.0633 3540 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:18:51.0664 3540 intelide - ok
13:18:51.0695 3540 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:18:51.0757 3540 intelppm - ok
13:18:51.0804 3540 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:18:51.0929 3540 IPBusEnum - ok
13:18:51.0945 3540 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:18:52.0085 3540 IpFilterDriver - ok
13:18:52.0132 3540 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:18:52.0288 3540 iphlpsvc - ok
13:18:52.0303 3540 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:18:52.0366 3540 IPMIDRV - ok
13:18:52.0397 3540 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:18:52.0522 3540 IPNAT - ok
13:18:52.0553 3540 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:18:52.0756 3540 IRENUM - ok
13:18:52.0803 3540 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:18:52.0849 3540 isapnp - ok
13:18:52.0865 3540 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:18:52.0912 3540 iScsiPrt - ok
13:18:52.0943 3540 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:18:52.0974 3540 kbdclass - ok
13:18:52.0990 3540 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:18:53.0052 3540 kbdhid - ok
13:18:53.0115 3540 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
13:18:53.0146 3540 kbfiltr - ok
13:18:53.0177 3540 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:18:53.0208 3540 KeyIso - ok
13:18:53.0239 3540 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:18:53.0271 3540 KSecDD - ok
13:18:53.0302 3540 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:18:53.0333 3540 KSecPkg - ok
13:18:53.0380 3540 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:18:53.0489 3540 ksthunk - ok
13:18:53.0536 3540 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:18:53.0692 3540 KtmRm - ok
13:18:53.0723 3540 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
13:18:53.0801 3540 L1C - ok
13:18:53.0848 3540 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:18:53.0988 3540 LanmanServer - ok
13:18:54.0035 3540 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:18:54.0160 3540 LanmanWorkstation - ok
13:18:54.0207 3540 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:18:54.0331 3540 lltdio - ok
13:18:54.0378 3540 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:18:54.0534 3540 lltdsvc - ok
13:18:54.0550 3540 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:18:54.0675 3540 lmhosts - ok
13:18:54.0737 3540 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:18:54.0768 3540 LSI_FC - ok
13:18:54.0815 3540 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:18:54.0846 3540 LSI_SAS - ok
13:18:54.0862 3540 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:18:54.0909 3540 LSI_SAS2 - ok
13:18:54.0924 3540 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:18:54.0971 3540 LSI_SCSI - ok
13:18:54.0987 3540 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:18:55.0127 3540 luafv - ok
13:18:55.0221 3540 [ 60B3548FFA9A2EAAED75E9F0704DFCE0 ] lxeeCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe
13:18:55.0267 3540 lxeeCATSCustConnectService - ok
13:18:55.0283 3540 lxee_device - ok
13:18:55.0517 3540 [ 035C83CD72E06C47000793D32B1A642D ] massfilter C:\Windows\system32\drivers\massfilter.sys
13:18:55.0642 3540 massfilter - ok
13:18:55.0704 3540 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:18:55.0798 3540 MBAMProtector - ok
13:18:55.0845 3540 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:18:55.0907 3540 MBAMScheduler - ok
13:18:55.0938 3540 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:18:56.0016 3540 MBAMService - ok
13:18:56.0047 3540 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:18:56.0110 3540 Mcx2Svc - ok
13:18:56.0157 3540 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:18:56.0188 3540 megasas - ok
13:18:56.0235 3540 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:18:56.0281 3540 MegaSR - ok
13:18:56.0313 3540 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:18:56.0453 3540 MMCSS - ok
13:18:56.0484 3540 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:18:56.0625 3540 Modem - ok
13:18:56.0671 3540 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:18:56.0734 3540 monitor - ok
13:18:56.0749 3540 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:18:56.0796 3540 mouclass - ok
13:18:56.0827 3540 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:18:56.0890 3540 mouhid - ok
13:18:56.0937 3540 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:18:56.0968 3540 mountmgr - ok
13:18:57.0030 3540 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:18:57.0077 3540 MozillaMaintenance - ok
13:18:57.0108 3540 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:18:57.0155 3540 mpio - ok
13:18:57.0186 3540 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:18:57.0311 3540 mpsdrv - ok
13:18:57.0389 3540 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:18:57.0561 3540 MpsSvc - ok
13:18:57.0576 3540 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:18:57.0654 3540 MRxDAV - ok
13:18:57.0701 3540 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:18:57.0779 3540 mrxsmb - ok
13:18:57.0826 3540 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:18:57.0873 3540 mrxsmb10 - ok
13:18:57.0888 3540 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:18:57.0982 3540 mrxsmb20 - ok
13:18:58.0013 3540 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:18:58.0044 3540 msahci - ok
13:18:58.0075 3540 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:18:58.0122 3540 msdsm - ok
13:18:58.0153 3540 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:18:58.0216 3540 MSDTC - ok
13:18:58.0263 3540 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:18:58.0403 3540 Msfs - ok
13:18:58.0434 3540 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:18:58.0559 3540 mshidkmdf - ok
13:18:58.0590 3540 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:18:58.0621 3540 msisadrv - ok
13:18:58.0668 3540 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:18:58.0809 3540 MSiSCSI - ok
13:18:58.0809 3540 msiserver - ok
13:18:58.0871 3540 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:18:58.0980 3540 MSKSSRV - ok
13:18:58.0996 3540 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:18:59.0121 3540 MSPCLOCK - ok
