Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ATRAPS.gen2 von AVIRA gemeldet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.10.2012, 06:55   #1
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Seit ner Stunde meldet mein AVIRA ne INfektion mit ATRAPS.gen2


Im Anhang die Logdatei von Malwarebytes.
Hoffe dat kann man wieder gerade biegen.


Gruß

Andi
Angehängte Dateien
Dateityp: txt mbam-log-2012-10-23 (07-48-04).txt (2,8 KB, 209x aufgerufen)

Alt 23.10.2012, 07:39   #2
Psychotic
/// Malwareteam
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: defogger



Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: OTL


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread



Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 4: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 23.10.2012, 11:42   #3
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Ok, hier die OTL Datei:

Code:
ATTFilter
OTL logfile created on: 23.10.2012 12:28:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas Tickert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,85% Memory free
7,71 Gb Paging File | 5,66 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 44,10 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 235,28 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
 
Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.23 12:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe
PRC - [2012.10.13 14:23:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.09 18:33:28 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.08.08 18:39:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.27 13:41:02 | 001,073,744 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2012.04.27 13:41:02 | 000,884,816 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.20 08:56:19 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.24 05:14:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.27 05:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.10.26 19:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.08.12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.07.06 23:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.13 14:23:14 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.10.09 18:33:27 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.06.14 18:53:54 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 18:53:43 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
MOD - [2012.06.14 13:39:58 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012.06.14 13:39:47 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012.06.14 13:39:45 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.14 13:39:38 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012.06.14 13:39:36 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.11 17:32:52 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll
MOD - [2012.05.11 17:32:44 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012.05.11 17:32:25 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
MOD - [2012.05.11 17:31:13 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
MOD - [2012.05.11 17:31:13 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.11 17:31:12 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012.05.11 17:31:12 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
MOD - [2012.05.11 17:31:11 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 17:31:11 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012.05.11 17:31:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012.05.11 07:51:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 07:48:52 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.11 07:48:43 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.11 07:48:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 07:48:36 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.11 07:48:34 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 07:48:29 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.11.11 10:29:13 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2012.10.13 14:23:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 18:33:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe -- (STacSV)
SRV - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011.03.26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011.03.26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011.03.26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 04:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.27 05:39:45 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.11.13 11:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.10.26 06:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.02.24 20:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/19 23:23:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M]
 
[2012.08.05 21:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Extensions
[2012.10.23 09:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions
[2012.10.05 15:03:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.12 18:49:12 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.09.12 18:39:52 | 000,003,915 | ---- | M] () -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\firefox\profiles\wkarz4j6.default\searchplugins\sweetim.xml
[2012.10.13 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.13 14:23:11 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2012.10.13 14:23:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.13 14:23:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.31 11:51:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 11:51:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.31 11:51:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 11:51:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 11:51:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 11:51:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [UNINST1] rundll32 c:\users\andrea~1\appdata\local\temp\uninstmanager.dll,UninstallFinalizeFromNonMsiCaller {AC76BA86-0000-0000-0000-000000000000} File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266B6562-B205-4206-BD0C-CC0327319233}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3bd14919-037a-11e0-8aef-20cf3062b3b1}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd14919-037a-11e0-8aef-20cf3062b3b1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c100d1dd-77e4-11e0-9bbe-20cf3062b3b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c100d1dd-77e4-11e0-9bbe-20cf3062b3b1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1D37E1D2-4097-AACE-5788-E8742E670540} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 12:29:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.10.23 12:28:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe
[2012.10.23 12:26:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe
[2012.10.23 07:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012.10.22 17:10:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\Documents\Updater
[2012.10.22 17:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.10.22 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012.10.22 16:58:45 | 000,000,000 | ---D | C] -- C:\Programme
[2012.10.16 17:12:31 | 000,179,136 | ---- | C] (Q+E Software, Inc.) -- C:\Windows\SysWow64\Tbdbf04.dll
[2012.10.13 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.05 15:04:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\TuneUp Software
[2012.10.05 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.05 15:04:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.05 15:04:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.30 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\.phet
[2012.09.30 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chemie - Aber Sicher
[2012.09.30 16:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chemie_Aber_Sicher
[2012.09.30 15:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2012.09.30 15:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chisela 5
[2012.09.30 15:56:24 | 000,229,376 | ---- | C] (dBASE Inc.) -- C:\Windows\SysWow64\Resource.DLL
[2012.09.30 15:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chisela 5
[2012.09.29 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.09.29 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Local\Apple
[2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.09.29 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\Klett
[2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klett
[2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klett
[2012.09.29 12:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.14 20:33:16 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 12:28:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe
[2012.10.23 12:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe
[2012.10.23 12:26:28 | 000,000,000 | ---- | M] () -- C:\Users\Andreas Tickert\defogger_reenable
[2012.10.23 12:19:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 11:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 08:43:10 | 000,050,477 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe
[2012.10.23 07:44:05 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 07:44:05 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 07:36:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 07:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 07:35:56 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 07:22:18 | 000,000,014 | ---- | M] () -- C:\end
[2012.10.22 19:38:27 | 000,002,326 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.10.22 19:38:19 | 000,001,353 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.10.22 19:38:02 | 000,418,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.21 12:10:20 | 000,000,584 | ---- | M] () -- C:\Users\Andreas Tickert\Documents\grstyles.stl
[2012.10.17 18:59:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.17 18:59:19 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.17 18:59:19 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.17 18:59:19 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.17 18:59:19 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.05 23:40:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.29 12:50:30 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk
[2012.09.29 12:43:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.09.29 12:41:11 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk
[2012.09.27 13:18:54 | 001,319,805 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\DSCF8611.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 12:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Andreas Tickert\defogger_reenable
[2012.10.23 08:43:09 | 000,050,477 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe
[2012.10.23 07:22:01 | 000,000,014 | ---- | C] () -- C:\end
[2012.10.22 17:03:59 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012.10.16 17:12:32 | 000,000,440 | ---- | C] () -- C:\Windows\SysWow64\Qeasymtx.lic
[2012.09.30 15:56:34 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2012.09.30 15:56:34 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL
[2012.09.30 15:56:24 | 004,120,608 | ---- | C] () -- C:\Windows\SysWow64\db2kRUN.EXE
[2012.09.30 15:56:24 | 000,423,936 | ---- | C] () -- C:\Windows\SysWow64\db2kr_de.DLL
[2012.09.29 12:50:30 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk
[2012.09.29 12:43:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.09.29 12:42:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.29 12:41:11 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk
[2012.04.15 11:07:55 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012.03.21 22:57:02 | 000,002,054 | ---- | C] () -- C:\Users\Andreas Tickert\.powerupdate.user.properties
[2012.03.11 17:47:43 | 000,000,066 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2012.02.13 14:24:54 | 000,293,712 | ---- | C] () -- C:\Windows\SysWow64\Tbsql03.dll
[2012.02.13 14:24:54 | 000,246,368 | ---- | C] () -- C:\Windows\SysWow64\Tbqry03.dll
[2012.02.13 14:24:54 | 000,145,696 | ---- | C] () -- C:\Windows\SysWow64\Tblib.dll
[2012.02.13 14:24:54 | 000,090,688 | ---- | C] () -- C:\Windows\SysWow64\Tbutl03.dll
[2012.02.13 14:24:54 | 000,014,512 | ---- | C] () -- C:\Windows\SysWow64\Tbgui03.dll
[2012.02.13 14:24:54 | 000,005,488 | ---- | C] () -- C:\Windows\SysWow64\Tbmds03.dll
[2011.01.06 12:02:16 | 000,003,584 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.26 20:35:00 | 000,000,360 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Roaming\burnaware.ini
[2010.12.26 20:29:25 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2010.12.09 11:43:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.20 08:35:12 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\@
[2012.10.23 07:36:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L
[2012.10.23 07:40:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U
[2012.10.23 07:36:05 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\00000004.@
[2012.10.23 07:20:21 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000004.@
[2012.10.23 07:40:41 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000008.@
[2012.10.23 07:40:37 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\000000cb.@
[2012.10.23 07:40:37 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000000.@
[2012.10.23 07:24:19 | 000,087,040 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000032.@
[2012.10.23 07:29:10 | 000,073,216 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000064.@
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.23 07:36:02 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012.10.23 07:36:02 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.25 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Advanced Chemistry Development
[2010.12.09 11:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Asus WebStorage
[2011.03.20 10:48:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Audacity
[2012.01.06 10:17:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Canneverbe Limited
[2012.09.14 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\CmapTools
[2012.10.05 15:03:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoft
[2012.04.28 11:35:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.17 18:39:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\EndNote
[2012.05.18 20:01:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Iminent
[2012.09.29 12:52:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Klett
[2012.10.05 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\OpenCandy
[2011.11.09 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\PacificPoker
[2011.11.21 12:20:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\PanoramaStudio2
[2012.09.06 11:20:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Party
[2012.08.09 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\pdfforge
[2012.10.05 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.12.09 11:32:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.25 10:56:23 | 000,000,000 | ---D | M] -- C:\ACDFREE12
[2010.12.24 17:24:27 | 000,000,000 | ---D | M] -- C:\AMD
[2010.12.09 11:33:13 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2010.12.24 17:28:51 | 000,000,000 | ---D | M] -- C:\ATI
[2011.07.24 18:31:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.20 08:56:39 | 000,000,000 | ---D | M] -- C:\eSupport
[2010.09.20 08:43:13 | 000,000,000 | ---D | M] -- C:\Intel
[2010.12.13 10:27:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.26 20:30:20 | 000,000,000 | ---D | M] -- C:\output media
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.08 10:54:45 | 000,000,000 | ---D | M] -- C:\Poker
[2012.09.10 20:31:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.23 07:22:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.23 07:53:13 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.23 07:53:11 | 000,000,000 | ---D | M] -- C:\Programme
[2011.12.20 19:58:21 | 000,000,000 | ---D | M] -- C:\Programs
[2010.12.09 11:23:31 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.23 12:30:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.20 15:12:00 | 000,000,000 | ---D | M] -- C:\UserData
[2010.12.09 11:25:07 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.16 17:14:43 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.09.20 08:41:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.09.20 08:29:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.09.20 08:41:42 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.09.20 08:29:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.09.20 08:41:42 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.09.20 08:29:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.09.20 08:41:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.09.20 08:29:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.09.20 08:41:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.09.20 08:41:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.20 08:33:58 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.09.20 08:33:59 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.01.22 00:40:09 | 000,000,334 | ---- | C] () -- C:\Windows\Tasks\MT66 Software Update.job
[2012.04.02 08:34:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         
Und noch die Extra.txt Datei:



Code:
ATTFilter
OTL Extras logfile created on: 23.10.2012 12:28:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas Tickert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,85% Memory free
7,71 Gb Paging File | 5,66 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 44,10 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 235,28 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
 
Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PanoramaStudio2" = PanoramaStudio 2.2 ((deinstallieren))
"PDF-XChange 3_is1" = PDF-XChange 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1" = Chemie_Aber_Sicher Version 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A505EBCB-C827-433F-B5A1-D242F20A4B23}" = Elemente Chemie Multimedial 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB91071A-F029-4B98-B6EE-EBA3AB14D530}" = Elemente Chemie Multimedial 2
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2739D43-F30E-4294-87C1-0F814CCEB9E9}" = Catalyst Control Center InstallProxy
"{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chisela 5_is1" = Chisela 5.2.2
"DealPly" = DealPly
"Diablo III" = Diablo III
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.25.423
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.1004
"Google Chrome" = Google Chrome
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IMBoosterARP" = Iminent
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PartyPoker" = PartyPoker
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rainlendar2" = Rainlendar2 (remove only)
"RB-DATA Notentabelle für Excel_is1" = RB-DATA Notentabelle für Excel
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"WEKA Chemie unterrichten 4.0" = WEKA Chemie unterrichten 4.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2012 06:17:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x17bc  Startzeit der fehlerhaften Anwendung: 0x01cdb1079fad18f5  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: dd6991f7-1cfa-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:18:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x970  Startzeit der fehlerhaften Anwendung: 0x01cdb107c3891ab8  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 013c6bf9-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:19:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0xefc  Startzeit der fehlerhaften Anwendung: 0x01cdb107e75ba68b  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 251698ed-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:20:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x1464  Startzeit der fehlerhaften Anwendung: 0x01cdb1080b37e6ba  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 48e9b15b-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:21:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x1654  Startzeit der fehlerhaften Anwendung: 0x01cdb1082f0affb7  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 6cc5d2d9-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:22:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x524  Startzeit der fehlerhaften Anwendung: 0x01cdb10852e74078  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 90988e19-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:23:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x524  Startzeit der fehlerhaften Anwendung: 0x01cdb10876b8e269  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: b473b58b-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:24:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x1360  Startzeit der fehlerhaften Anwendung: 0x01cdb1089a95cf09  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: d8471caa-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:25:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x8b4  Startzeit der fehlerhaften Anwendung: 0x01cdb108be68f7aa  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: fc23cacc-1cfb-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:26:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0x1698  Startzeit der fehlerhaften Anwendung: 0x01cdb108e2459636  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 1ff6e3d7-1cfc-11e2-8c2d-20cf3062b3b1
 
Error - 23.10.2012 06:27:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x750ec9f1  ID des fehlerhaften
 Prozesses: 0xa00  Startzeit der fehlerhaften Anwendung: 0x01cdb1090617f3ca  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 43d2c6ec-1cfc-11e2-8c2d-20cf3062b3b1
 
[ Media Center Events ]
Error - 16.12.2011 04:21:33 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:33 - Fehler beim Herstellen der Internetverbindung.  09:21:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.12.2011 04:21:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:38 - Fehler beim Herstellen der Internetverbindung.  09:21:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.12.2011 14:05:50 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:50 - Fehler beim Herstellen der Internetverbindung.  19:05:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.12.2011 14:05:59 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:55 - Fehler beim Herstellen der Internetverbindung.  19:05:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.12.2011 04:25:52 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:52 - Fehler beim Herstellen der Internetverbindung.  09:25:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.12.2011 04:26:03 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:57 - Fehler beim Herstellen der Internetverbindung.  09:25:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.12.2011 04:01:32 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:32 - Fehler beim Herstellen der Internetverbindung.  09:01:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.12.2011 04:01:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:38 - Fehler beim Herstellen der Internetverbindung.  09:01:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 04:39:11 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:11 - Fehler beim Herstellen der Internetverbindung.  09:39:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 04:39:20 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:16 - Fehler beim Herstellen der Internetverbindung.  09:39:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 26.02.2012 08:43:30 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16050
 seconds with 8220 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2012 15:01:59 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31775
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2012 04:45:15 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3033
 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error - 07.10.2012 05:27:51 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8388
 seconds with 3780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.10.2012 07:10:04 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.10.2012 07:10:05 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.10.2012 09:44:37 | Computer Name = Tickert | Source = DCOM | ID = 10010
Description = 
 
Error - 17.10.2012 12:56:13 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 23.10.2012 01:36:24 | Computer Name = Tickert | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.10.2012 01:36:24 | Computer Name = Tickert | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.10.2012 01:36:27 | Computer Name = Tickert | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 23.10.2012 01:37:34 | Computer Name = Tickert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 23.10.2012 02:47:07 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 23.10.2012 02:47:09 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
 
< End of report >
         
Sodele hier die aswMbr Datei:


Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-23 15:38:10
-----------------------------
15:38:10.618    OS Version: Windows x64 6.1.7601 Service Pack 1
15:38:10.618    Number of processors: 4 586 0x2505
15:38:10.618    ComputerName: TICKERT  UserName: 
15:38:11.289    Initialize success
15:38:20.993    AVAST engine defs: 12102300
15:38:59.203    The log file has been saved successfully to "C:\Users\Andreas Tickert\Desktop\aswMBR.txt"
15:39:10.870    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:39:10.886    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
15:39:10.902    Disk 0 MBR read successfully
15:39:10.902    Disk 0 MBR scan
15:39:10.917    Disk 0 Windows 7 default MBR code
15:39:10.933    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63
15:39:10.933    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119232 MB offset 40965750
15:39:10.948    Disk 0 Partition - 00     0F Extended LBA            337704 MB offset 285153280
15:39:10.980    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       337703 MB offset 285155328
15:39:11.026    Disk 0 scanning C:\Windows\system32\drivers
15:39:23.366    Service scanning
15:39:52.850    Modules scanning
15:39:53.365    Disk 0 trace - called modules:
15:39:53.427    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
15:39:53.443    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c63060]
15:39:53.443    3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> [0xfffffa80049cd040]
15:39:53.458    5 ACPI.sys[fffff88000ede7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d2050]
15:39:54.644    AVAST engine scan C:\Windows
15:39:57.374    AVAST engine scan C:\Windows\system32
15:41:18.869    File: C:\Windows\system32\services.exe  **INFECTED** Win32:Sirefef-ZT [Trj]
15:41:55.466    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
15:41:57.866    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
15:43:22.355    AVAST engine scan C:\Windows\system32\drivers
15:43:52.369    AVAST engine scan C:\Users\Andreas Tickert
15:50:40.105    AVAST engine scan C:\ProgramData
15:56:23.456    Scan finished successfully
15:56:24.064    Disk 0 MBR has been saved successfully to "C:\Users\Andreas Tickert\Desktop\MBR.dat"
15:56:24.064    The log file has been saved successfully to "C:\Users\Andreas Tickert\Desktop\aswMBR.txt"
         