13:18:59.0152 3540 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:18:59.0261 3540 MSPQM - ok
13:18:59.0308 3540 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:18:59.0355 3540 MsRPC - ok
13:18:59.0386 3540 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:18:59.0433 3540 mssmbios - ok
13:18:59.0448 3540 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:18:59.0589 3540 MSTEE - ok
13:18:59.0604 3540 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:18:59.0682 3540 MTConfig - ok
13:18:59.0713 3540 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:18:59.0745 3540 Mup - ok
13:18:59.0791 3540 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:18:59.0932 3540 napagent - ok
13:18:59.0994 3540 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:19:00.0088 3540 NativeWifiP - ok
13:19:00.0181 3540 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
13:19:00.0259 3540 NAUpdate - ok
13:19:00.0478 3540 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:19:00.0634 3540 NDIS - ok
13:19:00.0759 3540 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:19:00.0946 3540 NdisCap - ok
13:19:00.0993 3540 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:01.0117 3540 NdisTapi - ok
13:19:01.0149 3540 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:01.0273 3540 Ndisuio - ok
13:19:01.0305 3540 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:01.0429 3540 NdisWan - ok
13:19:01.0476 3540 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:19:01.0601 3540 NDProxy - ok
13:19:01.0632 3540 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:19:01.0757 3540 NetBIOS - ok
13:19:01.0788 3540 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:19:01.0913 3540 NetBT - ok
13:19:01.0960 3540 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:19:02.0007 3540 Netlogon - ok
13:19:02.0053 3540 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:19:02.0194 3540 Netman - ok
13:19:02.0225 3540 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:19:02.0365 3540 netprofm - ok
13:19:02.0412 3540 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:19:02.0443 3540 NetTcpPortSharing - ok
13:19:02.0475 3540 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:19:02.0506 3540 nfrd960 - ok
13:19:02.0553 3540 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:19:02.0709 3540 NlaSvc - ok
13:19:02.0740 3540 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:19:02.0849 3540 Npfs - ok
13:19:02.0865 3540 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:19:03.0005 3540 nsi - ok
13:19:03.0036 3540 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:19:03.0177 3540 nsiproxy - ok
13:19:03.0270 3540 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:19:03.0395 3540 Ntfs - ok
13:19:03.0426 3540 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:19:03.0567 3540 Null - ok
13:19:03.0598 3540 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:19:03.0645 3540 nvraid - ok
13:19:03.0676 3540 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:19:03.0707 3540 nvstor - ok
13:19:03.0769 3540 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:19:03.0801 3540 nv_agp - ok
13:19:03.0816 3540 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:19:03.0879 3540 ohci1394 - ok
13:19:03.0941 3540 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:19:03.0988 3540 ose - ok
13:19:04.0191 3540 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:19:04.0534 3540 osppsvc - ok
13:19:04.0565 3540 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:19:04.0690 3540 p2pimsvc - ok
13:19:04.0737 3540 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:19:04.0815 3540 p2psvc - ok
13:19:04.0861 3540 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:19:04.0924 3540 Parport - ok
13:19:04.0971 3540 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:19:05.0017 3540 partmgr - ok
13:19:05.0049 3540 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:19:05.0127 3540 PcaSvc - ok
13:19:05.0158 3540 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:19:05.0205 3540 pci - ok
13:19:05.0220 3540 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:19:05.0251 3540 pciide - ok
13:19:05.0298 3540 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:19:05.0329 3540 pcmcia - ok
13:19:05.0361 3540 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:19:05.0407 3540 pcw - ok
13:19:05.0439 3540 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:19:05.0595 3540 PEAUTH - ok
13:19:05.0704 3540 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:19:05.0766 3540 PerfHost - ok
13:19:05.0891 3540 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:19:06.0078 3540 pla - ok
13:19:06.0156 3540 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:19:06.0250 3540 PlugPlay - ok
13:19:06.0265 3540 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:19:06.0328 3540 PNRPAutoReg - ok
13:19:06.0375 3540 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:19:06.0421 3540 PNRPsvc - ok
13:19:06.0468 3540 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:19:06.0624 3540 PolicyAgent - ok
13:19:06.0655 3540 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:19:06.0796 3540 Power - ok
13:19:06.0843 3540 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:19:06.0967 3540 PptpMiniport - ok
13:19:06.0999 3540 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:19:07.0045 3540 Processor - ok
13:19:07.0108 3540 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:19:07.0186 3540 ProfSvc - ok
13:19:07.0201 3540 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:19:07.0248 3540 ProtectedStorage - ok
13:19:07.0264 3540 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:19:07.0404 3540 Psched - ok
13:19:07.0498 3540 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:19:07.0623 3540 ql2300 - ok
13:19:07.0638 3540 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:19:07.0685 3540 ql40xx - ok
13:19:07.0732 3540 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:19:07.0794 3540 QWAVE - ok
13:19:07.0810 3540 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:19:07.0872 3540 QWAVEdrv - ok
13:19:07.0888 3540 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:19:08.0013 3540 RasAcd - ok
13:19:08.0059 3540 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:19:08.0184 3540 RasAgileVpn - ok
13:19:08.0231 3540 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:19:08.0356 3540 RasAuto - ok
13:19:08.0387 3540 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:19:08.0527 3540 Rasl2tp - ok
13:19:08.0559 3540 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:19:08.0699 3540 RasMan - ok
13:19:08.0715 3540 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:19:08.0839 3540 RasPppoe - ok
13:19:08.0902 3540 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:19:09.0027 3540 RasSstp - ok
13:19:09.0058 3540 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:19:09.0183 3540 rdbss - ok
13:19:09.0229 3540 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:19:09.0307 3540 rdpbus - ok
13:19:09.0323 3540 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:09.0463 3540 RDPCDD - ok
13:19:09.0510 3540 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:19:09.0635 3540 RDPENCDD - ok
13:19:09.0682 3540 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:19:09.0807 3540 RDPREFMP - ok
13:19:09.0838 3540 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:19:09.0947 3540 RDPWD - ok
13:19:09.0978 3540 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:19:10.0009 3540 rdyboost - ok
13:19:10.0056 3540 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:19:10.0181 3540 RemoteAccess - ok
13:19:10.0228 3540 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:19:10.0368 3540 RemoteRegistry - ok
13:19:10.0431 3540 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:19:10.0509 3540 RFCOMM - ok
13:19:10.0524 3540 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:19:10.0649 3540 RpcEptMapper - ok
13:19:10.0680 3540 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:19:10.0743 3540 RpcLocator - ok
13:19:10.0789 3540 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:19:10.0899 3540 RpcSs - ok
13:19:10.0930 3540 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:19:11.0055 3540 rspndr - ok
13:19:11.0101 3540 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:19:11.0148 3540 RSUSBSTOR - ok
13:19:11.0195 3540 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:19:11.0257 3540 RTL8167 - ok
13:19:11.0273 3540 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:19:11.0320 3540 SamSs - ok
13:19:11.0335 3540 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:19:11.0382 3540 sbp2port - ok
13:19:11.0413 3540 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:19:11.0538 3540 SCardSvr - ok
13:19:11.0554 3540 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:19:11.0663 3540 scfilter - ok
13:19:11.0725 3540 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:19:11.0913 3540 Schedule - ok
13:19:11.0959 3540 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:19:12.0069 3540 SCPolicySvc - ok
13:19:12.0100 3540 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:19:12.0225 3540 SDRSVC - ok
13:19:12.0271 3540 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:19:12.0318 3540 SeaPort - ok
13:19:12.0365 3540 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:19:12.0490 3540 secdrv - ok
13:19:12.0521 3540 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:19:12.0646 3540 seclogon - ok
13:19:12.0677 3540 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:19:12.0802 3540 SENS - ok
13:19:12.0849 3540 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:19:12.0942 3540 SensrSvc - ok
13:19:12.0989 3540 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:19:13.0036 3540 Serenum - ok
13:19:13.0051 3540 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:19:13.0114 3540 Serial - ok
13:19:13.0145 3540 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:19:13.0192 3540 sermouse - ok
13:19:13.0270 3540 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:19:13.0395 3540 SessionEnv - ok
13:19:13.0410 3540 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:19:13.0457 3540 sffdisk - ok
13:19:13.0473 3540 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:19:13.0535 3540 sffp_mmc - ok
13:19:13.0551 3540 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:19:13.0597 3540 sffp_sd - ok
13:19:13.0613 3540 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:19:13.0660 3540 sfloppy - ok
13:19:13.0722 3540 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
13:19:13.0800 3540 Sftfs - ok
13:19:13.0863 3540 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:19:13.0925 3540 sftlist - ok
13:19:13.0956 3540 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:19:14.0003 3540 Sftplay - ok
13:19:14.0034 3540 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:19:14.0065 3540 Sftredir - ok
13:19:14.0081 3540 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
13:19:14.0112 3540 Sftvol - ok
13:19:14.0143 3540 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:19:14.0190 3540 sftvsa - ok
13:19:14.0221 3540 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:19:14.0362 3540 SharedAccess - ok
13:19:14.0409 3540 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:19:14.0565 3540 ShellHWDetection - ok
13:19:14.0611 3540 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
13:19:14.0674 3540 SiSGbeLH - ok
13:19:14.0721 3540 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:19:14.0752 3540 SiSRaid2 - ok
13:19:14.0783 3540 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:19:14.0814 3540 SiSRaid4 - ok
13:19:14.0908 3540 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:19:14.0939 3540 SkypeUpdate - ok
13:19:14.0970 3540 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:19:15.0095 3540 Smb - ok
13:19:15.0173 3540 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:19:15.0220 3540 SNMPTRAP - ok
13:19:15.0251 3540 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:19:15.0282 3540 spldr - ok
13:19:15.0345 3540 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:19:15.0469 3540 Spooler - ok
13:19:15.0610 3540 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:19:15.0906 3540 sppsvc - ok
13:19:15.0922 3540 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:19:16.0047 3540 sppuinotify - ok
13:19:16.0093 3540 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:19:16.0234 3540 srv - ok
13:19:16.0265 3540 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:19:16.0312 3540 srv2 - ok
13:19:16.0343 3540 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:19:16.0390 3540 srvnet - ok