__________________

Alt 23.10.2012, 16:04   #4
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Und zu guter letzt TDSS Killer Report:

Code:
ATTFilter
17:02:02.0191 1216  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:02:02.0394 1216  ============================================================
17:02:02.0394 1216  Current date / time: 2012/10/23 17:02:02.0394
17:02:02.0394 1216  SystemInfo:
17:02:02.0394 1216  
17:02:02.0394 1216  OS Version: 6.1.7601 ServicePack: 1.0
17:02:02.0394 1216  Product type: Workstation
17:02:02.0394 1216  ComputerName: TICKERT
17:02:02.0394 1216  UserName: Andreas Tickert
17:02:02.0394 1216  Windows directory: C:\Windows
17:02:02.0394 1216  System windows directory: C:\Windows
17:02:02.0394 1216  Running under WOW64
17:02:02.0394 1216  Processor architecture: Intel x64
17:02:02.0394 1216  Number of processors: 4
17:02:02.0394 1216  Page size: 0x1000
17:02:02.0394 1216  Boot type: Normal boot
17:02:02.0394 1216  ============================================================
17:02:02.0975 1216  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:02:02.0985 1216  ============================================================
17:02:02.0985 1216  \Device\Harddisk0\DR0:
17:02:02.0985 1216  MBR partitions:
17:02:02.0985 1216  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
17:02:03.0015 1216  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
17:02:03.0015 1216  ============================================================
17:02:03.0065 1216  C: <-> \Device\Harddisk0\DR0\Partition1
17:02:03.0095 1216  D: <-> \Device\Harddisk0\DR0\Partition2
17:02:03.0095 1216  ============================================================
17:02:03.0095 1216  Initialize success
17:02:03.0095 1216  ============================================================
17:02:12.0325 3728  ============================================================
17:02:12.0325 3728  Scan started
17:02:12.0325 3728  Mode: Manual; 
17:02:12.0325 3728  ============================================================
17:02:13.0235 3728  ================ Scan system memory ========================
17:02:13.0235 3728  System memory - ok
17:02:13.0235 3728  ================ Scan services =============================
17:02:13.0435 3728  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:02:13.0435 3728  1394ohci - ok
17:02:13.0475 3728  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:02:13.0485 3728  ACPI - ok
17:02:13.0505 3728  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:02:13.0505 3728  AcpiPmi - ok
17:02:13.0645 3728  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:02:13.0645 3728  AdobeFlashPlayerUpdateSvc - ok
17:02:13.0705 3728  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:02:13.0715 3728  adp94xx - ok
17:02:13.0735 3728  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:02:13.0745 3728  adpahci - ok
17:02:13.0765 3728  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:02:13.0775 3728  adpu320 - ok
17:02:13.0805 3728  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:02:13.0805 3728  AeLookupSvc - ok
17:02:13.0865 3728  [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent        C:\Windows\system32\FBAgent.exe
17:02:13.0865 3728  AFBAgent - ok
17:02:13.0925 3728  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:02:13.0935 3728  AFD - ok
17:02:13.0965 3728  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:02:13.0975 3728  agp440 - ok
17:02:13.0995 3728  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:02:13.0995 3728  ALG - ok
17:02:14.0025 3728  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:02:14.0025 3728  aliide - ok
17:02:14.0055 3728  [ 46693222FCDB3175AAAED017EAA6FCC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:02:14.0065 3728  AMD External Events Utility - ok
17:02:14.0075 3728  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:02:14.0085 3728  amdide - ok
17:02:14.0125 3728  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:02:14.0125 3728  AmdK8 - ok
17:02:14.0295 3728  [ 99C262242A279976206ECE1D3C74DF27 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:02:14.0435 3728  amdkmdag - ok
17:02:14.0475 3728  [ 20B63276A1920B41E1C56720B395049B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:02:14.0475 3728  amdkmdap - ok
17:02:14.0495 3728  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:02:14.0505 3728  AmdPPM - ok
17:02:14.0525 3728  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:02:14.0525 3728  amdsata - ok
17:02:14.0555 3728  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:02:14.0555 3728  amdsbs - ok
17:02:14.0570 3728  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:02:14.0570 3728  amdxata - ok
17:02:14.0617 3728  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
17:02:14.0617 3728  AmUStor - ok
17:02:14.0680 3728  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:02:14.0680 3728  AntiVirSchedulerService - ok
17:02:14.0726 3728  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:02:14.0726 3728  AntiVirService - ok
17:02:14.0773 3728  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:02:14.0773 3728  AppID - ok
17:02:14.0789 3728  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:02:14.0804 3728  AppIDSvc - ok
17:02:14.0820 3728  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:02:14.0820 3728  Appinfo - ok
17:02:14.0836 3728  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:02:14.0851 3728  arc - ok
17:02:14.0851 3728  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:02:14.0867 3728  arcsas - ok
17:02:14.0929 3728  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:02:14.0929 3728  ASLDRService - ok
17:02:14.0945 3728  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:02:14.0960 3728  ASMMAP64 - ok
17:02:14.0976 3728  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:14.0992 3728  AsyncMac - ok
17:02:15.0023 3728  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:02:15.0023 3728  atapi - ok
17:02:15.0085 3728  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:02:15.0116 3728  athr - ok
17:02:15.0179 3728  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:02:15.0179 3728  AtiHdmiService - ok
17:02:15.0304 3728  [ 99C262242A279976206ECE1D3C74DF27 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:02:15.0335 3728  atikmdag - ok
17:02:15.0366 3728  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:02:15.0366 3728  ATKGFNEXSrv - ok
17:02:15.0397 3728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:02:15.0397 3728  AudioEndpointBuilder - ok
17:02:15.0413 3728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:02:15.0413 3728  AudioSrv - ok
17:02:15.0460 3728  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:02:15.0460 3728  avgntflt - ok
17:02:15.0506 3728  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:02:15.0506 3728  avipbb - ok
17:02:15.0522 3728  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:02:15.0522 3728  avkmgr - ok
17:02:15.0584 3728  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:02:15.0584 3728  AxInstSV - ok
17:02:15.0616 3728  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:02:15.0631 3728  b06bdrv - ok
17:02:15.0662 3728  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:02:15.0662 3728  b57nd60a - ok
17:02:15.0725 3728  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:02:15.0725 3728  BDESVC - ok
17:02:15.0740 3728  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:02:15.0740 3728  Beep - ok
17:02:15.0756 3728  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:02:15.0756 3728  blbdrive - ok
17:02:15.0772 3728  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:02:15.0787 3728  bowser - ok
17:02:15.0803 3728  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:02:15.0803 3728  BrFiltLo - ok
17:02:15.0818 3728  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:02:15.0818 3728  BrFiltUp - ok
17:02:15.0850 3728  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:02:15.0850 3728  Browser - ok
17:02:15.0881 3728  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:02:15.0881 3728  Brserid - ok
17:02:15.0896 3728  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:02:15.0896 3728  BrSerWdm - ok
17:02:15.0912 3728  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:02:15.0912 3728  BrUsbMdm - ok
17:02:15.0928 3728  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:02:15.0928 3728  BrUsbSer - ok
17:02:15.0943 3728  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:02:15.0959 3728  BTHMODEM - ok
17:02:15.0990 3728  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:02:15.0990 3728  bthserv - ok
17:02:15.0990 3728  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:02:16.0006 3728  cdfs - ok
17:02:16.0037 3728  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:02:16.0037 3728  cdrom - ok
17:02:16.0084 3728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:02:16.0084 3728  CertPropSvc - ok
17:02:16.0115 3728  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:02:16.0115 3728  circlass - ok
17:02:16.0146 3728  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:02:16.0162 3728  CLFS - ok
17:02:16.0242 3728  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:02:16.0242 3728  clr_optimization_v2.0.50727_32 - ok
17:02:16.0292 3728  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:02:16.0302 3728  clr_optimization_v2.0.50727_64 - ok
17:02:16.0372 3728  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:02:16.0372 3728  clr_optimization_v4.0.30319_32 - ok
17:02:16.0422 3728  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:02:16.0422 3728  clr_optimization_v4.0.30319_64 - ok
17:02:16.0452 3728  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:02:16.0452 3728  CmBatt - ok
17:02:16.0472 3728  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:02:16.0472 3728  cmdide - ok
17:02:16.0522 3728  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:02:16.0522 3728  CNG - ok
17:02:16.0562 3728  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:02:16.0562 3728  Compbatt - ok
17:02:16.0582 3728  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:02:16.0582 3728  CompositeBus - ok
17:02:16.0602 3728  COMSysApp - ok
17:02:16.0622 3728  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:02:16.0622 3728  crcdisk - ok
17:02:16.0662 3728  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:02:16.0662 3728  CryptSvc - ok
17:02:16.0692 3728  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
17:02:16.0692 3728  CVirtA - ok
17:02:16.0762 3728  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
17:02:16.0802 3728  CVPND - ok
17:02:16.0842 3728  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
17:02:16.0852 3728  CVPNDRVA - ok
17:02:16.0892 3728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:02:16.0902 3728  DcomLaunch - ok
17:02:16.0922 3728  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:02:16.0932 3728  defragsvc - ok
17:02:16.0962 3728  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:02:16.0962 3728  DfsC - ok
17:02:17.0002 3728  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:02:17.0012 3728  Dhcp - ok
17:02:17.0042 3728  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:02:17.0042 3728  discache - ok
17:02:17.0082 3728  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:02:17.0082 3728  Disk - ok
17:02:17.0122 3728  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
17:02:17.0122 3728  DNE - ok
17:02:17.0152 3728  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:02:17.0162 3728  Dnscache - ok
17:02:17.0192 3728  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:02:17.0202 3728  dot3svc - ok
17:02:17.0232 3728  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:02:17.0232 3728  DPS - ok
17:02:17.0262 3728  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:02:17.0272 3728  drmkaud - ok
17:02:17.0302 3728  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:02:17.0342 3728  DXGKrnl - ok
17:02:17.0392 3728  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:02:17.0392 3728  EapHost - ok
17:02:17.0502 3728  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:02:17.0592 3728  ebdrv - ok
17:02:17.0632 3728  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:02:17.0632 3728  EFS - ok
17:02:17.0722 3728  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:02:17.0752 3728  ehRecvr - ok
17:02:17.0772 3728  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:02:17.0782 3728  ehSched - ok
17:02:17.0832 3728  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:02:17.0842 3728  elxstor - ok
17:02:17.0862 3728  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:02:17.0872 3728  ErrDev - ok
17:02:17.0902 3728  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
17:02:17.0902 3728  ETD - ok
17:02:17.0952 3728  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:02:17.0952 3728  EventSystem - ok
17:02:17.0982 3728  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:02:17.0982 3728  exfat - ok
17:02:18.0002 3728  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:02:18.0002 3728  fastfat - ok
17:02:18.0052 3728  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:02:18.0072 3728  Fax - ok
17:02:18.0092 3728  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:02:18.0102 3728  fdc - ok
17:02:18.0142 3728  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:02:18.0142 3728  fdPHost - ok
17:02:18.0152 3728  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:02:18.0152 3728  FDResPub - ok
17:02:18.0182 3728  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:02:18.0182 3728  FileInfo - ok
17:02:18.0192 3728  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:02:18.0192 3728  Filetrace - ok
17:02:18.0212 3728  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:02:18.0212 3728  flpydisk - ok
17:02:18.0232 3728  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:02:18.0242 3728  FltMgr - ok
17:02:18.0282 3728  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:02:18.0312 3728  FontCache - ok
17:02:18.0362 3728  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:02:18.0362 3728  FontCache3.0.0.0 - ok
17:02:18.0392 3728  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:02:18.0392 3728  FsDepends - ok
17:02:18.0432 3728  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:02:18.0432 3728  fssfltr - ok
17:02:18.0512 3728  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:02:18.0542 3728  fsssvc - ok
17:02:18.0562 3728  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:02:18.0572 3728  Fs_Rec - ok
17:02:18.0602 3728  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:02:18.0602 3728  fvevol - ok
17:02:18.0642 3728  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:02:18.0642 3728  gagp30kx - ok
17:02:18.0682 3728  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:02:18.0702 3728  gpsvc - ok
17:02:18.0792 3728  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:18.0792 3728  gupdate - ok
17:02:18.0822 3728  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:18.0822 3728  gupdatem - ok
17:02:18.0872 3728  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:02:18.0872 3728  gusvc - ok
17:02:18.0892 3728  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:02:18.0892 3728  hcw85cir - ok
17:02:18.0932 3728  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:02:18.0942 3728  HdAudAddService - ok
17:02:18.0962 3728  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:02:18.0962 3728  HDAudBus - ok
17:02:18.0992 3728  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
17:02:18.0992 3728  HECIx64 - ok
17:02:19.0012 3728  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:02:19.0012 3728  HidBatt - ok
17:02:19.0032 3728  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:02:19.0042 3728  HidBth - ok
17:02:19.0052 3728  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:02:19.0052 3728  HidIr - ok
17:02:19.0072 3728  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:02:19.0072 3728  hidserv - ok
17:02:19.0112 3728  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:02:19.0112 3728  HidUsb - ok
17:02:19.0152 3728  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:02:19.0152 3728  hkmsvc - ok
17:02:19.0182 3728  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:02:19.0182 3728  HomeGroupListener - ok
17:02:19.0228 3728  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:02:19.0228 3728  HomeGroupProvider - ok
17:02:19.0275 3728  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:02:19.0275 3728  HpSAMD - ok
17:02:19.0322 3728  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:02:19.0353 3728  HTTP - ok
17:02:19.0384 3728  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:02:19.0384 3728  hwpolicy - ok
17:02:19.0416 3728  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:02:19.0416 3728  i8042prt - ok
17:02:19.0462 3728  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:02:19.0462 3728  iaStor - ok
17:02:19.0494 3728  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:02:19.0494 3728  iaStorV - ok
17:02:19.0572 3728  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:02:19.0603 3728  idsvc - ok
17:02:19.0634 3728  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:02:19.0634 3728  iirsp - ok
17:02:19.0696 3728  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:02:19.0712 3728  IKEEXT - ok
17:02:19.0743 3728  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:02:19.0743 3728  Impcd - ok
17:02:19.0759 3728  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:02:19.0774 3728  intelide - ok
17:02:19.0806 3728  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:02:19.0806 3728  intelppm - ok
17:02:19.0837 3728  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:02:19.0837 3728  IPBusEnum - ok
17:02:19.0868 3728  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:19.0868 3728  IpFilterDriver - ok
17:02:19.0899 3728  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:02:19.0899 3728  IPMIDRV - ok
17:02:19.0915 3728  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:02:19.0930 3728  IPNAT - ok
17:02:19.0946 3728  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:02:19.0946 3728  IRENUM - ok
17:02:19.0962 3728  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:02:19.0962 3728  isapnp - ok
17:02:19.0977 3728  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:02:19.0977 3728  iScsiPrt - ok
17:02:20.0003 3728  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:02:20.0003 3728  kbdclass - ok
17:02:20.0033 3728  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:02:20.0033 3728  kbdhid - ok
17:02:20.0063 3728  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
17:02:20.0073 3728  kbfiltr - ok
17:02:20.0083 3728  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:02:20.0083 3728  KeyIso - ok
17:02:20.0113 3728  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:02:20.0113 3728  KSecDD - ok
17:02:20.0143 3728  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:02:20.0143 3728  KSecPkg - ok
17:02:20.0173 3728  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:02:20.0173 3728  ksthunk - ok
17:02:20.0213 3728  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:02:20.0223 3728  KtmRm - ok
17:02:20.0263 3728  [ 9C46A5421DE9D116C47155317CABB522 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:02:20.0263 3728  L1C - ok
17:02:20.0293 3728  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:02:20.0303 3728  LanmanServer - ok
17:02:20.0323 3728  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:02:20.0333 3728  LanmanWorkstation - ok
17:02:20.0363 3728  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:02:20.0373 3728  lltdio - ok
17:02:20.0403 3728  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:02:20.0423 3728  lltdsvc - ok
17:02:20.0433 3728  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:02:20.0433 3728  lmhosts - ok
17:02:20.0503 3728  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:02:20.0503 3728  LMS - ok
17:02:20.0543 3728  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:02:20.0553 3728  LSI_FC - ok
17:02:20.0563 3728  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:02:20.0573 3728  LSI_SAS - ok
17:02:20.0583 3728  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:02:20.0593 3728  LSI_SAS2 - ok
17:02:20.0613 3728  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:02:20.0613 3728  LSI_SCSI - ok
17:02:20.0633 3728  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:02:20.0633 3728  luafv - ok
17:02:20.0683 3728  [ 035C83CD72E06C47000793D32B1A642D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
17:02:20.0693 3728  massfilter - ok
17:02:20.0763 3728  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:02:20.0763 3728  MBAMProtector - ok
17:02:20.0823 3728  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:02:20.0823 3728  MBAMScheduler - ok
17:02:20.0883 3728  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:02:20.0893 3728  MBAMService - ok
17:02:20.0923 3728  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:02:20.0933 3728  Mcx2Svc - ok
17:02:20.0963 3728  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:02:20.0963 3728  megasas - ok
17:02:20.0983 3728  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:02:20.0993 3728  MegaSR - ok
17:02:21.0013 3728  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:02:21.0013 3728  MMCSS - ok
17:02:21.0023 3728  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:02:21.0033 3728  Modem - ok
17:02:21.0053 3728  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:02:21.0053 3728  monitor - ok
17:02:21.0083 3728  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:02:21.0083 3728  mouclass - ok
17:02:21.0113 3728  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:02:21.0113 3728  mouhid - ok
17:02:21.0153 3728  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:02:21.0153 3728  mountmgr - ok
17:02:21.0223 3728  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:02:21.0233 3728  MozillaMaintenance - ok
17:02:21.0243 3728  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:02:21.0253 3728  mpio - ok
17:02:21.0273 3728  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:02:21.0273 3728  mpsdrv - ok
17:02:21.0303 3728  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:02:21.0303 3728  MRxDAV - ok
17:02:21.0333 3728  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:21.0333 3728  mrxsmb - ok
17:02:21.0373 3728  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:21.0373 3728  mrxsmb10 - ok
17:02:21.0393 3728  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:21.0393 3728  mrxsmb20 - ok
17:02:21.0423 3728  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:02:21.0423 3728  msahci - ok
17:02:21.0453 3728  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:02:21.0453 3728  msdsm - ok
17:02:21.0473 3728  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:02:21.0483 3728  MSDTC - ok
17:02:21.0503 3728  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:02:21.0503 3728  Msfs - ok
17:02:21.0533 3728  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:02:21.0533 3728  mshidkmdf - ok
17:02:21.0553 3728  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:02:21.0553 3728  msisadrv - ok
17:02:21.0583 3728  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:02:21.0583 3728  MSiSCSI - ok
17:02:21.0593 3728  msiserver - ok
17:02:21.0613 3728  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:02:21.0623 3728  MSKSSRV - ok
17:02:21.0633 3728  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:21.0643 3728  MSPCLOCK - ok
17:02:21.0653 3728  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:02:21.0663 3728  MSPQM - ok
17:02:21.0683 3728  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:02:21.0693 3728  MsRPC - ok
17:02:21.0713 3728  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:02:21.0713 3728  mssmbios - ok
17:02:21.0733 3728  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:02:21.0733 3728  MSTEE - ok