13:19:16.0437 3540 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:19:16.0561 3540 SSDPSRV - ok
13:19:16.0577 3540 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:19:16.0702 3540 SstpSvc - ok
13:19:16.0749 3540 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:19:16.0795 3540 stexstor - ok
13:19:16.0842 3540 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:19:16.0951 3540 stisvc - ok
13:19:17.0014 3540 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:19:17.0045 3540 swenum - ok
13:19:17.0076 3540 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:19:17.0248 3540 swprv - ok
13:19:17.0326 3540 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:19:17.0466 3540 SysMain - ok
13:19:17.0482 3540 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:19:17.0544 3540 TabletInputService - ok
13:19:17.0591 3540 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:19:17.0747 3540 TapiSrv - ok
13:19:17.0778 3540 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:19:17.0903 3540 TBS - ok
13:19:18.0012 3540 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:19:18.0153 3540 Tcpip - ok
13:19:18.0262 3540 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:19:18.0387 3540 TCPIP6 - ok
13:19:18.0433 3540 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:19:18.0558 3540 tcpipreg - ok
13:19:18.0589 3540 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:19:18.0683 3540 TDPIPE - ok
13:19:18.0714 3540 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:19:18.0761 3540 TDTCP - ok
13:19:18.0808 3540 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:19:18.0933 3540 tdx - ok
13:19:18.0964 3540 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:19:19.0011 3540 TermDD - ok
13:19:19.0057 3540 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:19:19.0229 3540 TermService - ok
13:19:19.0260 3540 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:19:19.0338 3540 Themes - ok
13:19:19.0354 3540 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:19:19.0463 3540 THREADORDER - ok
13:19:19.0494 3540 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:19:19.0619 3540 TrkWks - ok
13:19:19.0666 3540 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:19:19.0806 3540 TrustedInstaller - ok
13:19:19.0853 3540 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:19.0962 3540 tssecsrv - ok
13:19:20.0009 3540 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:19:20.0087 3540 TsUsbFlt - ok
13:19:20.0103 3540 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:19:20.0149 3540 TsUsbGD - ok
13:19:20.0196 3540 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:19:20.0337 3540 tunnel - ok
13:19:20.0352 3540 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:19:20.0383 3540 uagp35 - ok
13:19:20.0415 3540 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:19:20.0571 3540 udfs - ok
13:19:20.0633 3540 [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
13:19:20.0680 3540 UI Assistant Service - ok
13:19:20.0711 3540 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:19:20.0773 3540 UI0Detect - ok
13:19:20.0820 3540 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:19:20.0867 3540 uliagpkx - ok
13:19:20.0898 3540 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:19:20.0961 3540 umbus - ok
13:19:20.0976 3540 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:19:21.0039 3540 UmPass - ok
13:19:21.0085 3540 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:19:21.0241 3540 upnphost - ok
13:19:21.0288 3540 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:19:21.0335 3540 usbccgp - ok
13:19:21.0382 3540 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:19:21.0460 3540 usbcir - ok
13:19:21.0507 3540 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:19:21.0569 3540 usbehci - ok
13:19:21.0616 3540 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
13:19:21.0663 3540 usbfilter - ok
13:19:21.0694 3540 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:19:21.0756 3540 usbhub - ok
13:19:21.0803 3540 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:19:21.0850 3540 usbohci - ok
13:19:21.0881 3540 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:19:21.0943 3540 usbprint - ok
13:19:22.0006 3540 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:19:22.0068 3540 usbscan - ok
13:19:22.0115 3540 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:22.0177 3540 USBSTOR - ok
13:19:22.0209 3540 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:19:22.0255 3540 usbuhci - ok
13:19:22.0318 3540 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:19:22.0380 3540 usbvideo - ok
13:19:22.0427 3540 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:19:22.0552 3540 UxSms - ok
13:19:22.0583 3540 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:19:22.0630 3540 VaultSvc - ok
13:19:22.0645 3540 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:19:22.0677 3540 vdrvroot - ok
13:19:22.0708 3540 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:19:22.0848 3540 vds - ok
13:19:22.0895 3540 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:22.0942 3540 vga - ok
13:19:22.0957 3540 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:19:23.0067 3540 VgaSave - ok
13:19:23.0098 3540 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:19:23.0145 3540 vhdmp - ok
13:19:23.0160 3540 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:19:23.0191 3540 viaide - ok
13:19:23.0223 3540 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:19:23.0269 3540 volmgr - ok
13:19:23.0301 3540 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:19:23.0347 3540 volmgrx - ok
13:19:23.0363 3540 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:19:23.0410 3540 volsnap - ok
13:19:23.0441 3540 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:19:23.0488 3540 vsmraid - ok
13:19:23.0566 3540 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:19:23.0769 3540 VSS - ok
13:19:23.0800 3540 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:19:23.0862 3540 vwifibus - ok
13:19:23.0894 3540 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:19:23.0972 3540 vwififlt - ok
13:19:24.0018 3540 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:19:24.0096 3540 vwifimp - ok
13:19:24.0159 3540 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:19:24.0315 3540 W32Time - ok