17:02:21.0743 3728  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:02:21.0743 3728  MTConfig - ok
17:02:21.0803 3728  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:02:21.0803 3728  MTsensor - ok
17:02:21.0823 3728  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:02:21.0823 3728  Mup - ok
17:02:21.0863 3728  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:02:21.0863 3728  napagent - ok
17:02:21.0913 3728  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:02:21.0923 3728  NativeWifiP - ok
17:02:21.0993 3728  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:02:22.0013 3728  NDIS - ok
17:02:22.0043 3728  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:02:22.0043 3728  NdisCap - ok
17:02:22.0053 3728  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:22.0063 3728  NdisTapi - ok
17:02:22.0093 3728  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:22.0093 3728  Ndisuio - ok
17:02:22.0133 3728  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:22.0133 3728  NdisWan - ok
17:02:22.0163 3728  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:02:22.0163 3728  NDProxy - ok
17:02:22.0193 3728  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:02:22.0193 3728  NetBIOS - ok
17:02:22.0223 3728  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:02:22.0233 3728  NetBT - ok
17:02:22.0243 3728  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:02:22.0243 3728  Netlogon - ok
17:02:22.0273 3728  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:02:22.0283 3728  Netman - ok
17:02:22.0303 3728  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:02:22.0313 3728  netprofm - ok
17:02:22.0323 3728  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:22.0333 3728  NetTcpPortSharing - ok
17:02:22.0363 3728  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:02:22.0363 3728  nfrd960 - ok
17:02:22.0403 3728  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:02:22.0413 3728  NlaSvc - ok
17:02:22.0443 3728  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:02:22.0443 3728  Npfs - ok
17:02:22.0463 3728  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:02:22.0473 3728  nsi - ok
17:02:22.0503 3728  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:02:22.0503 3728  nsiproxy - ok
17:02:22.0573 3728  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:02:22.0613 3728  Ntfs - ok
17:02:22.0633 3728  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:02:22.0633 3728  Null - ok
17:02:22.0673 3728  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:02:22.0683 3728  nvraid - ok
17:02:22.0693 3728  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:02:22.0703 3728  nvstor - ok
17:02:22.0723 3728  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:02:22.0733 3728  nv_agp - ok
17:02:22.0873 3728  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:02:22.0883 3728  odserv - ok
17:02:22.0913 3728  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:02:22.0913 3728  ohci1394 - ok
17:02:22.0983 3728  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:02:22.0983 3728  ose - ok
17:02:23.0013 3728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:02:23.0023 3728  p2pimsvc - ok
17:02:23.0043 3728  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:02:23.0043 3728  p2psvc - ok
17:02:23.0073 3728  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:02:23.0083 3728  Parport - ok
17:02:23.0103 3728  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:02:23.0103 3728  partmgr - ok
17:02:23.0123 3728  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:02:23.0123 3728  PcaSvc - ok
17:02:23.0153 3728  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:02:23.0163 3728  pci - ok
17:02:23.0183 3728  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:02:23.0183 3728  pciide - ok
17:02:23.0223 3728  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:02:23.0223 3728  pcmcia - ok
17:02:23.0243 3728  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:02:23.0253 3728  pcw - ok
17:02:23.0273 3728  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:02:23.0283 3728  PEAUTH - ok
17:02:23.0373 3728  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:02:23.0373 3728  PerfHost - ok
17:02:23.0433 3728  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:02:23.0483 3728  pla - ok
17:02:23.0523 3728  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:02:23.0533 3728  PlugPlay - ok
17:02:23.0543 3728  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:02:23.0553 3728  PNRPAutoReg - ok
17:02:23.0563 3728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:02:23.0573 3728  PNRPsvc - ok
17:02:23.0603 3728  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:02:23.0623 3728  PolicyAgent - ok
17:02:23.0653 3728  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:02:23.0663 3728  Power - ok
17:02:23.0693 3728  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:02:23.0693 3728  PptpMiniport - ok
17:02:23.0723 3728  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:02:23.0733 3728  Processor - ok
17:02:23.0763 3728  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:02:23.0763 3728  ProfSvc - ok
17:02:23.0783 3728  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:02:23.0783 3728  ProtectedStorage - ok
17:02:23.0813 3728  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:02:23.0823 3728  Psched - ok
17:02:23.0883 3728  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:02:23.0933 3728  ql2300 - ok
17:02:23.0953 3728  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:02:23.0953 3728  ql40xx - ok
17:02:23.0973 3728  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:02:23.0983 3728  QWAVE - ok
17:02:24.0003 3728  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:02:24.0003 3728  QWAVEdrv - ok
17:02:24.0013 3728  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:02:24.0023 3728  RasAcd - ok
17:02:24.0053 3728  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:02:24.0053 3728  RasAgileVpn - ok
17:02:24.0073 3728  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:02:24.0083 3728  RasAuto - ok
17:02:24.0103 3728  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:02:24.0113 3728  Rasl2tp - ok
17:02:24.0173 3728  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:02:24.0183 3728  RasMan - ok
17:02:24.0223 3728  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:02:24.0223 3728  RasPppoe - ok
17:02:24.0253 3728  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:02:24.0253 3728  RasSstp - ok
17:02:24.0283 3728  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:02:24.0293 3728  rdbss - ok
17:02:24.0303 3728  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:02:24.0303 3728  rdpbus - ok
17:02:24.0323 3728  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:02:24.0323 3728  RDPCDD - ok
17:02:24.0343 3728  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:02:24.0343 3728  RDPENCDD - ok
17:02:24.0363 3728  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:02:24.0363 3728  RDPREFMP - ok
17:02:24.0393 3728  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:02:24.0393 3728  RDPWD - ok
17:02:24.0433 3728  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:02:24.0433 3728  rdyboost - ok
17:02:24.0473 3728  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:02:24.0473 3728  RemoteAccess - ok
17:02:24.0523 3728  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:02:24.0523 3728  RemoteRegistry - ok
17:02:24.0543 3728  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:02:24.0543 3728  RpcEptMapper - ok
17:02:24.0553 3728  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:02:24.0563 3728  RpcLocator - ok
17:02:24.0593 3728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:02:24.0603 3728  RpcSs - ok
17:02:24.0633 3728  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:02:24.0633 3728  rspndr - ok
17:02:24.0643 3728  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:02:24.0643 3728  SamSs - ok
17:02:24.0683 3728  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:02:24.0683 3728  sbp2port - ok
17:02:24.0713 3728  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:02:24.0713 3728  SCardSvr - ok
17:02:24.0743 3728  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:02:24.0753 3728  scfilter - ok
17:02:24.0793 3728  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:02:24.0823 3728  Schedule - ok
17:02:24.0853 3728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:02:24.0853 3728  SCPolicySvc - ok
17:02:24.0893 3728  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:02:24.0893 3728  SDRSVC - ok
17:02:24.0933 3728  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:02:24.0933 3728  secdrv - ok
17:02:24.0953 3728  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:02:24.0963 3728  seclogon - ok
17:02:24.0983 3728  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:02:24.0993 3728  SENS - ok
17:02:25.0003 3728  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:02:25.0003 3728  SensrSvc - ok
17:02:25.0023 3728  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:02:25.0023 3728  Serenum - ok
17:02:25.0053 3728  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:02:25.0063 3728  Serial - ok
17:02:25.0093 3728  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:02:25.0093 3728  sermouse - ok
17:02:25.0133 3728  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:02:25.0133 3728  SessionEnv - ok
17:02:25.0163 3728  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:02:25.0163 3728  sffdisk - ok
17:02:25.0183 3728  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:02:25.0183 3728  sffp_mmc - ok
17:02:25.0203 3728  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:02:25.0203 3728  sffp_sd - ok
17:02:25.0223 3728  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:02:25.0233 3728  sfloppy - ok
17:02:25.0278 3728  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:02:25.0278 3728  ShellHWDetection - ok
17:02:25.0310 3728  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
17:02:25.0310 3728  SiSGbeLH - ok
17:02:25.0341 3728  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:02:25.0341 3728  SiSRaid2 - ok
17:02:25.0351 3728  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:02:25.0361 3728  SiSRaid4 - ok
17:02:25.0441 3728  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:02:25.0441 3728  SkypeUpdate - ok
17:02:25.0461 3728  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:02:25.0461 3728  Smb - ok
17:02:25.0501 3728  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:02:25.0511 3728  SNMPTRAP - ok
17:02:25.0571 3728  [ F06A6DE8438F7446BFF9E61F31356521 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
17:02:25.0611 3728  SNP2UVC - ok
17:02:25.0641 3728  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:02:25.0641 3728  spldr - ok
17:02:25.0681 3728  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:02:25.0691 3728  Spooler - ok
17:02:25.0781 3728  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:02:25.0871 3728  sppsvc - ok
17:02:25.0901 3728  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:02:25.0901 3728  sppuinotify - ok
17:02:25.0941 3728  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:02:25.0951 3728  srv - ok
17:02:25.0971 3728  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:02:25.0971 3728  srv2 - ok
17:02:25.0991 3728  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:02:25.0991 3728  srvnet - ok
17:02:26.0011 3728  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:02:26.0011 3728  SSDPSRV - ok
17:02:26.0031 3728  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:02:26.0031 3728  SstpSvc - ok
17:02:26.0111 3728  [ 94A6522AC9F3E05FD039AD105ADE96D0 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
17:02:26.0111 3728  STacSV - ok
17:02:26.0141 3728  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:02:26.0141 3728  stexstor - ok
17:02:26.0171 3728  [ DDB811B13D827081E7C1DDFF302AB334 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:02:26.0181 3728  STHDA - ok
17:02:26.0221 3728  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:02:26.0221 3728  StillCam - ok
17:02:26.0261 3728  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:02:26.0291 3728  stisvc - ok
17:02:26.0311 3728  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:02:26.0311 3728  swenum - ok
17:02:26.0351 3728  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:02:26.0361 3728  swprv - ok
17:02:26.0431 3728  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:02:26.0471 3728  SysMain - ok
17:02:26.0491 3728  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:02:26.0491 3728  TabletInputService - ok
17:02:26.0531 3728  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:02:26.0531 3728  TapiSrv - ok
17:02:26.0561 3728  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:02:26.0561 3728  TBS - ok
17:02:26.0631 3728  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:02:26.0701 3728  Tcpip - ok
17:02:26.0761 3728  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:02:26.0771 3728  TCPIP6 - ok
17:02:26.0791 3728  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:02:26.0791 3728  tcpipreg - ok
17:02:26.0831 3728  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:02:26.0831 3728  TDPIPE - ok
17:02:26.0861 3728  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:02:26.0861 3728  TDTCP - ok
17:02:26.0881 3728  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:02:26.0881 3728  tdx - ok
17:02:26.0901 3728  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:02:26.0901 3728  TermDD - ok
17:02:26.0941 3728  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:02:26.0961 3728  TermService - ok
17:02:27.0001 3728  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:02:27.0001 3728  Themes - ok
17:02:27.0021 3728  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:02:27.0021 3728  THREADORDER - ok
17:02:27.0081 3728  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:02:27.0081 3728  TrkWks - ok
17:02:27.0121 3728  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:02:27.0121 3728  TrustedInstaller - ok
17:02:27.0151 3728  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:27.0151 3728  tssecsrv - ok
17:02:27.0191 3728  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:02:27.0191 3728  TsUsbFlt - ok
17:02:27.0231 3728  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:02:27.0241 3728  tunnel - ok
17:02:27.0281 3728  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
17:02:27.0281 3728  TurboB - ok
17:02:27.0331 3728  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:02:27.0341 3728  TurboBoost - ok
17:02:27.0371 3728  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:02:27.0371 3728  uagp35 - ok
17:02:27.0411 3728  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:02:27.0411 3728  udfs - ok
17:02:27.0491 3728  [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
17:02:27.0501 3728  UI Assistant Service - ok
17:02:27.0531 3728  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:02:27.0531 3728  UI0Detect - ok
17:02:27.0561 3728  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:02:27.0561 3728  uliagpkx - ok
17:02:27.0591 3728  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:02:27.0591 3728  umbus - ok
17:02:27.0621 3728  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:02:27.0621 3728  UmPass - ok
17:02:27.0711 3728  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:02:27.0761 3728  UNS - ok
17:02:27.0791 3728  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:02:27.0801 3728  upnphost - ok
17:02:27.0841 3728  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:27.0851 3728  usbccgp - ok
17:02:27.0871 3728  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:02:27.0871 3728  usbcir - ok
17:02:27.0891 3728  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:02:27.0901 3728  usbehci - ok
17:02:27.0931 3728  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:02:27.0941 3728  usbhub - ok
17:02:27.0951 3728  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:02:27.0961 3728  usbohci - ok
17:02:27.0991 3728  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:02:28.0001 3728  usbprint - ok
17:02:28.0031 3728  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:02:28.0031 3728  usbscan - ok
17:02:28.0041 3728  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:02:28.0051 3728  USBSTOR - ok
17:02:28.0071 3728  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:02:28.0071 3728  usbuhci - ok
17:02:28.0131 3728  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:02:28.0131 3728  usbvideo - ok
17:02:28.0161 3728  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:02:28.0161 3728  UxSms - ok
17:02:28.0171 3728  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:02:28.0181 3728  VaultSvc - ok
17:02:28.0201 3728  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:02:28.0201 3728  vdrvroot - ok
17:02:28.0231 3728  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:02:28.0251 3728  vds - ok
17:02:28.0281 3728  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:02:28.0281 3728  vga - ok
17:02:28.0301 3728  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:02:28.0301 3728  VgaSave - ok
17:02:28.0331 3728  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:02:28.0331 3728  vhdmp - ok
17:02:28.0361 3728  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:02:28.0361 3728  viaide - ok
17:02:28.0401 3728  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:02:28.0401 3728  volmgr - ok
17:02:28.0441 3728  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:02:28.0441 3728  volmgrx - ok
17:02:28.0461 3728  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:02:28.0471 3728  volsnap - ok
17:02:28.0511 3728  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:02:28.0511 3728  vsmraid - ok
17:02:28.0571 3728  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:02:28.0611 3728  VSS - ok
17:02:28.0631 3728  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:02:28.0631 3728  vwifibus - ok
17:02:28.0651 3728  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:02:28.0651 3728  vwififlt - ok
17:02:28.0681 3728  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:02:28.0681 3728  vwifimp - ok
17:02:28.0731 3728  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:02:28.0741 3728  W32Time - ok
17:02:28.0761 3728  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:02:28.0761 3728  WacomPen - ok
17:02:28.0791 3728  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:02:28.0791 3728  WANARP - ok
17:02:28.0801 3728  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:02:28.0801 3728  Wanarpv6 - ok
17:02:28.0871 3728  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:02:28.0911 3728  WatAdminSvc - ok
17:02:28.0971 3728  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:02:29.0021 3728  wbengine - ok
17:02:29.0041 3728  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:02:29.0051 3728  WbioSrvc - ok
17:02:29.0091 3728  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:02:29.0091 3728  wcncsvc - ok
17:02:29.0121 3728  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:02:29.0121 3728  WcsPlugInService - ok
17:02:29.0141 3728  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:02:29.0151 3728  Wd - ok
17:02:29.0171 3728  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:02:29.0201 3728  Wdf01000 - ok
17:02:29.0221 3728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:02:29.0221 3728  WdiServiceHost - ok
17:02:29.0231 3728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:02:29.0231 3728  WdiSystemHost - ok
17:02:29.0261 3728  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:02:29.0261 3728  WebClient - ok
17:02:29.0291 3728  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:02:29.0301 3728  Wecsvc - ok
17:02:29.0331 3728  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:02:29.0341 3728  wercplsupport - ok
17:02:29.0371 3728  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:02:29.0381 3728  WerSvc - ok
17:02:29.0401 3728  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:02:29.0411 3728  WfpLwf - ok
17:02:29.0451 3728  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
17:02:29.0461 3728  WimFltr - ok
17:02:29.0471 3728  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:02:29.0481 3728  WIMMount - ok
17:02:29.0481 3728  WinHttpAutoProxySvc - ok
17:02:29.0541 3728  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:02:29.0551 3728  Winmgmt - ok
17:02:29.0621 3728  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:02:29.0691 3728  WinRM - ok
17:02:29.0761 3728  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:02:29.0761 3728  WinUsb - ok
17:02:29.0791 3728  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:02:29.0821 3728  Wlansvc - ok
17:02:29.0841 3728  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:02:29.0841 3728  WmiAcpi - ok
17:02:29.0871 3728  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:02:29.0871 3728  wmiApSrv - ok
17:02:29.0901 3728  WMPNetworkSvc - ok
17:02:29.0931 3728  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:02:29.0931 3728  WPCSvc - ok
17:02:29.0951 3728  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:02:29.0951 3728  WPDBusEnum - ok
17:02:29.0991 3728  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:02:29.0991 3728  ws2ifsl - ok
17:02:29.0991 3728  WSearch - ok
17:02:30.0011 3728  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:02:30.0011 3728  WudfPf - ok
17:02:30.0061 3728  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:30.0061 3728  WUDFRd - ok
17:02:30.0081 3728  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:02:30.0091 3728  wudfsvc - ok
17:02:30.0121 3728  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:02:30.0131 3728  WwanSvc - ok
17:02:30.0171 3728  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:02:30.0181 3728  ZTEusbmdm6k - ok
17:02:30.0201 3728  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:02:30.0211 3728  ZTEusbnmea - ok
17:02:30.0241 3728  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:02:30.0241 3728  ZTEusbser6k - ok
17:02:30.0311 3728  [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
17:02:30.0311 3728  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
17:02:30.0341 3728  ================ Scan global ===============================
17:02:30.0361 3728  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:02:30.0391 3728  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:02:30.0401 3728  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:02:30.0421 3728  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:02:30.0461 3728  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
17:02:30.0471 3728  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
17:02:30.0471 3728  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
17:02:30.0471 3728  ================ Scan MBR ==================================
17:02:30.0491 3728  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:02:30.0871 3728  \Device\Harddisk0\DR0 - ok
17:02:30.0871 3728  ================ Scan VBR ==================================
17:02:30.0871 3728  [ 2CE15AE69BD2EA14D1E16594C9F40589 ] \Device\Harddisk0\DR0\Partition1
17:02:30.0881 3728  \Device\Harddisk0\DR0\Partition1 - ok
17:02:30.0901 3728  [ 5BA4E991FFDBB372F353561123237AA1 ] \Device\Harddisk0\DR0\Partition2
17:02:30.0911 3728  \Device\Harddisk0\DR0\Partition2 - ok
17:02:30.0911 3728  ============================================================
17:02:30.0911 3728  Scan finished
17:02:30.0911 3728  ============================================================
17:02:30.0921 3512  Detected object count: 1
17:02:30.0921 3512  Actual detected object count: 1
17:03:32.0891 3512  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
17:03:32.0891 3512  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
         
Kriegt man den Schiet wieder irgendwie runter?

Wenn nicht heisst das wohl dass ich format C machen sollte und Win 7 neu installieren muss.
Das Problem is, dass die Hersteller bei den Recovery DVDs sparen und ich mir selbst eine erstellen muss. Brenn ich damit nicht den Malware scheiss mit drauf?

gruß

Ich hoffe das hier liest noch jemand.....ich brauch den PC (wie wahrscheinlich jeder ) dringenst für die Arbeit.

Schonmal danke im Vorraus für eure Hilfe!

Gruß

Andi

Ich hoffe das hier liest noch jemand.....ich brauch den PC (wie wahrscheinlich jeder ) dringenst für die Arbeit.

Schonmal danke im Vorraus für eure Hilfe!

Gruß

Andi

Alt 24.10.2012, 08:16   #5
Psychotic
/// Malwareteam
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Schritt 1: Fix mit TDSS-Killer


Dowloade Dir bitte TDSSKiller.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan. Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten. Gehe sicher, dass bei folgenden Einträgen Copy to quarantine ausgewählt ist:

      Code:
      ATTFilter
       Virus.Win64.ZAccess.a
               
    3. Drücke Continue --> Reboot.
  • Das Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.
Bebilderte Anleitung zur Benutzung von TDSSKiller.


Schritt 2: Neues TDSS-Killer-Log



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.10.2012, 08:31   #6
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Hier die logfile von TDSS Killer nach Kopieren in Quarantäne:

Code:
ATTFilter
09:26:32.0878 3352  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:26:33.0096 3352  ============================================================
09:26:33.0096 3352  Current date / time: 2012/10/24 09:26:33.0096
09:26:33.0096 3352  SystemInfo:
09:26:33.0096 3352  
09:26:33.0096 3352  OS Version: 6.1.7601 ServicePack: 1.0
09:26:33.0096 3352  Product type: Workstation
09:26:33.0096 3352  ComputerName: TICKERT
09:26:33.0096 3352  UserName: Andreas Tickert
09:26:33.0096 3352  Windows directory: C:\Windows
09:26:33.0096 3352  System windows directory: C:\Windows
09:26:33.0096 3352  Running under WOW64
09:26:33.0096 3352  Processor architecture: Intel x64
09:26:33.0096 3352  Number of processors: 4
09:26:33.0096 3352  Page size: 0x1000
09:26:33.0096 3352  Boot type: Normal boot
09:26:33.0096 3352  ============================================================
09:26:35.0967 3352  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:26:35.0967 3352  ============================================================
09:26:35.0967 3352  \Device\Harddisk0\DR0:
09:26:35.0967 3352  MBR partitions:
09:26:35.0967 3352  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
09:26:35.0982 3352  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
09:26:35.0982 3352  ============================================================
09:26:36.0045 3352  C: <-> \Device\Harddisk0\DR0\Partition1
09:26:36.0060 3352  D: <-> \Device\Harddisk0\DR0\Partition2
09:26:36.0060 3352  ============================================================
09:26:36.0060 3352  Initialize success
09:26:36.0060 3352  ============================================================
09:26:44.0063 0768  ============================================================
09:26:44.0063 0768  Scan started
09:26:44.0063 0768  Mode: Manual; 
09:26:44.0063 0768  ============================================================
09:26:45.0545 0768  ================ Scan system memory ========================
09:26:45.0545 0768  System memory - ok
09:26:45.0545 0768  ================ Scan services =============================
09:26:46.0902 0768  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:26:46.0902 0768  1394ohci - ok
09:26:46.0996 0768  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:26:46.0996 0768  ACPI - ok
09:26:47.0058 0768  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:26:47.0074 0768  AcpiPmi - ok
09:26:48.0369 0768  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:26:48.0369 0768  AdobeFlashPlayerUpdateSvc - ok
09:26:48.0462 0768  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:26:48.0478 0768  adp94xx - ok
09:26:48.0509 0768  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:26:48.0509 0768  adpahci - ok
09:26:48.0525 0768  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:26:48.0540 0768  adpu320 - ok
09:26:48.0572 0768  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:26:48.0572 0768  AeLookupSvc - ok
09:26:48.0634 0768  [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent        C:\Windows\system32\FBAgent.exe
09:26:48.0634 0768  AFBAgent - ok
09:26:48.0681 0768  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:26:48.0681 0768  AFD - ok
09:26:48.0728 0768  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:26:48.0728 0768  agp440 - ok
09:26:48.0743 0768  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:26:48.0743 0768  ALG - ok
09:26:48.0774 0768  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:26:48.0790 0768  aliide - ok
09:26:48.0806 0768  [ 46693222FCDB3175AAAED017EAA6FCC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:26:48.0806 0768  AMD External Events Utility - ok
09:26:48.0837 0768  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:26:48.0837 0768  amdide - ok
09:26:48.0868 0768  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:26:48.0868 0768  AmdK8 - ok
09:26:49.0008 0768  [ 99C262242A279976206ECE1D3C74DF27 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:26:49.0149 0768  amdkmdag - ok
09:26:49.0196 0768  [ 20B63276A1920B41E1C56720B395049B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:26:49.0196 0768  amdkmdap - ok
09:26:49.0227 0768  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:26:49.0227 0768  AmdPPM - ok
09:26:49.0274 0768  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:26:49.0274 0768  amdsata - ok
09:26:49.0305 0768  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:26:49.0320 0768  amdsbs - ok
09:26:49.0320 0768  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:26:49.0320 0768  amdxata - ok
09:26:49.0367 0768  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
09:26:49.0367 0768  AmUStor - ok
09:26:49.0445 0768  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:26:49.0445 0768  AntiVirSchedulerService - ok
09:26:49.0476 0768  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:26:49.0476 0768  AntiVirService - ok
09:26:49.0523 0768  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:26:49.0523 0768  AppID - ok
09:26:49.0539 0768  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:26:49.0539 0768  AppIDSvc - ok
09:26:49.0570 0768  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
09:26:49.0570 0768  Appinfo - ok
09:26:49.0586 0768  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:26:49.0586 0768  arc - ok
09:26:49.0617 0768  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:26:49.0617 0768  arcsas - ok
09:26:49.0695 0768  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
09:26:49.0695 0768  ASLDRService - ok
09:26:49.0710 0768  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
09:26:49.0710 0768  ASMMAP64 - ok
09:26:49.0742 0768  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:26:49.0742 0768  AsyncMac - ok
09:26:49.0773 0768  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:26:49.0788 0768  atapi - ok
09:26:49.0835 0768  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
09:26:49.0866 0768  athr - ok
09:26:49.0929 0768  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
09:26:49.0929 0768  AtiHdmiService - ok
09:26:50.0069 0768  [ 99C262242A279976206ECE1D3C74DF27 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:26:50.0100 0768  atikmdag - ok
09:26:50.0132 0768  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
09:26:50.0132 0768  ATKGFNEXSrv - ok
09:26:50.0163 0768  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:26:50.0163 0768  AudioEndpointBuilder - ok
09:26:50.0178 0768  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:26:50.0178 0768  AudioSrv - ok
09:26:50.0225 0768  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
09:26:50.0225 0768  avgntflt - ok
09:26:50.0272 0768  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
09:26:50.0272 0768  avipbb - ok
09:26:50.0288 0768  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
09:26:50.0288 0768  avkmgr - ok
09:26:50.0334 0768  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:26:50.0334 0768  AxInstSV - ok
09:26:50.0381 0768  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:26:50.0381 0768  b06bdrv - ok
09:26:50.0412 0768  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:26:50.0428 0768  b57nd60a - ok
09:26:50.0475 0768  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:26:50.0490 0768  BDESVC - ok
09:26:50.0490 0768  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:26:50.0506 0768  Beep - ok
09:26:50.0522 0768  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:26:50.0522 0768  blbdrive - ok
09:26:50.0553 0768  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:26:50.0553 0768  bowser - ok
09:26:50.0568 0768  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:26:50.0600 0768  BrFiltLo - ok
09:26:50.0678 0768  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:26:50.0678 0768  BrFiltUp - ok
09:26:50.0724 0768  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:26:50.0724 0768  Browser - ok
09:26:50.0740 0768  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:26:50.0756 0768  Brserid - ok
09:26:50.0802 0768  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:26:50.0802 0768  BrSerWdm - ok
09:26:50.0818 0768  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:26:50.0818 0768  BrUsbMdm - ok
09:26:50.0834 0768  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:26:50.0834 0768  BrUsbSer - ok
09:26:50.0849 0768  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:26:50.0849 0768  BTHMODEM - ok
09:26:50.0896 0768  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:26:50.0896 0768  bthserv - ok
09:26:50.0912 0768  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:26:50.0912 0768  cdfs - ok
09:26:50.0943 0768  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:26:50.0958 0768  cdrom - ok
09:26:50.0990 0768  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:26:50.0990 0768  CertPropSvc - ok
09:26:51.0021 0768  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:26:51.0021 0768  circlass - ok
09:26:51.0068 0768  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:26:51.0068 0768  CLFS - ok
09:26:51.0146 0768  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:51.0146 0768  clr_optimization_v2.0.50727_32 - ok
09:26:51.0208 0768  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:26:51.0208 0768  clr_optimization_v2.0.50727_64 - ok
09:26:51.0286 0768  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:26:51.0317 0768  clr_optimization_v4.0.30319_32 - ok
09:26:51.0364 0768  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:26:51.0364 0768  clr_optimization_v4.0.30319_64 - ok
09:26:51.0395 0768  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:26:51.0395 0768  CmBatt - ok
09:26:51.0411 0768  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:26:51.0411 0768  cmdide - ok
09:26:51.0442 0768  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:26:51.0458 0768  CNG - ok
09:26:51.0489 0768  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:26:51.0489 0768  Compbatt - ok
09:26:51.0520 0768  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:26:51.0520 0768  CompositeBus - ok
09:26:51.0536 0768  COMSysApp - ok
09:26:51.0567 0768  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:26:51.0567 0768  crcdisk - ok
09:26:51.0614 0768  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:26:51.0614 0768  CryptSvc - ok
09:26:51.0645 0768  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
09:26:51.0645 0768  CVirtA - ok
09:26:51.0707 0768  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:26:51.0738 0768  CVPND - ok
09:26:51.0785 0768  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
09:26:51.0785 0768  CVPNDRVA - ok
09:26:51.0832 0768  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:26:51.0848 0768  DcomLaunch - ok
09:26:51.0863 0768  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:26:51.0879 0768  defragsvc - ok
09:26:51.0894 0768  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:26:51.0894 0768  DfsC - ok
09:26:51.0941 0768  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:26:51.0957 0768  Dhcp - ok
09:26:51.0988 0768  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:26:52.0004 0768  discache - ok
09:26:52.0035 0768  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:26:52.0035 0768  Disk - ok
09:26:52.0066 0768  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
09:26:52.0066 0768  DNE - ok
09:26:52.0113 0768  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:26:52.0113 0768  Dnscache - ok
09:26:52.0144 0768  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:26:52.0144 0768  dot3svc - ok
09:26:52.0175 0768  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:26:52.0191 0768  DPS - ok
09:26:52.0222 0768  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:26:52.0222 0768  drmkaud - ok
09:26:52.0253 0768  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:26:52.0269 0768  DXGKrnl - ok
09:26:52.0300 0768  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:26:52.0300 0768  EapHost - ok
09:26:52.0394 0768  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:26:52.0503 0768  ebdrv - ok
09:26:52.0534 0768  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:26:52.0534 0768  EFS - ok
09:26:52.0596 0768  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:26:52.0612 0768  ehRecvr - ok
09:26:52.0643 0768  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:26:52.0643 0768  ehSched - ok
09:26:52.0706 0768  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:26:52.0721 0768  elxstor - ok
09:26:52.0737 0768  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:26:52.0737 0768  ErrDev - ok
09:26:52.0768 0768  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
09:26:52.0784 0768  ETD - ok
09:26:52.0815 0768  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:26:52.0830 0768  EventSystem - ok
09:26:52.0846 0768  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:26:52.0862 0768  exfat - ok
09:26:52.0877 0768  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:26:52.0877 0768  fastfat - ok
09:26:52.0924 0768  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:26:52.0940 0768  Fax - ok
09:26:52.0986 0768  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:26:52.0986 0768  fdc - ok
09:26:53.0018 0768  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:26:53.0018 0768  fdPHost - ok
09:26:53.0033 0768  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:26:53.0033 0768  FDResPub - ok
09:26:53.0033 0768  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:26:53.0049 0768  FileInfo - ok
09:26:53.0064 0768  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:26:53.0064 0768  Filetrace - ok
09:26:53.0080 0768  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:26:53.0080 0768  flpydisk - ok
09:26:53.0111 0768  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:26:53.0111 0768  FltMgr - ok
09:26:53.0174 0768  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
09:26:53.0205 0768  FontCache - ok
09:26:53.0267 0768  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:26:53.0267 0768  FontCache3.0.0.0 - ok
09:26:53.0298 0768  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:26:53.0298 0768  FsDepends - ok
09:26:53.0330 0768  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
09:26:53.0345 0768  fssfltr - ok
09:26:53.0423 0768  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:26:53.0454 0768  fsssvc - ok
09:26:53.0470 0768  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:26:53.0470 0768  Fs_Rec - ok
09:26:53.0517 0768  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:26:53.0517 0768  fvevol - ok
09:26:53.0564 0768  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:26:53.0564 0768  gagp30kx - ok
09:26:53.0642 0768  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:26:53.0673 0768  gpsvc - ok
09:26:53.0782 0768  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:26:53.0782 0768  gupdate - ok
09:26:53.0813 0768  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:26:53.0813 0768  gupdatem - ok
09:26:53.0844 0768  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:26:53.0844 0768  gusvc - ok
09:26:53.0876 0768  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:26:53.0876 0768  hcw85cir - ok
09:26:53.0922 0768  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:26:53.0922 0768  HdAudAddService - ok
09:26:53.0954 0768  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:26:53.0954 0768  HDAudBus - ok
09:26:53.0969 0768  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
09:26:53.0969 0768  HECIx64 - ok
09:26:53.0985 0768  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:26:53.0985 0768  HidBatt - ok
09:26:54.0016 0768  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:26:54.0016 0768  HidBth - ok
09:26:54.0032 0768  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:26:54.0032 0768  HidIr - ok
09:26:54.0063 0768  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
09:26:54.0063 0768  hidserv - ok
09:26:54.0110 0768  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:26:54.0110 0768  HidUsb - ok
09:26:54.0141 0768  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:26:54.0156 0768  hkmsvc - ok
09:26:54.0188 0768  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:26:54.0188 0768  HomeGroupListener - ok
09:26:54.0219 0768  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:26:54.0219 0768  HomeGroupProvider - ok
09:26:54.0266 0768  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:26:54.0281 0768  HpSAMD - ok
09:26:54.0328 0768  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:26:54.0344 0768  HTTP - ok
09:26:54.0375 0768  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:26:54.0375 0768  hwpolicy - ok
09:26:54.0422 0768  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:26:54.0422 0768  i8042prt - ok
09:26:54.0453 0768  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:26:54.0468 0768  iaStor - ok
09:26:54.0500 0768  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:26:54.0500 0768  iaStorV - ok
09:26:54.0562 0768  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:26:54.0593 0768  idsvc - ok
09:26:54.0624 0768  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:26:54.0624 0768  iirsp - ok
09:26:54.0687 0768  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:26:54.0718 0768  IKEEXT - ok
09:26:54.0749 0768  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
09:26:54.0749 0768  Impcd - ok
09:26:54.0765 0768  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:26:54.0765 0768  intelide - ok
09:26:54.0796 0768  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:26:54.0796 0768  intelppm - ok
09:26:54.0843 0768  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:26:54.0843 0768  IPBusEnum - ok
09:26:54.0874 0768  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:26:54.0874 0768  IpFilterDriver - ok
09:26:54.0905 0768  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:26:54.0905 0768  IPMIDRV - ok
09:26:54.0936 0768  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:26:54.0952 0768  IPNAT - ok
09:26:54.0968 0768  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:26:54.0968 0768  IRENUM - ok
09:26:54.0983 0768  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:26:54.0983 0768  isapnp - ok
09:26:54.0999 0768  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:26:54.0999 0768  iScsiPrt - ok
09:26:55.0014 0768  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:26:55.0030 0768  kbdclass - ok
09:26:55.0046 0768  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:26:55.0061 0768  kbdhid - ok
09:26:55.0077 0768  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
09:26:55.0092 0768  kbfiltr - ok
09:26:55.0092 0768  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:26:55.0092 0768  KeyIso - ok
09:26:55.0124 0768  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:26:55.0124 0768  KSecDD - ok
09:26:55.0155 0768  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:26:55.0155 0768  KSecPkg - ok
09:26:55.0186 0768  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:26:55.0186 0768  ksthunk - ok
09:26:55.0217 0768  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:26:55.0233 0768  KtmRm - ok
09:26:55.0264 0768  [ 9C46A5421DE9D116C47155317CABB522 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
09:26:55.0280 0768  L1C - ok
09:26:55.0295 0768  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:26:55.0311 0768  LanmanServer - ok
09:26:55.0342 0768  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:26:55.0342 0768  LanmanWorkstation - ok
09:26:55.0373 0768  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:26:55.0373 0768  lltdio - ok
09:26:55.0404 0768  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:26:55.0420 0768  lltdsvc - ok
09:26:55.0436 0768  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:26:55.0436 0768  lmhosts - ok
09:26:55.0482 0768  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:26:55.0482 0768  LMS - ok
09:26:55.0514 0768  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:26:55.0529 0768  LSI_FC - ok
09:26:55.0560 0768  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:26:55.0560 0768  LSI_SAS - ok
09:26:55.0592 0768  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:26:55.0592 0768  LSI_SAS2 - ok
09:26:55.0623 0768  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:26:55.0623 0768  LSI_SCSI - ok
09:26:55.0716 0768  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:26:55.0716 0768  luafv - ok
09:26:55.0763 0768  [ 035C83CD72E06C47000793D32B1A642D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
09:26:55.0763 0768  massfilter - ok
09:26:55.0826 0768  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:26:55.0826 0768  MBAMProtector - ok
09:26:55.0888 0768  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:26:55.0888 0768  MBAMScheduler - ok
09:26:55.0950 0768  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:26:55.0950 0768  MBAMService - ok
09:26:55.0982 0768  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:26:55.0997 0768  Mcx2Svc - ok
09:26:56.0028 0768  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:26:56.0028 0768  megasas - ok
09:26:56.0044 0768  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:26:56.0060 0768  MegaSR - ok
09:26:56.0075 0768  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:26:56.0075 0768  MMCSS - ok
09:26:56.0091 0768  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:26:56.0091 0768  Modem - ok
09:26:56.0106 0768  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:26:56.0106 0768  monitor - ok
09:26:56.0138 0768  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:26:56.0138 0768  mouclass - ok
09:26:56.0169 0768  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:26:56.0184 0768  mouhid - ok
09:26:56.0216 0768  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:26:56.0216 0768  mountmgr - ok
09:26:56.0294 0768  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:26:56.0294 0768  MozillaMaintenance - ok
09:26:56.0325 0768  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:26:56.0325 0768  mpio - ok
09:26:56.0340 0768  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:26:56.0356 0768  mpsdrv - ok
09:26:56.0387 0768  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:26:56.0387 0768  MRxDAV - ok
09:26:56.0418 0768  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:26:56.0418 0768  mrxsmb - ok
09:26:56.0450 0768  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:26:56.0465 0768  mrxsmb10 - ok
09:26:56.0481 0768  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:26:56.0481 0768  mrxsmb20 - ok
09:26:56.0512 0768  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:26:56.0512 0768  msahci - ok
09:26:56.0543 0768  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:26:56.0543 0768  msdsm - ok
09:26:56.0559 0768  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:26:56.0559 0768  MSDTC - ok
09:26:56.0590 0768  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:26:56.0590 0768  Msfs - ok
09:26:56.0606 0768  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:26:56.0606 0768  mshidkmdf - ok
09:26:56.0621 0768  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:26:56.0621 0768  msisadrv - ok
09:26:56.0652 0768  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:26:56.0652 0768  MSiSCSI - ok
09:26:56.0668 0768  msiserver - ok
09:26:56.0684 0768  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:26:56.0699 0768  MSKSSRV - ok
09:26:56.0715 0768  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:26:56.0715 0768  MSPCLOCK - ok
09:26:56.0730 0768  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:26:56.0730 0768  MSPQM - ok
09:26:56.0762 0768  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:26:56.0762 0768  MsRPC - ok
09:26:56.0793 0768  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:26:56.0793 0768  mssmbios - ok
09:26:56.0808 0768  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:26:56.0808 0768  MSTEE - ok
09:26:56.0808 0768  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:26:56.0824 0768  MTConfig - ok
09:26:56.0855 0768  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
09:26:56.0855 0768  MTsensor - ok
09:26:56.0886 0768  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:26:56.0886 0768  Mup - ok
09:26:56.0918 0768  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:26:56.0933 0768  napagent - ok
09:26:56.0980 0768  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:26:56.0980 0768  NativeWifiP - ok