13:19:24.0346 3540 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:19:24.0393 3540 WacomPen - ok
13:19:24.0440 3540 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:19:24.0580 3540 WANARP - ok
13:19:24.0580 3540 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:19:24.0689 3540 Wanarpv6 - ok
13:19:24.0783 3540 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:19:24.0954 3540 wbengine - ok
13:19:24.0970 3540 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:19:25.0048 3540 WbioSrvc - ok
13:19:25.0079 3540 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:19:25.0173 3540 wcncsvc - ok
13:19:25.0204 3540 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:19:25.0298 3540 WcsPlugInService - ok
13:19:25.0329 3540 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:19:25.0376 3540 Wd - ok
13:19:25.0422 3540 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
13:19:25.0516 3540 WDC_SAM - ok
13:19:25.0547 3540 [ 6209C98EAA7D003DBEA3EB3245211342 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
13:19:25.0594 3540 WDDMService ( UnsignedFile.Multi.Generic ) - warning
13:19:25.0594 3540 WDDMService - detected UnsignedFile.Multi.Generic (1)
13:19:25.0641 3540 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:19:25.0719 3540 Wdf01000 - ok
13:19:25.0844 3540 [ A787A567B3470C91C487ECE90CF7509C ] WDFME C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
13:19:25.0922 3540 WDFME ( UnsignedFile.Multi.Generic ) - warning
13:19:25.0922 3540 WDFME - detected UnsignedFile.Multi.Generic (1)
13:19:25.0968 3540 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:19:26.0124 3540 WdiServiceHost - ok
13:19:26.0124 3540 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:19:26.0187 3540 WdiSystemHost - ok
13:19:26.0249 3540 [ 3E2B446BFD98EE3AB236FE9E84F35489 ] WDSC C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
13:19:26.0296 3540 WDSC ( UnsignedFile.Multi.Generic ) - warning
13:19:26.0296 3540 WDSC - detected UnsignedFile.Multi.Generic (1)
13:19:26.0358 3540 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:19:26.0436 3540 WebClient - ok
13:19:26.0452 3540 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:19:26.0592 3540 Wecsvc - ok
13:19:26.0608 3540 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:19:26.0733 3540 wercplsupport - ok
13:19:26.0764 3540 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:19:26.0904 3540 WerSvc - ok
13:19:26.0920 3540 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:19:27.0029 3540 WfpLwf - ok
13:19:27.0060 3540 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:19:27.0107 3540 WimFltr - ok
13:19:27.0154 3540 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:19:27.0185 3540 WIMMount - ok
13:19:27.0201 3540 WinDefend - ok
13:19:27.0216 3540 WinHttpAutoProxySvc - ok
13:19:27.0294 3540 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:19:27.0419 3540 Winmgmt - ok
13:19:27.0528 3540 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:19:27.0747 3540 WinRM - ok
13:19:27.0840 3540 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:19:27.0903 3540 WinUsb - ok
13:19:27.0965 3540 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:19:28.0074 3540 Wlansvc - ok
13:19:28.0152 3540 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:19:28.0184 3540 wlcrasvc - ok
13:19:28.0308 3540 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:19:28.0480 3540 wlidsvc - ok
13:19:28.0496 3540 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:19:28.0558 3540 WmiAcpi - ok
13:19:28.0620 3540 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:19:28.0683 3540 wmiApSrv - ok
13:19:28.0714 3540 WMPNetworkSvc - ok
13:19:28.0745 3540 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:19:28.0808 3540 WPCSvc - ok
13:19:28.0839 3540 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:19:28.0901 3540 WPDBusEnum - ok
13:19:28.0948 3540 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:19:29.0073 3540 ws2ifsl - ok
13:19:29.0104 3540 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:19:29.0198 3540 wscsvc - ok
13:19:29.0213 3540 WSearch - ok
13:19:29.0338 3540 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:19:29.0510 3540 wuauserv - ok
13:19:29.0541 3540 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:19:29.0681 3540 WudfPf - ok
13:19:29.0744 3540 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:29.0868 3540 WUDFRd - ok
13:19:29.0915 3540 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:19:30.0024 3540 wudfsvc - ok
13:19:30.0056 3540 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:19:30.0134 3540 WwanSvc - ok
13:19:30.0196 3540 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:19:30.0290 3540 ZTEusbmdm6k - ok
13:19:30.0305 3540 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:19:30.0352 3540 ZTEusbnmea - ok
13:19:30.0368 3540 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:19:30.0399 3540 ZTEusbser6k - ok
13:19:30.0430 3540 ================ Scan global ===============================
13:19:30.0446 3540 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:19:30.0492 3540 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:19:30.0524 3540 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:19:30.0555 3540 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:19:30.0586 3540 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:19:30.0602 3540 [Global] - ok
13:19:30.0602 3540 ================ Scan MBR ==================================
13:19:30.0617 3540 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:19:31.0132 3540 \Device\Harddisk0\DR0 - ok
13:19:31.0148 3540 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:19:31.0694 3540 \Device\Harddisk1\DR1 - ok
13:19:31.0694 3540 ================ Scan VBR ==================================
13:19:31.0694 3540 [ 6FBA0CF1E5EDE232FB9E0D47377E0B16 ] \Device\Harddisk0\DR0\Partition1
13:19:31.0694 3540 \Device\Harddisk0\DR0\Partition1 - ok
13:19:31.0787 3540 [ F7461AF2CA2A1B55F86CB9D47B59A398 ] \Device\Harddisk0\DR0\Partition2
13:19:31.0787 3540 \Device\Harddisk0\DR0\Partition2 - ok
13:19:31.0803 3540 [ A7DEB1C04CA082D91A2B87A0C4959728 ] \Device\Harddisk1\DR1\Partition1
13:19:31.0818 3540 \Device\Harddisk1\DR1\Partition1 - ok
13:19:31.0818 3540 ============================================================
13:19:31.0818 3540 Scan finished
13:19:31.0818 3540 ============================================================
13:19:31.0850 4772 Detected object count: 3
13:19:31.0850 4772 Actual detected object count: 3
13:31:15.0432 4772 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:15.0432 4772 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:15.0447 4772 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:15.0447 4772 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:15.0447 4772 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:15.0447 4772 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.10.2012, 15:02
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet 40 Objekte pup.blabbers Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 21:43
| #28 |
| | Malwarebytes findet 40 Objekte pup.blabbers Oh mann, gut, dass ich Dir so blind vertraue... vielen Dank, das sieht alles sehr professionell aus und ich fühle mich in sehr guten Händen!!! Code:
ATTFilter ComboFix 12-10-19.01 - Thiede 19.10.2012 22:15:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1644.734 [GMT 2:00]
ausgeführt von:: c:\users\Thiede\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Thiede\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-19 bis 2012-10-19 ))))))))))))))))))))))))))))))
.
.
2012-10-19 20:30 . 2012-10-19 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 09:10 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D96863FF-25EB-40CA-AEFE-DB2FA3997467}\mpengine.dll
2012-10-19 09:09 . 2012-10-19 09:09 -------- d-----w- C:\_OTL
2012-10-18 07:50 . 2012-10-18 07:50 -------- d-----w- c:\users\Thiede\AppData\Local\2DBoy
2012-10-18 07:50 . 2012-10-18 07:50 -------- d-----w- c:\programdata\2DBoy
2012-10-18 07:48 . 2012-10-18 07:48 -------- d-----w- c:\users\Thiede\AppData\Roaming\iWin
2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:\program files (x86)\ESET
2012-10-14 10:36 . 2012-10-14 10:36 -------- d-----w- c:\program files (x86)\7-Zip
2012-10-13 20:50 . 2012-10-13 20:50 -------- d-----w- c:\users\Thiede\AppData\Roaming\Malwarebytes
2012-10-13 20:49 . 2012-10-13 20:49 -------- d-----w- c:\programdata\Malwarebytes
2012-10-13 20:49 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-13 20:49 . 2012-10-13 20:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-10 07:40 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 07:40 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 07:40 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 07:40 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 07:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 07:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 07:38 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 07:38 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 07:38 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 07:38 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 07:38 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 07:38 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-08 17:41 . 2012-08-25 02:00 266720 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-10-08 17:41 . 2012-08-25 01:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-08 17:41 . 2012-08-25 01:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-10-08 17:41 . 2012-08-25 01:59 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-10-08 17:41 . 2012-08-25 01:59 192592 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-08 17:41 . 2012-08-25 01:59 114144 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-10-08 17:41 . 2012-08-25 01:59 2289120 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-10-08 17:41 . 2012-08-25 01:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-08 08:06 . 2012-10-08 08:06 -------- d-----w- c:\users\Thiede\AppData\Roaming\Avira
2012-10-08 07:58 . 2012-10-01 15:14 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-08 07:58 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-08 07:58 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-08 07:58 . 2012-10-08 08:00 -------- d-----w- c:\programdata\Avira
2012-10-08 07:58 . 2012-10-08 07:58 -------- d-----w- c:\program files (x86)\Avira
2012-09-26 08:45 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 17:48 . 2012-04-06 12:36 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 07:49 . 2012-04-23 07:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 07:49 . 2012-01-08 10:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-08 16:43 . 2012-09-08 16:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 16:43 . 2012-08-15 20:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 16:43 . 2012-04-18 07:08 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 13:05 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:05 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:05 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:05 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 07:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 13:05 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 13:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2011-08-25 153424]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-7-19 12862]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-01-18 250984]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-22 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-15 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-09-25 554784]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2011-08-25 270672]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-22 10721280]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-22 327168]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-04 436840]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 48765846
*Deregistered* - 48765846
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 07:49]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-28 2264168]
"lxeemon.exe"="c:\program files (x86)\Lexmark Pro700 Series\lxeemon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro700 Series\ezprint.exe" [2011-01-23 148280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Thiede\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Thiede\AppData\Roaming\Mozilla\Firefox\Profiles\e4vejbej.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-19 22:38:42
ComboFix-quarantined-files.txt 2012-10-19 20:38
.