09:26:57.0058 0768  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:26:57.0074 0768  NDIS - ok
09:26:57.0120 0768  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:26:57.0120 0768  NdisCap - ok
09:26:57.0136 0768  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:26:57.0136 0768  NdisTapi - ok
09:26:57.0167 0768  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:26:57.0167 0768  Ndisuio - ok
09:26:57.0183 0768  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:26:57.0198 0768  NdisWan - ok
09:26:57.0230 0768  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:26:57.0230 0768  NDProxy - ok
09:26:57.0261 0768  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:26:57.0276 0768  NetBIOS - ok
09:26:57.0292 0768  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:26:57.0308 0768  NetBT - ok
09:26:57.0323 0768  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:26:57.0323 0768  Netlogon - ok
09:26:57.0354 0768  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:26:57.0354 0768  Netman - ok
09:26:57.0370 0768  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:26:57.0386 0768  netprofm - ok
09:26:57.0417 0768  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:26:57.0417 0768  NetTcpPortSharing - ok
09:26:57.0432 0768  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:26:57.0448 0768  nfrd960 - ok
09:26:57.0479 0768  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:26:57.0479 0768  NlaSvc - ok
09:26:57.0510 0768  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:26:57.0510 0768  Npfs - ok
09:26:57.0542 0768  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:26:57.0542 0768  nsi - ok
09:26:57.0573 0768  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:26:57.0573 0768  nsiproxy - ok
09:26:57.0698 0768  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:26:57.0760 0768  Ntfs - ok
09:26:57.0791 0768  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:26:57.0791 0768  Null - ok
09:26:57.0822 0768  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:26:57.0822 0768  nvraid - ok
09:26:57.0854 0768  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:26:57.0854 0768  nvstor - ok
09:26:57.0885 0768  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:26:57.0885 0768  nv_agp - ok
09:26:57.0994 0768  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:26:57.0994 0768  odserv - ok
09:26:58.0025 0768  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:26:58.0041 0768  ohci1394 - ok
09:26:58.0088 0768  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:26:58.0088 0768  ose - ok
09:26:58.0119 0768  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:26:58.0134 0768  p2pimsvc - ok
09:26:58.0150 0768  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:26:58.0150 0768  p2psvc - ok
09:26:58.0181 0768  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:26:58.0181 0768  Parport - ok
09:26:58.0212 0768  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:26:58.0212 0768  partmgr - ok
09:26:58.0228 0768  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:26:58.0244 0768  PcaSvc - ok
09:26:58.0259 0768  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:26:58.0259 0768  pci - ok
09:26:58.0275 0768  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:26:58.0275 0768  pciide - ok
09:26:58.0306 0768  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:26:58.0306 0768  pcmcia - ok
09:26:58.0322 0768  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:26:58.0322 0768  pcw - ok
09:26:58.0337 0768  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:26:58.0353 0768  PEAUTH - ok
09:26:58.0431 0768  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:26:58.0431 0768  PerfHost - ok
09:26:58.0493 0768  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:26:58.0540 0768  pla - ok
09:26:58.0587 0768  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:26:58.0602 0768  PlugPlay - ok
09:26:58.0602 0768  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:26:58.0618 0768  PNRPAutoReg - ok
09:26:58.0634 0768  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:26:58.0634 0768  PNRPsvc - ok
09:26:58.0665 0768  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:26:58.0665 0768  PolicyAgent - ok
09:26:58.0712 0768  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:26:58.0712 0768  Power - ok
09:26:58.0743 0768  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:26:58.0743 0768  PptpMiniport - ok
09:26:58.0774 0768  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:26:58.0774 0768  Processor - ok
09:26:58.0821 0768  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:26:58.0821 0768  ProfSvc - ok
09:26:58.0836 0768  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:26:58.0836 0768  ProtectedStorage - ok
09:26:58.0868 0768  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:26:58.0868 0768  Psched - ok
09:26:58.0930 0768  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:26:58.0977 0768  ql2300 - ok
09:26:58.0992 0768  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:26:59.0008 0768  ql40xx - ok
09:26:59.0024 0768  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:26:59.0024 0768  QWAVE - ok
09:26:59.0055 0768  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:26:59.0055 0768  QWAVEdrv - ok
09:26:59.0070 0768  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:26:59.0070 0768  RasAcd - ok
09:26:59.0102 0768  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:26:59.0102 0768  RasAgileVpn - ok
09:26:59.0133 0768  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:26:59.0148 0768  RasAuto - ok
09:26:59.0164 0768  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:26:59.0180 0768  Rasl2tp - ok
09:26:59.0211 0768  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:26:59.0226 0768  RasMan - ok
09:26:59.0242 0768  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:26:59.0258 0768  RasPppoe - ok
09:26:59.0273 0768  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:26:59.0289 0768  RasSstp - ok
09:26:59.0304 0768  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:26:59.0320 0768  rdbss - ok
09:26:59.0336 0768  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:26:59.0336 0768  rdpbus - ok
09:26:59.0351 0768  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:26:59.0351 0768  RDPCDD - ok
09:26:59.0367 0768  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:26:59.0367 0768  RDPENCDD - ok
09:26:59.0382 0768  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:26:59.0398 0768  RDPREFMP - ok
09:26:59.0414 0768  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:26:59.0429 0768  RDPWD - ok
09:26:59.0460 0768  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:26:59.0476 0768  rdyboost - ok
09:26:59.0523 0768  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:26:59.0523 0768  RemoteAccess - ok
09:26:59.0570 0768  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:26:59.0585 0768  RemoteRegistry - ok
09:26:59.0601 0768  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:26:59.0601 0768  RpcEptMapper - ok
09:26:59.0648 0768  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:26:59.0648 0768  RpcLocator - ok
09:26:59.0741 0768  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:26:59.0741 0768  RpcSs - ok
09:26:59.0772 0768  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:26:59.0788 0768  rspndr - ok
09:26:59.0788 0768  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:26:59.0788 0768  SamSs - ok
09:26:59.0835 0768  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:26:59.0835 0768  sbp2port - ok
09:26:59.0866 0768  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:26:59.0866 0768  SCardSvr - ok
09:26:59.0897 0768  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:26:59.0897 0768  scfilter - ok
09:26:59.0944 0768  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
09:26:59.0975 0768  Schedule - ok
09:27:00.0022 0768  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:27:00.0022 0768  SCPolicySvc - ok
09:27:00.0053 0768  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:27:00.0053 0768  SDRSVC - ok
09:27:00.0100 0768  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:27:00.0100 0768  secdrv - ok
09:27:00.0100 0768  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:27:00.0116 0768  seclogon - ok
09:27:00.0147 0768  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
09:27:00.0147 0768  SENS - ok
09:27:00.0162 0768  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:27:00.0162 0768  SensrSvc - ok
09:27:00.0178 0768  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:27:00.0178 0768  Serenum - ok
09:27:00.0225 0768  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:27:00.0225 0768  Serial - ok
09:27:00.0256 0768  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:27:00.0256 0768  sermouse - ok
09:27:00.0287 0768  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:27:00.0287 0768  SessionEnv - ok
09:27:00.0318 0768  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:27:00.0334 0768  sffdisk - ok
09:27:00.0350 0768  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:27:00.0350 0768  sffp_mmc - ok
09:27:00.0365 0768  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:27:00.0365 0768  sffp_sd - ok
09:27:00.0396 0768  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:27:00.0396 0768  sfloppy - ok
09:27:00.0428 0768  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:27:00.0428 0768  ShellHWDetection - ok
09:27:00.0474 0768  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
09:27:00.0474 0768  SiSGbeLH - ok
09:27:00.0506 0768  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:27:00.0506 0768  SiSRaid2 - ok
09:27:00.0521 0768  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:27:00.0521 0768  SiSRaid4 - ok
09:27:00.0584 0768  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:27:00.0584 0768  SkypeUpdate - ok
09:27:00.0615 0768  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:27:00.0615 0768  Smb - ok
09:27:00.0646 0768  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:27:00.0646 0768  SNMPTRAP - ok
09:27:00.0724 0768  [ F06A6DE8438F7446BFF9E61F31356521 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
09:27:00.0786 0768  SNP2UVC - ok
09:27:00.0818 0768  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:27:00.0818 0768  spldr - ok
09:27:00.0849 0768  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:27:00.0849 0768  Spooler - ok
09:27:00.0958 0768  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:27:01.0052 0768  sppsvc - ok
09:27:01.0083 0768  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:27:01.0083 0768  sppuinotify - ok
09:27:01.0114 0768  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:27:01.0130 0768  srv - ok
09:27:01.0145 0768  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:27:01.0145 0768  srv2 - ok
09:27:01.0161 0768  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:27:01.0161 0768  srvnet - ok
09:27:01.0176 0768  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:27:01.0192 0768  SSDPSRV - ok
09:27:01.0192 0768  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:27:01.0208 0768  SstpSvc - ok
09:27:01.0301 0768  [ 94A6522AC9F3E05FD039AD105ADE96D0 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
09:27:01.0301 0768  STacSV - ok
09:27:01.0332 0768  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:27:01.0332 0768  stexstor - ok
09:27:01.0379 0768  [ DDB811B13D827081E7C1DDFF302AB334 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
09:27:01.0395 0768  STHDA - ok
09:27:01.0426 0768  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
09:27:01.0426 0768  StillCam - ok
09:27:01.0473 0768  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:27:01.0488 0768  stisvc - ok
09:27:01.0520 0768  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:27:01.0520 0768  swenum - ok
09:27:01.0613 0768  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:27:01.0613 0768  swprv - ok
09:27:01.0722 0768  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:27:01.0769 0768  SysMain - ok
09:27:01.0800 0768  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:27:01.0800 0768  TabletInputService - ok
09:27:01.0816 0768  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:27:01.0832 0768  TapiSrv - ok
09:27:01.0847 0768  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:27:01.0847 0768  TBS - ok
09:27:01.0910 0768  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:27:01.0956 0768  Tcpip - ok
09:27:02.0019 0768  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:27:02.0034 0768  TCPIP6 - ok
09:27:02.0066 0768  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:27:02.0066 0768  tcpipreg - ok
09:27:02.0081 0768  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:27:02.0097 0768  TDPIPE - ok
09:27:02.0112 0768  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:27:02.0112 0768  TDTCP - ok
09:27:02.0128 0768  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:27:02.0128 0768  tdx - ok
09:27:02.0144 0768  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:27:02.0144 0768  TermDD - ok
09:27:02.0175 0768  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:27:02.0206 0768  TermService - ok
09:27:02.0237 0768  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:27:02.0237 0768  Themes - ok
09:27:02.0253 0768  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:27:02.0268 0768  THREADORDER - ok
09:27:02.0300 0768  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:27:02.0300 0768  TrkWks - ok
09:27:02.0346 0768  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:27:02.0346 0768  TrustedInstaller - ok
09:27:02.0378 0768  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:27:02.0378 0768  tssecsrv - ok
09:27:02.0424 0768  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:27:02.0424 0768  TsUsbFlt - ok
09:27:02.0456 0768  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:27:02.0456 0768  tunnel - ok
09:27:02.0502 0768  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
09:27:02.0502 0768  TurboB - ok
09:27:02.0549 0768  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:27:02.0549 0768  TurboBoost - ok
09:27:02.0580 0768  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:27:02.0580 0768  uagp35 - ok
09:27:02.0627 0768  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:27:02.0627 0768  udfs - ok
09:27:02.0705 0768  [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
09:27:02.0721 0768  UI Assistant Service - ok
09:27:02.0736 0768  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:27:02.0752 0768  UI0Detect - ok
09:27:02.0768 0768  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:27:02.0783 0768  uliagpkx - ok
09:27:02.0799 0768  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
09:27:02.0799 0768  umbus - ok
09:27:02.0830 0768  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:27:02.0846 0768  UmPass - ok
09:27:02.0939 0768  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:27:03.0002 0768  UNS - ok
09:27:03.0033 0768  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:27:03.0048 0768  upnphost - ok
09:27:03.0080 0768  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:27:03.0080 0768  usbccgp - ok
09:27:03.0095 0768  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:27:03.0095 0768  usbcir - ok
09:27:03.0126 0768  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:27:03.0126 0768  usbehci - ok
09:27:03.0142 0768  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:27:03.0158 0768  usbhub - ok
09:27:03.0173 0768  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:27:03.0173 0768  usbohci - ok
09:27:03.0204 0768  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:27:03.0220 0768  usbprint - ok
09:27:03.0251 0768  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:27:03.0251 0768  usbscan - ok
09:27:03.0267 0768  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:27:03.0267 0768  USBSTOR - ok
09:27:03.0298 0768  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:27:03.0298 0768  usbuhci - ok
09:27:03.0345 0768  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:27:03.0345 0768  usbvideo - ok
09:27:03.0376 0768  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:27:03.0376 0768  UxSms - ok
09:27:03.0392 0768  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:27:03.0392 0768  VaultSvc - ok
09:27:03.0423 0768  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:27:03.0423 0768  vdrvroot - ok
09:27:03.0454 0768  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:27:03.0470 0768  vds - ok
09:27:03.0501 0768  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:27:03.0501 0768  vga - ok
09:27:03.0516 0768  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:27:03.0516 0768  VgaSave - ok
09:27:03.0548 0768  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:27:03.0548 0768  vhdmp - ok
09:27:03.0579 0768  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:27:03.0594 0768  viaide - ok
09:27:03.0610 0768  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:27:03.0610 0768  volmgr - ok
09:27:03.0704 0768  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:27:03.0704 0768  volmgrx - ok
09:27:03.0735 0768  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:27:03.0735 0768  volsnap - ok
09:27:03.0782 0768  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:27:03.0782 0768  vsmraid - ok
09:27:03.0844 0768  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:27:03.0891 0768  VSS - ok
09:27:03.0906 0768  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:27:03.0906 0768  vwifibus - ok
09:27:03.0922 0768  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:27:03.0922 0768  vwififlt - ok
09:27:03.0953 0768  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:27:03.0953 0768  vwifimp - ok
09:27:04.0000 0768  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:27:04.0016 0768  W32Time - ok
09:27:04.0031 0768  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:27:04.0031 0768  WacomPen - ok
09:27:04.0078 0768  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:27:04.0078 0768  WANARP - ok
09:27:04.0094 0768  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:27:04.0094 0768  Wanarpv6 - ok
09:27:04.0218 0768  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:27:04.0250 0768  WatAdminSvc - ok
09:27:04.0312 0768  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:27:04.0359 0768  wbengine - ok
09:27:04.0374 0768  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:27:04.0390 0768  WbioSrvc - ok
09:27:04.0421 0768  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:27:04.0437 0768  wcncsvc - ok
09:27:04.0452 0768  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:27:04.0452 0768  WcsPlugInService - ok
09:27:04.0468 0768  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:27:04.0468 0768  Wd - ok
09:27:04.0499 0768  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:27:04.0530 0768  Wdf01000 - ok
09:27:04.0546 0768  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:27:04.0546 0768  WdiServiceHost - ok
09:27:04.0562 0768  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:27:04.0562 0768  WdiSystemHost - ok
09:27:04.0593 0768  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:27:04.0593 0768  WebClient - ok
09:27:04.0608 0768  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:27:04.0608 0768  Wecsvc - ok
09:27:04.0624 0768  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:27:04.0640 0768  wercplsupport - ok
09:27:04.0655 0768  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:27:04.0655 0768  WerSvc - ok
09:27:04.0686 0768  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:27:04.0686 0768  WfpLwf - ok
09:27:04.0718 0768  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
09:27:04.0733 0768  WimFltr - ok
09:27:04.0749 0768  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:27:04.0749 0768  WIMMount - ok
09:27:04.0749 0768  WinHttpAutoProxySvc - ok
09:27:04.0811 0768  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:27:04.0827 0768  Winmgmt - ok
09:27:04.0889 0768  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:27:04.0952 0768  WinRM - ok
09:27:05.0014 0768  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:27:05.0014 0768  WinUsb - ok
09:27:05.0061 0768  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:27:05.0092 0768  Wlansvc - ok
09:27:05.0108 0768  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:27:05.0108 0768  WmiAcpi - ok
09:27:05.0123 0768  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:27:05.0139 0768  wmiApSrv - ok
09:27:05.0154 0768  WMPNetworkSvc - ok
09:27:05.0186 0768  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:27:05.0186 0768  WPCSvc - ok
09:27:05.0217 0768  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:27:05.0217 0768  WPDBusEnum - ok
09:27:05.0248 0768  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:27:05.0248 0768  ws2ifsl - ok
09:27:05.0248 0768  WSearch - ok
09:27:05.0279 0768  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:27:05.0279 0768  WudfPf - ok
09:27:05.0310 0768  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:27:05.0326 0768  WUDFRd - ok
09:27:05.0342 0768  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:27:05.0357 0768  wudfsvc - ok
09:27:05.0388 0768  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:27:05.0388 0768  WwanSvc - ok
09:27:05.0435 0768  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:27:05.0435 0768  ZTEusbmdm6k - ok
09:27:05.0466 0768  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:27:05.0466 0768  ZTEusbnmea - ok
09:27:05.0498 0768  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:27:05.0498 0768  ZTEusbser6k - ok
09:27:05.0576 0768  [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
09:27:05.0576 0768  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
09:27:05.0622 0768  ================ Scan global ===============================
09:27:05.0654 0768  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:27:05.0732 0768  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:27:05.0747 0768  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:27:05.0763 0768  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:27:05.0810 0768  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
09:27:05.0810 0768  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
09:27:05.0810 0768  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
09:27:05.0810 0768  ================ Scan MBR ==================================
09:27:05.0825 0768  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:27:06.0106 0768  \Device\Harddisk0\DR0 - ok
09:27:06.0106 0768  ================ Scan VBR ==================================
09:27:06.0122 0768  [ 2CE15AE69BD2EA14D1E16594C9F40589 ] \Device\Harddisk0\DR0\Partition1
09:27:06.0122 0768  \Device\Harddisk0\DR0\Partition1 - ok
09:27:06.0137 0768  [ 5BA4E991FFDBB372F353561123237AA1 ] \Device\Harddisk0\DR0\Partition2
09:27:06.0153 0768  \Device\Harddisk0\DR0\Partition2 - ok
09:27:06.0153 0768  ============================================================
09:27:06.0153 0768  Scan finished
09:27:06.0153 0768  ============================================================
09:27:06.0168 2976  Detected object count: 1
09:27:06.0168 2976  Actual detected object count: 1
09:27:11.0160 2976  C:\Windows\system32\services.exe - copied to quarantine
09:27:12.0908 2976  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
09:27:12.0923 2976  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
09:27:13.0017 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\@ - copied to quarantine
09:27:13.0032 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\00000004.@ - copied to quarantine
09:27:13.0032 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\201d3dde - copied to quarantine
09:27:13.0032 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000004.@ - copied to quarantine
09:27:13.0032 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000008.@ - copied to quarantine
09:27:13.0048 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\000000cb.@ - copied to quarantine
09:27:13.0048 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000000.@ - copied to quarantine
09:27:13.0048 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000032.@ - copied to quarantine
09:27:13.0064 2976  C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000064.@ - copied to quarantine
09:27:13.0376 2976  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Quarantine 
09:27:17.0634 4140  Deinitialize success
         