Vor Suchlauf: 10 Verzeichnis(se), 26.283.094.016 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 26.134.106.112 Bytes frei
.
- - End Of File - - EC308B07A5D061BE6366F39F8CAD2EF7
|
|
21.10.2012, 11:50
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet 40 Objekte pup.blabbers Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 21:15
| #30 |
| | Malwarebytes findet 40 Objekte pup.blabbers GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-21 21:38:23
Windows 6.1.7601 Service Pack 1
Running: cnvwpckl.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:55:40 on 21.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files (x86)\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files (x86)\Google\Update\GoogleUpdate.exe File exists |||||| "Adobe Flash Player Updater.job" "Adobe Systems Incorporated" C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "ASMMAP64" (ASMMAP64) "ASUS" C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys File exists "ATKWMIACPI Driver_" (ATKWMIACPIIO_) "ASUS" C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys File exists "avgntflt" (avgntflt) "Avira Operations GmbH & Co. KG" C:\Windows\System32\DRIVERS\avgntflt.sys File exists "avipbb" (avipbb) "Avira Operations GmbH & Co. KG" C:\Windows\System32\DRIVERS\avipbb.sys File exists "avkmgr" (avkmgr) "Avira Operations GmbH & Co. KG" C:\Windows\System32\DRIVERS\avkmgr.sys File exists "catchme" (catchme) C:\ComboFix\catchme.sys File not found |||||| "FssFltr" (fssfltr) "Microsoft Corporation" C:\Windows\System32\DRIVERS\fssfltr.sys File exists "MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\Windows\system32\drivers\mbam.sys File exists "Sftfs" (Sftfs) "Microsoft Corporation" C:\Windows\System32\DRIVERS\Sftfslh.sys File exists "Sftplay" (Sftplay) "Microsoft Corporation" C:\Windows\System32\DRIVERS\Sftplaylh.sys File exists "Sftredir" (Sftredir) "Microsoft Corporation" C:\Windows\System32\DRIVERS\Sftredirlh.sys File exists "Sftvol" (Sftvol) "Microsoft Corporation" C:\Windows\System32\DRIVERS\Sftvollh.sys File exists || "WimFltr" (WimFltr) "Microsoft Corporation" C:\Windows\System32\DRIVERS\wimfltr.sys File exists Explorer HKLM\Software\Classes\Protocols\Filter |||||| {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File exists |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File exists |||| {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" "Skype Technologies S.A." C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists |||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Program Files (x86)\7-Zip\7-zip.dll File exists {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" File not found | COM-object registry key not found |||||| {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" "Microsoft Corporation" C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL File exists |||||| {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" "Microsoft Corporation" C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll File exists |||||| {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL File exists {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found |||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" File not found | COM-object registry key not found |||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File exists {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll File exists |||| {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" "Skype Technologies S.A." C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists |||||| {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" "Microsoft Corporation" C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||| {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" "Microsoft Corporation." C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll File exists |||| "Google Toolbar" "Google Inc." C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File exists |||| "Lexmark Symbolleiste" C:\Program Files\Lexmark Toolbar\toolband.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||| {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" "Microsoft Corporation." C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll File exists |||| {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" "Google Inc." C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File exists |||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File exists {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Oracle Corporation" C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File exists {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Oracle Corporation" C:\Program Files (x86)\Java\jre7\bin\ssv.dll File exists |||| {D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " C:\Program Files\Lexmark Printable Web\bho.dll File exists |||| {1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" C:\Program Files\Lexmark Toolbar\toolband.dll File exists |||||| {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" "Microsoft Corporation" C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL File exists |||| {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" "Skype Technologies S.A." C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" "Microsoft Corp." C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists LSA Providers HKLM\SYSTEM\CurrentControlSet\Control\Lsa |||||| "Security Packages" "Microsoft Corp." C:\Windows\system32\livessp.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Thiede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup "AsusVibeLauncher.lnk" C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe Shortcut exists | File exists |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists "FancyStart daemon.lnk" "ASUSTeK Computer Inc." C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe Shortcut exists | File exists "WDDMStatus.lnk" C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe Shortcut exists | File not found HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run "ASUSPRP" "ASUSTek Computer Inc." "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" File exists |||| "ASUSWebStorage" "ecareme" C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S File exists "ATKMEDIA" "ASUS" C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe File exists "ATKOSD2" "ASUSTek Computer Inc." C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe File exists "avgnt" "Avira Operations GmbH & Co. KG" "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "HControlUser" "ASUS" C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe File exists |||| "Nuance PDF Reader-reminder" "Nuance