Alt 24.10.2012, 08:34   #7
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Hier die neue logfile nach dem 2.Scan:

Code:
ATTFilter
09:31:54.0550 2336  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:31:54.0768 2336  ============================================================
09:31:54.0768 2336  Current date / time: 2012/10/24 09:31:54.0768
09:31:54.0768 2336  SystemInfo:
09:31:54.0768 2336  
09:31:54.0768 2336  OS Version: 6.1.7601 ServicePack: 1.0
09:31:54.0768 2336  Product type: Workstation
09:31:54.0768 2336  ComputerName: TICKERT
09:31:54.0768 2336  UserName: Andreas Tickert
09:31:54.0768 2336  Windows directory: C:\Windows
09:31:54.0768 2336  System windows directory: C:\Windows
09:31:54.0768 2336  Running under WOW64
09:31:54.0768 2336  Processor architecture: Intel x64
09:31:54.0768 2336  Number of processors: 4
09:31:54.0768 2336  Page size: 0x1000
09:31:54.0768 2336  Boot type: Normal boot
09:31:54.0768 2336  ============================================================
09:31:57.0404 2336  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:31:57.0420 2336  ============================================================
09:31:57.0420 2336  \Device\Harddisk0\DR0:
09:31:57.0420 2336  MBR partitions:
09:31:57.0420 2336  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
09:31:57.0436 2336  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
09:31:57.0436 2336  ============================================================
09:31:57.0482 2336  C: <-> \Device\Harddisk0\DR0\Partition1
09:31:57.0514 2336  D: <-> \Device\Harddisk0\DR0\Partition2
09:31:57.0514 2336  ============================================================
09:31:57.0514 2336  Initialize success
09:31:57.0514 2336  ============================================================
09:32:03.0052 2932  ============================================================
09:32:03.0052 2932  Scan started
09:32:03.0052 2932  Mode: Manual; 
09:32:03.0052 2932  ============================================================
09:32:04.0190 2932  ================ Scan system memory ========================
09:32:04.0190 2932  System memory - ok
09:32:04.0190 2932  ================ Scan services =============================
09:32:04.0378 2932  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:32:04.0378 2932  1394ohci - ok
09:32:04.0409 2932  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:32:04.0424 2932  ACPI - ok
09:32:04.0440 2932  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:32:04.0440 2932  AcpiPmi - ok
09:32:04.0580 2932  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:32:04.0580 2932  AdobeFlashPlayerUpdateSvc - ok
09:32:04.0627 2932  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:32:04.0643 2932  adp94xx - ok
09:32:04.0674 2932  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:32:04.0674 2932  adpahci - ok
09:32:04.0705 2932  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:32:04.0705 2932  adpu320 - ok
09:32:04.0736 2932  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:32:04.0736 2932  AeLookupSvc - ok
09:32:04.0799 2932  [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent        C:\Windows\system32\FBAgent.exe
09:32:04.0814 2932  AFBAgent - ok
09:32:04.0939 2932  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:32:04.0955 2932  AFD - ok
09:32:05.0002 2932  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:32:05.0002 2932  agp440 - ok
09:32:05.0033 2932  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:32:05.0033 2932  ALG - ok
09:32:05.0080 2932  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:32:05.0080 2932  aliide - ok
09:32:05.0111 2932  [ 46693222FCDB3175AAAED017EAA6FCC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:32:05.0111 2932  AMD External Events Utility - ok
09:32:05.0126 2932  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:32:05.0126 2932  amdide - ok
09:32:05.0158 2932  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:32:05.0158 2932  AmdK8 - ok
09:32:05.0345 2932  [ 99C262242A279976206ECE1D3C74DF27 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:32:05.0470 2932  amdkmdag - ok
09:32:05.0516 2932  [ 20B63276A1920B41E1C56720B395049B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:32:05.0516 2932  amdkmdap - ok
09:32:05.0532 2932  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:32:05.0548 2932  AmdPPM - ok
09:32:05.0563 2932  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:32:05.0563 2932  amdsata - ok
09:32:05.0610 2932  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:32:05.0610 2932  amdsbs - ok
09:32:05.0641 2932  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:32:05.0641 2932  amdxata - ok
09:32:05.0672 2932  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
09:32:05.0688 2932  AmUStor - ok
09:32:05.0750 2932  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:32:05.0750 2932  AntiVirSchedulerService - ok
09:32:05.0813 2932  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:32:05.0813 2932  AntiVirService - ok
09:32:05.0875 2932  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:32:05.0891 2932  AppID - ok
09:32:06.0031 2932  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:32:06.0031 2932  AppIDSvc - ok
09:32:06.0094 2932  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
09:32:06.0094 2932  Appinfo - ok
09:32:06.0125 2932  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:32:06.0125 2932  arc - ok
09:32:06.0125 2932  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:32:06.0140 2932  arcsas - ok
09:32:06.0203 2932  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
09:32:06.0203 2932  ASLDRService - ok
09:32:06.0218 2932  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
09:32:06.0218 2932  ASMMAP64 - ok
09:32:06.0250 2932  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:32:06.0265 2932  AsyncMac - ok
09:32:06.0296 2932  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:32:06.0296 2932  atapi - ok
09:32:06.0359 2932  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
09:32:06.0406 2932  athr - ok
09:32:06.0468 2932  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
09:32:06.0468 2932  AtiHdmiService - ok
09:32:06.0702 2932  [ 99C262242A279976206ECE1D3C74DF27 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:32:06.0733 2932  atikmdag - ok
09:32:06.0764 2932  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
09:32:06.0764 2932  ATKGFNEXSrv - ok
09:32:06.0889 2932  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:32:06.0905 2932  AudioEndpointBuilder - ok
09:32:06.0936 2932  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:32:06.0936 2932  AudioSrv - ok
09:32:07.0092 2932  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
09:32:07.0092 2932  avgntflt - ok
09:32:07.0186 2932  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
09:32:07.0186 2932  avipbb - ok
09:32:07.0248 2932  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
09:32:07.0248 2932  avkmgr - ok
09:32:07.0388 2932  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:32:07.0388 2932  AxInstSV - ok
09:32:07.0466 2932  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:32:07.0482 2932  b06bdrv - ok
09:32:07.0544 2932  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:32:07.0544 2932  b57nd60a - ok
09:32:07.0576 2932  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:32:07.0576 2932  BDESVC - ok
09:32:07.0591 2932  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:32:07.0591 2932  Beep - ok
09:32:07.0622 2932  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:32:07.0622 2932  blbdrive - ok
09:32:07.0654 2932  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:32:07.0654 2932  bowser - ok
09:32:07.0669 2932  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:32:07.0669 2932  BrFiltLo - ok
09:32:07.0685 2932  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:32:07.0685 2932  BrFiltUp - ok
09:32:07.0716 2932  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:32:07.0732 2932  Browser - ok
09:32:07.0747 2932  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:32:07.0747 2932  Brserid - ok
09:32:07.0763 2932  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:32:07.0778 2932  BrSerWdm - ok
09:32:07.0794 2932  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:32:07.0794 2932  BrUsbMdm - ok
09:32:07.0810 2932  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:32:07.0810 2932  BrUsbSer - ok
09:32:07.0825 2932  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:32:07.0825 2932  BTHMODEM - ok
09:32:07.0872 2932  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:32:07.0872 2932  bthserv - ok
09:32:07.0888 2932  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:32:07.0888 2932  cdfs - ok
09:32:07.0934 2932  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:32:07.0934 2932  cdrom - ok
09:32:07.0981 2932  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:32:07.0981 2932  CertPropSvc - ok
09:32:08.0012 2932  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:32:08.0012 2932  circlass - ok
09:32:08.0044 2932  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:32:08.0059 2932  CLFS - ok
09:32:08.0137 2932  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:32:08.0137 2932  clr_optimization_v2.0.50727_32 - ok
09:32:08.0184 2932  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:32:08.0184 2932  clr_optimization_v2.0.50727_64 - ok
09:32:08.0293 2932  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:32:08.0309 2932  clr_optimization_v4.0.30319_32 - ok
09:32:08.0387 2932  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:32:08.0402 2932  clr_optimization_v4.0.30319_64 - ok
09:32:08.0418 2932  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:32:08.0418 2932  CmBatt - ok
09:32:08.0465 2932  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:32:08.0465 2932  cmdide - ok
09:32:08.0543 2932  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:32:08.0574 2932  CNG - ok
09:32:08.0605 2932  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:32:08.0605 2932  Compbatt - ok
09:32:08.0636 2932  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:32:08.0636 2932  CompositeBus - ok
09:32:08.0652 2932  COMSysApp - ok
09:32:08.0668 2932  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:32:08.0683 2932  crcdisk - ok
09:32:08.0948 2932  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:32:08.0948 2932  CryptSvc - ok
09:32:08.0980 2932  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
09:32:08.0995 2932  CVirtA - ok
09:32:09.0058 2932  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:32:09.0089 2932  CVPND - ok
09:32:09.0136 2932  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
09:32:09.0136 2932  CVPNDRVA - ok
09:32:09.0182 2932  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:32:09.0182 2932  DcomLaunch - ok
09:32:09.0214 2932  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:32:09.0214 2932  defragsvc - ok
09:32:09.0245 2932  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:32:09.0245 2932  DfsC - ok
09:32:09.0292 2932  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:32:09.0292 2932  Dhcp - ok
09:32:09.0323 2932  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:32:09.0323 2932  discache - ok
09:32:09.0354 2932  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:32:09.0370 2932  Disk - ok
09:32:09.0401 2932  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
09:32:09.0401 2932  DNE - ok
09:32:09.0432 2932  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:32:09.0448 2932  Dnscache - ok
09:32:09.0479 2932  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:32:09.0479 2932  dot3svc - ok
09:32:09.0510 2932  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:32:09.0510 2932  DPS - ok
09:32:09.0557 2932  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:32:09.0557 2932  drmkaud - ok
09:32:09.0588 2932  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:32:09.0604 2932  DXGKrnl - ok
09:32:09.0635 2932  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:32:09.0635 2932  EapHost - ok
09:32:09.0728 2932  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:32:09.0822 2932  ebdrv - ok
09:32:09.0838 2932  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:32:09.0838 2932  EFS - ok
09:32:09.0916 2932  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:32:09.0931 2932  ehRecvr - ok
09:32:09.0962 2932  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:32:09.0978 2932  ehSched - ok
09:32:10.0072 2932  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:32:10.0103 2932  elxstor - ok
09:32:10.0134 2932  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:32:10.0134 2932  ErrDev - ok
09:32:10.0165 2932  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
09:32:10.0181 2932  ETD - ok
09:32:10.0337 2932  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:32:10.0368 2932  EventSystem - ok
09:32:10.0477 2932  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:32:10.0508 2932  exfat - ok
09:32:10.0633 2932  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:32:10.0633 2932  fastfat - ok
09:32:10.0696 2932  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:32:10.0711 2932  Fax - ok
09:32:10.0758 2932  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:32:10.0758 2932  fdc - ok
09:32:10.0789 2932  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:32:10.0789 2932  fdPHost - ok
09:32:10.0805 2932  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:32:10.0805 2932  FDResPub - ok
09:32:10.0805 2932  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:32:10.0820 2932  FileInfo - ok
09:32:10.0836 2932  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:32:10.0836 2932  Filetrace - ok
09:32:10.0836 2932  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:32:10.0852 2932  flpydisk - ok
09:32:10.0867 2932  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:32:10.0883 2932  FltMgr - ok
09:32:10.0930 2932  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
09:32:10.0961 2932  FontCache - ok
09:32:11.0008 2932  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:32:11.0008 2932  FontCache3.0.0.0 - ok
09:32:11.0039 2932  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:32:11.0039 2932  FsDepends - ok
09:32:11.0070 2932  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
09:32:11.0070 2932  fssfltr - ok
09:32:11.0164 2932  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:32:11.0179 2932  fsssvc - ok
09:32:11.0210 2932  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:32:11.0210 2932  Fs_Rec - ok
09:32:11.0257 2932  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:32:11.0257 2932  fvevol - ok
09:32:11.0288 2932  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:32:11.0304 2932  gagp30kx - ok
09:32:11.0335 2932  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:32:11.0366 2932  gpsvc - ok
09:32:11.0444 2932  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:32:11.0444 2932  gupdate - ok
09:32:11.0491 2932  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:32:11.0491 2932  gupdatem - ok
09:32:11.0538 2932  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:32:11.0538 2932  gusvc - ok
09:32:11.0554 2932  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:32:11.0569 2932  hcw85cir - ok
09:32:11.0600 2932  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:32:11.0600 2932  HdAudAddService - ok
09:32:11.0632 2932  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:32:11.0632 2932  HDAudBus - ok
09:32:11.0647 2932  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
09:32:11.0647 2932  HECIx64 - ok
09:32:11.0663 2932  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:32:11.0663 2932  HidBatt - ok
09:32:11.0678 2932  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:32:11.0678 2932  HidBth - ok
09:32:11.0694 2932  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:32:11.0694 2932  HidIr - ok
09:32:11.0725 2932  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
09:32:11.0725 2932  hidserv - ok
09:32:11.0741 2932  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:32:11.0741 2932  HidUsb - ok
09:32:11.0772 2932  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:32:11.0772 2932  hkmsvc - ok
09:32:11.0819 2932  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:32:11.0819 2932  HomeGroupListener - ok
09:32:11.0850 2932  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:32:11.0850 2932  HomeGroupProvider - ok
09:32:11.0897 2932  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:32:11.0897 2932  HpSAMD - ok
09:32:11.0944 2932  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:32:11.0959 2932  HTTP - ok
09:32:11.0990 2932  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:32:11.0990 2932  hwpolicy - ok
09:32:12.0006 2932  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:32:12.0006 2932  i8042prt - ok
09:32:12.0053 2932  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:32:12.0053 2932  iaStor - ok
09:32:12.0084 2932  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:32:12.0084 2932  iaStorV - ok
09:32:12.0146 2932  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:32:12.0178 2932  idsvc - ok
09:32:12.0209 2932  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:32:12.0209 2932  iirsp - ok
09:32:12.0271 2932  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:32:12.0287 2932  IKEEXT - ok
09:32:12.0318 2932  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
09:32:12.0318 2932  Impcd - ok
09:32:12.0349 2932  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:32:12.0349 2932  intelide - ok
09:32:12.0380 2932  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:32:12.0380 2932  intelppm - ok
09:32:12.0427 2932  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:32:12.0427 2932  IPBusEnum - ok
09:32:12.0443 2932  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:32:12.0443 2932  IpFilterDriver - ok
09:32:12.0474 2932  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:32:12.0490 2932  IPMIDRV - ok
09:32:12.0505 2932  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:32:12.0505 2932  IPNAT - ok
09:32:12.0536 2932  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:32:12.0536 2932  IRENUM - ok
09:32:12.0536 2932  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:32:12.0552 2932  isapnp - ok
09:32:12.0568 2932  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:32:12.0583 2932  iScsiPrt - ok
09:32:12.0599 2932  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:32:12.0599 2932  kbdclass - ok
09:32:12.0630 2932  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:32:12.0630 2932  kbdhid - ok
09:32:12.0661 2932  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
09:32:12.0661 2932  kbfiltr - ok
09:32:12.0692 2932  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:32:12.0692 2932  KeyIso - ok
09:32:12.0724 2932  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:32:12.0724 2932  KSecDD - ok
09:32:12.0739 2932  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:32:12.0739 2932  KSecPkg - ok
09:32:12.0770 2932  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:32:12.0770 2932  ksthunk - ok
09:32:12.0817 2932  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:32:12.0833 2932  KtmRm - ok
09:32:12.0864 2932  [ 9C46A5421DE9D116C47155317CABB522 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
09:32:12.0864 2932  L1C - ok
09:32:12.0895 2932  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:32:12.0911 2932  LanmanServer - ok
09:32:12.0926 2932  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:32:12.0942 2932  LanmanWorkstation - ok
09:32:12.0973 2932  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:32:12.0973 2932  lltdio - ok
09:32:13.0004 2932  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:32:13.0020 2932  lltdsvc - ok
09:32:13.0020 2932  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:32:13.0020 2932  lmhosts - ok
09:32:13.0067 2932  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:32:13.0067 2932  LMS - ok
09:32:13.0098 2932  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:32:13.0098 2932  LSI_FC - ok
09:32:13.0114 2932  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:32:13.0114 2932  LSI_SAS - ok
09:32:13.0129 2932  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:32:13.0129 2932  LSI_SAS2 - ok
09:32:13.0160 2932  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:32:13.0160 2932  LSI_SCSI - ok
09:32:13.0176 2932  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:32:13.0192 2932  luafv - ok
09:32:13.0223 2932  [ 035C83CD72E06C47000793D32B1A642D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
09:32:13.0223 2932  massfilter - ok
09:32:13.0301 2932  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:32:13.0301 2932  MBAMProtector - ok
09:32:13.0348 2932  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:32:13.0348 2932  MBAMScheduler - ok
09:32:13.0410 2932  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:32:13.0426 2932  MBAMService - ok
09:32:13.0441 2932  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:32:13.0441 2932  Mcx2Svc - ok
09:32:13.0488 2932  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:32:13.0488 2932  megasas - ok
09:32:13.0519 2932  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:32:13.0519 2932  MegaSR - ok
09:32:13.0550 2932  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:32:13.0550 2932  MMCSS - ok
09:32:13.0582 2932  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:32:13.0582 2932  Modem - ok
09:32:13.0613 2932  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:32:13.0613 2932  monitor - ok
09:32:13.0644 2932  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:32:13.0644 2932  mouclass - ok
09:32:13.0691 2932  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:32:13.0691 2932  mouhid - ok
09:32:13.0722 2932  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:32:13.0738 2932  mountmgr - ok
09:32:13.0816 2932  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:32:13.0816 2932  MozillaMaintenance - ok
09:32:13.0831 2932  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:32:13.0847 2932  mpio - ok
09:32:13.0862 2932  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:32:13.0862 2932  mpsdrv - ok
09:32:13.0894 2932  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:32:13.0894 2932  MRxDAV - ok
09:32:13.0925 2932  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:32:13.0925 2932  mrxsmb - ok
09:32:13.0972 2932  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:32:13.0987 2932  mrxsmb10 - ok
09:32:14.0003 2932  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:32:14.0003 2932  mrxsmb20 - ok
09:32:14.0018 2932  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:32:14.0018 2932  msahci - ok
09:32:14.0050 2932  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:32:14.0065 2932  msdsm - ok
09:32:14.0081 2932  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:32:14.0081 2932  MSDTC - ok
09:32:14.0112 2932  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:32:14.0112 2932  Msfs - ok
09:32:14.0128 2932  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:32:14.0128 2932  mshidkmdf - ok
09:32:14.0159 2932  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:32:14.0159 2932  msisadrv - ok
09:32:14.0174 2932  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:32:14.0174 2932  MSiSCSI - ok
09:32:14.0190 2932  msiserver - ok
09:32:14.0206 2932  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:32:14.0206 2932  MSKSSRV - ok
09:32:14.0221 2932  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:32:14.0237 2932  MSPCLOCK - ok
09:32:14.0252 2932  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:32:14.0252 2932  MSPQM - ok
09:32:14.0284 2932  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:32:14.0284 2932  MsRPC - ok
09:32:14.0315 2932  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:32:14.0315 2932  mssmbios - ok
09:32:14.0330 2932  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:32:14.0330 2932  MSTEE - ok
09:32:14.0346 2932  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:32:14.0346 2932  MTConfig - ok
09:32:14.0393 2932  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
09:32:14.0393 2932  MTsensor - ok