Communications, Inc." "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" File exists |||| "SMSTray" "SAMSUNG ELECTRONICS" C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe File exists || "SonicMasterTray" "Virage Logic Corporation / Sonic Focus" C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe File exists "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" File exists "UIExec" "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe" File found, but it contains no detailed information |||| "UpdateLBPShortCut" "CyberLink Corp." "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" File exists |||| "UpdateP2GoShortCut" "CyberLink Corp." "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" File exists "Wireless Console 3" "ASUSTeK Computer Inc." C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe File exists Services HKLM\SYSTEM\CurrentControlSet\Services "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) C:\Program Files (x86)\Windows Defender\mpsvc.dll File not found "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" File not found |||||| "@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) "Nero AG" C:\Program Files (x86)\Nero\Update\NASvc.exe File exists || "AAV UpdateService" (AAV UpdateService) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe File exists |||||| "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) "Adobe Systems Incorporated" C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe File exists |||||| "AFBAgent" (AFBAgent) "ASUSTeK Computer Inc." C:\Windows\system32\FBAgent.exe File exists "AMD FUEL Service" (AMD FUEL Service) "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe File exists "Application Virtualization Client" (sftlist) "Microsoft Corporation" C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe File exists "Application Virtualization Service Agent" (sftvsa) "Microsoft Corporation" C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe File exists "ASLDR Service" (ASLDRService) "ASUS" C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe File exists |||||| "ATKGFNEX Service" (ATKGFNEXSrv) "ASUS" C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe File exists "Avira Browser-Schutz" (AntiVirWebService) "Avira Operations GmbH & Co. KG" C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE File exists "Avira Echtzeit-Scanner" (AntiVirService) "Avira Operations GmbH & Co. KG" C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe File exists "Avira Planer" (AntiVirSchedulerService) "Avira Operations GmbH & Co. KG" C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe File exists |||| "Bing Bar Update Service" (BBSvc) "Microsoft Corporation." C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE File exists |||||| "Client Virtualization Handler" (cvhsvc) "Microsoft Corporation" C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE File exists |||| "Google Software Updater" (gusvc) "Google" C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files (x86)\Google\Update\GoogleUpdate.exe File exists |||| "Google Update-Dienst (gupdatem)" (gupdatem) "Google Inc." C:\Program Files (x86)\Google\Update\GoogleUpdate.exe File exists "MBAMScheduler" (MBAMScheduler) "Malwarebytes Corporation" C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe File exists "MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists "Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Office Software Protection Platform" (osppsvc) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE File exists |||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE File exists |||||| "Skype Updater" (SkypeUpdate) "Skype Technologies" C:\Program Files (x86)\Skype\Updater\Updater.exe File exists "UI Assistant Service" (UI Assistant Service) C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe File found, but it contains no detailed information |||||| "WD File Management Engine" (WDFME) C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe File exists |||||| "WD File Management Shadow Engine" (WDSC) C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe File exists |||||| "WDDMService" (WDDMService) "WDC" C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe File exists |||||| "Windows Live Family Safety Service" (fsssvc) "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe File exists |||||| "Windows Live ID Sign-in Assistant" (wlidsvc) "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "WindowsLive Local NSP" "Microsoft Corp." C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists |||||| "WindowsLive NSP" "Microsoft Corp." C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries "AVSDA" "Avira Operations GmbH & Co. KG" C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 22:12:14
-----------------------------
22:12:14.881 OS Version: Windows x64 6.1.7601 Service Pack 1
22:12:14.882 Number of processors: 2 586 0x100
22:12:14.885 ComputerName: THIEDE-PC UserName: Thiede
22:12:15.763 Initialize success
22:12:36.855 AVAST engine defs: 12102100
22:12:44.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
22:12:44.156 Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 11
22:12:44.287 Disk 0 MBR read successfully
22:12:44.296 Disk 0 MBR scan
22:12:44.313 Disk 0 Windows 7 default MBR code
22:12:44.333 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
22:12:44.367 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 131255 MB offset 52430848
22:12:44.381 Disk 0 Partition - 00 0F Extended LBA 148389 MB offset 321241088
22:12:44.417 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 148388 MB offset 321243136
22:12:44.484 Disk 0 scanning C:\Windows\system32\drivers
22:13:05.801 Service scanning
22:13:46.071 Modules scanning
22:13:46.100 Disk 0 trace - called modules:
22:13:46.552 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
22:13:46.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800243d060]
22:13:46.586 3 CLASSPNP.SYS[fffff8800190343f] -> nt!IofCallDriver -> [0xfffffa8002319040]
22:13:46.601 5 amd_xata.sys[fffff8800110f8b4] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa8001dfb290]
22:13:46.616 Scan finished successfully
22:14:10.898 Disk 0 MBR has been saved successfully to "C:\Users\Thiede\Desktop\MBR.dat"
22:14:10.915 The log file has been saved successfully to "C:\Users\Thiede\Desktop\aswMBR.txt"
|
|
| Themen zu Malwarebytes findet 40 Objekte pup.blabbers |
| abges, abgestürzt, ausführen, compu, computer, dankbar, dateien, defogger, einzelne, einzelnen, geschlossen, helfer, installier, laptop, liebe, malwarebytes, nichts, objekte, pup.blabbers, quarantäne, schicke, schicken, schritte, thread, wirklich |
Linear-Darstellung