09:32:14.0408 2932  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:32:14.0408 2932  Mup - ok
09:32:14.0440 2932  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:32:14.0440 2932  napagent - ok
09:32:14.0502 2932  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:32:14.0502 2932  NativeWifiP - ok
09:32:14.0564 2932  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:32:14.0596 2932  NDIS - ok
09:32:14.0642 2932  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:32:14.0642 2932  NdisCap - ok
09:32:14.0658 2932  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:32:14.0658 2932  NdisTapi - ok
09:32:14.0689 2932  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:32:14.0689 2932  Ndisuio - ok
09:32:14.0720 2932  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:32:14.0720 2932  NdisWan - ok
09:32:14.0752 2932  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:32:14.0752 2932  NDProxy - ok
09:32:14.0783 2932  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:32:14.0783 2932  NetBIOS - ok
09:32:14.0814 2932  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:32:14.0830 2932  NetBT - ok
09:32:14.0861 2932  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:32:14.0861 2932  Netlogon - ok
09:32:14.0892 2932  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:32:14.0892 2932  Netman - ok
09:32:14.0908 2932  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:32:14.0923 2932  netprofm - ok
09:32:14.0939 2932  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:32:14.0939 2932  NetTcpPortSharing - ok
09:32:14.0970 2932  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:32:14.0970 2932  nfrd960 - ok
09:32:15.0001 2932  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:32:15.0017 2932  NlaSvc - ok
09:32:15.0048 2932  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:32:15.0048 2932  Npfs - ok
09:32:15.0079 2932  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:32:15.0079 2932  nsi - ok
09:32:15.0110 2932  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:32:15.0110 2932  nsiproxy - ok
09:32:15.0188 2932  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:32:15.0220 2932  Ntfs - ok
09:32:15.0251 2932  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:32:15.0266 2932  Null - ok
09:32:15.0298 2932  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:32:15.0298 2932  nvraid - ok
09:32:15.0313 2932  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:32:15.0329 2932  nvstor - ok
09:32:15.0344 2932  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:32:15.0360 2932  nv_agp - ok
09:32:15.0469 2932  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:32:15.0469 2932  odserv - ok
09:32:15.0500 2932  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:32:15.0516 2932  ohci1394 - ok
09:32:15.0563 2932  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:32:15.0563 2932  ose - ok
09:32:15.0594 2932  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:32:15.0610 2932  p2pimsvc - ok
09:32:15.0625 2932  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:32:15.0625 2932  p2psvc - ok
09:32:15.0656 2932  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:32:15.0656 2932  Parport - ok
09:32:15.0688 2932  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:32:15.0688 2932  partmgr - ok
09:32:15.0703 2932  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:32:15.0719 2932  PcaSvc - ok
09:32:15.0734 2932  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:32:15.0734 2932  pci - ok
09:32:15.0766 2932  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:32:15.0766 2932  pciide - ok
09:32:15.0797 2932  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:32:15.0797 2932  pcmcia - ok
09:32:15.0812 2932  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:32:15.0812 2932  pcw - ok
09:32:15.0844 2932  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:32:15.0844 2932  PEAUTH - ok
09:32:15.0937 2932  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:32:15.0937 2932  PerfHost - ok
09:32:16.0000 2932  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:32:16.0046 2932  pla - ok
09:32:16.0093 2932  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:32:16.0109 2932  PlugPlay - ok
09:32:16.0124 2932  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:32:16.0124 2932  PNRPAutoReg - ok
09:32:16.0156 2932  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:32:16.0156 2932  PNRPsvc - ok
09:32:16.0436 2932  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:32:16.0468 2932  PolicyAgent - ok
09:32:16.0514 2932  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:32:16.0514 2932  Power - ok
09:32:16.0546 2932  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:32:16.0546 2932  PptpMiniport - ok
09:32:16.0577 2932  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:32:16.0592 2932  Processor - ok
09:32:16.0624 2932  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:32:16.0624 2932  ProfSvc - ok
09:32:16.0639 2932  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:32:16.0639 2932  ProtectedStorage - ok
09:32:16.0670 2932  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:32:16.0670 2932  Psched - ok
09:32:16.0733 2932  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:32:16.0780 2932  ql2300 - ok
09:32:16.0795 2932  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:32:16.0795 2932  ql40xx - ok
09:32:16.0811 2932  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:32:16.0826 2932  QWAVE - ok
09:32:16.0842 2932  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:32:16.0842 2932  QWAVEdrv - ok
09:32:16.0858 2932  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:32:16.0858 2932  RasAcd - ok
09:32:16.0904 2932  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:32:16.0904 2932  RasAgileVpn - ok
09:32:16.0920 2932  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:32:16.0920 2932  RasAuto - ok
09:32:16.0951 2932  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:32:16.0951 2932  Rasl2tp - ok
09:32:17.0014 2932  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:32:17.0014 2932  RasMan - ok
09:32:17.0045 2932  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:32:17.0045 2932  RasPppoe - ok
09:32:17.0060 2932  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:32:17.0060 2932  RasSstp - ok
09:32:17.0092 2932  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:32:17.0107 2932  rdbss - ok
09:32:17.0107 2932  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:32:17.0107 2932  rdpbus - ok
09:32:17.0138 2932  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:32:17.0138 2932  RDPCDD - ok
09:32:17.0170 2932  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:32:17.0170 2932  RDPENCDD - ok
09:32:17.0185 2932  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:32:17.0185 2932  RDPREFMP - ok
09:32:17.0216 2932  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:32:17.0216 2932  RDPWD - ok
09:32:17.0248 2932  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:32:17.0248 2932  rdyboost - ok
09:32:17.0310 2932  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:32:17.0310 2932  RemoteAccess - ok
09:32:17.0357 2932  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:32:17.0357 2932  RemoteRegistry - ok
09:32:17.0372 2932  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:32:17.0388 2932  RpcEptMapper - ok
09:32:17.0404 2932  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:32:17.0404 2932  RpcLocator - ok
09:32:17.0513 2932  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:32:17.0528 2932  RpcSs - ok
09:32:17.0638 2932  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:32:17.0653 2932  rspndr - ok
09:32:17.0669 2932  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:32:17.0669 2932  SamSs - ok
09:32:17.0700 2932  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:32:17.0700 2932  sbp2port - ok
09:32:17.0731 2932  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:32:17.0731 2932  SCardSvr - ok
09:32:17.0762 2932  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:32:17.0762 2932  scfilter - ok
09:32:17.0809 2932  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
09:32:17.0840 2932  Schedule - ok
09:32:17.0872 2932  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:32:17.0872 2932  SCPolicySvc - ok
09:32:17.0918 2932  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:32:17.0918 2932  SDRSVC - ok
09:32:17.0950 2932  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:32:17.0950 2932  secdrv - ok
09:32:17.0965 2932  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:32:17.0965 2932  seclogon - ok
09:32:18.0012 2932  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
09:32:18.0012 2932  SENS - ok
09:32:18.0028 2932  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:32:18.0028 2932  SensrSvc - ok
09:32:18.0043 2932  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:32:18.0043 2932  Serenum - ok
09:32:18.0074 2932  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:32:18.0074 2932  Serial - ok
09:32:18.0106 2932  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:32:18.0121 2932  sermouse - ok
09:32:18.0152 2932  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:32:18.0152 2932  SessionEnv - ok
09:32:18.0184 2932  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:32:18.0184 2932  sffdisk - ok
09:32:18.0199 2932  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:32:18.0215 2932  sffp_mmc - ok
09:32:18.0230 2932  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:32:18.0230 2932  sffp_sd - ok
09:32:18.0262 2932  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:32:18.0262 2932  sfloppy - ok
09:32:18.0324 2932  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:32:18.0355 2932  ShellHWDetection - ok
09:32:18.0402 2932  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
09:32:18.0402 2932  SiSGbeLH - ok
09:32:18.0433 2932  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:32:18.0433 2932  SiSRaid2 - ok
09:32:18.0464 2932  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:32:18.0464 2932  SiSRaid4 - ok
09:32:18.0542 2932  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:32:18.0542 2932  SkypeUpdate - ok
09:32:18.0574 2932  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:32:18.0589 2932  Smb - ok
09:32:18.0636 2932  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:32:18.0636 2932  SNMPTRAP - ok
09:32:18.0730 2932  [ F06A6DE8438F7446BFF9E61F31356521 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
09:32:18.0761 2932  SNP2UVC - ok
09:32:18.0792 2932  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:32:18.0792 2932  spldr - ok
09:32:18.0823 2932  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:32:18.0839 2932  Spooler - ok
09:32:18.0932 2932  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:32:19.0026 2932  sppsvc - ok
09:32:19.0042 2932  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:32:19.0042 2932  sppuinotify - ok
09:32:19.0088 2932  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:32:19.0088 2932  srv - ok
09:32:19.0104 2932  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:32:19.0120 2932  srv2 - ok
09:32:19.0135 2932  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:32:19.0135 2932  srvnet - ok
09:32:19.0151 2932  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:32:19.0151 2932  SSDPSRV - ok
09:32:19.0166 2932  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:32:19.0166 2932  SstpSvc - ok
09:32:19.0276 2932  [ 94A6522AC9F3E05FD039AD105ADE96D0 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
09:32:19.0276 2932  STacSV - ok
09:32:19.0307 2932  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:32:19.0307 2932  stexstor - ok
09:32:19.0338 2932  [ DDB811B13D827081E7C1DDFF302AB334 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
09:32:19.0354 2932  STHDA - ok
09:32:19.0385 2932  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
09:32:19.0385 2932  StillCam - ok
09:32:19.0463 2932  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:32:19.0510 2932  stisvc - ok
09:32:19.0525 2932  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:32:19.0525 2932  swenum - ok
09:32:19.0619 2932  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:32:19.0650 2932  swprv - ok
09:32:19.0775 2932  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:32:19.0837 2932  SysMain - ok
09:32:19.0853 2932  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:32:19.0868 2932  TabletInputService - ok
09:32:19.0915 2932  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:32:19.0931 2932  TapiSrv - ok
09:32:19.0962 2932  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:32:19.0962 2932  TBS - ok
09:32:20.0102 2932  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:32:20.0149 2932  Tcpip - ok
09:32:20.0212 2932  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:32:20.0227 2932  TCPIP6 - ok
09:32:20.0274 2932  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:32:20.0274 2932  tcpipreg - ok
09:32:20.0305 2932  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:32:20.0305 2932  TDPIPE - ok
09:32:20.0336 2932  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:32:20.0336 2932  TDTCP - ok
09:32:20.0352 2932  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:32:20.0368 2932  tdx - ok
09:32:20.0383 2932  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:32:20.0383 2932  TermDD - ok
09:32:20.0414 2932  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:32:20.0430 2932  TermService - ok
09:32:20.0477 2932  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:32:20.0477 2932  Themes - ok
09:32:20.0492 2932  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:32:20.0492 2932  THREADORDER - ok
09:32:20.0524 2932  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:32:20.0539 2932  TrkWks - ok
09:32:20.0586 2932  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:32:20.0586 2932  TrustedInstaller - ok
09:32:20.0617 2932  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:32:20.0617 2932  tssecsrv - ok
09:32:20.0648 2932  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:32:20.0648 2932  TsUsbFlt - ok
09:32:20.0695 2932  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:32:20.0695 2932  tunnel - ok
09:32:20.0726 2932  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
09:32:20.0726 2932  TurboB - ok
09:32:20.0773 2932  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:32:20.0773 2932  TurboBoost - ok
09:32:20.0804 2932  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:32:20.0804 2932  uagp35 - ok
09:32:20.0851 2932  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:32:20.0851 2932  udfs - ok
09:32:20.0976 2932  [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
09:32:20.0976 2932  UI Assistant Service - ok
09:32:21.0007 2932  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:32:21.0023 2932  UI0Detect - ok
09:32:21.0038 2932  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:32:21.0038 2932  uliagpkx - ok
09:32:21.0070 2932  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
09:32:21.0070 2932  umbus - ok
09:32:21.0101 2932  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:32:21.0101 2932  UmPass - ok
09:32:21.0194 2932  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:32:21.0257 2932  UNS - ok
09:32:21.0272 2932  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:32:21.0288 2932  upnphost - ok
09:32:21.0335 2932  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:32:21.0335 2932  usbccgp - ok
09:32:21.0366 2932  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:32:21.0366 2932  usbcir - ok
09:32:21.0382 2932  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:32:21.0397 2932  usbehci - ok
09:32:21.0428 2932  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:32:21.0428 2932  usbhub - ok
09:32:21.0444 2932  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:32:21.0444 2932  usbohci - ok
09:32:21.0491 2932  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:32:21.0491 2932  usbprint - ok
09:32:21.0522 2932  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:32:21.0522 2932  usbscan - ok
09:32:21.0538 2932  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:32:21.0538 2932  USBSTOR - ok
09:32:21.0569 2932  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:32:21.0569 2932  usbuhci - ok
09:32:21.0616 2932  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:32:21.0616 2932  usbvideo - ok
09:32:21.0647 2932  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:32:21.0647 2932  UxSms - ok
09:32:21.0662 2932  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:32:21.0662 2932  VaultSvc - ok
09:32:21.0678 2932  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:32:21.0678 2932  vdrvroot - ok
09:32:21.0709 2932  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:32:21.0725 2932  vds - ok
09:32:21.0756 2932  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:32:21.0756 2932  vga - ok
09:32:21.0787 2932  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:32:21.0787 2932  VgaSave - ok
09:32:21.0803 2932  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:32:21.0818 2932  vhdmp - ok
09:32:21.0850 2932  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:32:21.0850 2932  viaide - ok
09:32:21.0881 2932  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:32:21.0881 2932  volmgr - ok
09:32:21.0912 2932  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:32:21.0912 2932  volmgrx - ok
09:32:21.0943 2932  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:32:21.0943 2932  volsnap - ok
09:32:21.0959 2932  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:32:21.0959 2932  vsmraid - ok
09:32:22.0052 2932  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:32:22.0099 2932  VSS - ok
09:32:22.0115 2932  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:32:22.0115 2932  vwifibus - ok
09:32:22.0130 2932  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:32:22.0130 2932  vwififlt - ok
09:32:22.0162 2932  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:32:22.0162 2932  vwifimp - ok
09:32:22.0240 2932  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:32:22.0255 2932  W32Time - ok
09:32:22.0302 2932  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:32:22.0302 2932  WacomPen - ok
09:32:22.0333 2932  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:32:22.0333 2932  WANARP - ok
09:32:22.0349 2932  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:32:22.0349 2932  Wanarpv6 - ok
09:32:22.0427 2932  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:32:22.0458 2932  WatAdminSvc - ok
09:32:22.0505 2932  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:32:22.0552 2932  wbengine - ok
09:32:22.0583 2932  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:32:22.0583 2932  WbioSrvc - ok
09:32:22.0630 2932  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:32:22.0630 2932  wcncsvc - ok
09:32:22.0645 2932  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:32:22.0645 2932  WcsPlugInService - ok
09:32:22.0676 2932  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:32:22.0676 2932  Wd - ok
09:32:22.0708 2932  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:32:22.0723 2932  Wdf01000 - ok
09:32:22.0754 2932  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:32:22.0754 2932  WdiServiceHost - ok
09:32:22.0754 2932  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:32:22.0754 2932  WdiSystemHost - ok
09:32:22.0786 2932  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:32:22.0786 2932  WebClient - ok
09:32:22.0817 2932  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:32:22.0817 2932  Wecsvc - ok
09:32:22.0832 2932  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:32:22.0832 2932  wercplsupport - ok
09:32:22.0864 2932  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:32:22.0864 2932  WerSvc - ok
09:32:22.0895 2932  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:32:22.0895 2932  WfpLwf - ok
09:32:22.0926 2932  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
09:32:22.0926 2932  WimFltr - ok
09:32:22.0942 2932  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:32:22.0957 2932  WIMMount - ok
09:32:22.0957 2932  WinHttpAutoProxySvc - ok
09:32:23.0035 2932  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:32:23.0035 2932  Winmgmt - ok
09:32:23.0129 2932  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:32:23.0191 2932  WinRM - ok
09:32:23.0269 2932  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:32:23.0269 2932  WinUsb - ok
09:32:23.0300 2932  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:32:23.0316 2932  Wlansvc - ok
09:32:23.0363 2932  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:32:23.0363 2932  WmiAcpi - ok
09:32:23.0441 2932  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:32:23.0441 2932  wmiApSrv - ok
09:32:23.0472 2932  WMPNetworkSvc - ok
09:32:23.0488 2932  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:32:23.0488 2932  WPCSvc - ok
09:32:23.0519 2932  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:32:23.0519 2932  WPDBusEnum - ok
09:32:23.0550 2932  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:32:23.0550 2932  ws2ifsl - ok
09:32:23.0550 2932  WSearch - ok
09:32:23.0566 2932  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:32:23.0581 2932  WudfPf - ok
09:32:23.0612 2932  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:32:23.0628 2932  WUDFRd - ok
09:32:23.0644 2932  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:32:23.0644 2932  wudfsvc - ok
09:32:23.0675 2932  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:32:23.0690 2932  WwanSvc - ok
09:32:23.0737 2932  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:32:23.0737 2932  ZTEusbmdm6k - ok
09:32:23.0768 2932  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:32:23.0768 2932  ZTEusbnmea - ok
09:32:23.0800 2932  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:32:23.0800 2932  ZTEusbser6k - ok
09:32:23.0862 2932  [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
09:32:23.0878 2932  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
09:32:23.0893 2932  ================ Scan global ===============================
09:32:23.0924 2932  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:32:23.0956 2932  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:32:23.0971 2932  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:32:23.0987 2932  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:32:24.0034 2932  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
09:32:24.0049 2932  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
09:32:24.0049 2932  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
09:32:24.0049 2932  ================ Scan MBR ==================================
09:32:24.0065 2932  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:32:24.0502 2932  \Device\Harddisk0\DR0 - ok
09:32:24.0502 2932  ================ Scan VBR ==================================
09:32:24.0533 2932  [ 2CE15AE69BD2EA14D1E16594C9F40589 ] \Device\Harddisk0\DR0\Partition1
09:32:24.0533 2932  \Device\Harddisk0\DR0\Partition1 - ok
09:32:24.0548 2932  [ 5BA4E991FFDBB372F353561123237AA1 ] \Device\Harddisk0\DR0\Partition2
09:32:24.0564 2932  \Device\Harddisk0\DR0\Partition2 - ok
09:32:24.0564 2932  ============================================================
09:32:24.0564 2932  Scan finished
09:32:24.0564 2932  ============================================================
09:32:24.0580 3064  Detected object count: 1
09:32:24.0580 3064  Actual detected object count: 1
09:32:42.0800 3064  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
09:32:42.0800 3064  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
         
Das Ding wird immer noch gefunden...leider

Alt 24.10.2012, 12:42   #8
Psychotic
/// Malwareteam
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.10.2012, 14:46   #9
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Also falls das ganze jetzt erledigt sein sollte bedanke ich mich schon tausend mal....allerdings gkaub ich noch nich ganz dran

Hier die Combofix logfile:

Code:
ATTFilter
ComboFix 12-10-24.01 - Andreas Tickert 24.10.2012  15:27:37.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3949.2366 [GMT 2:00]
ausgeführt von:: c:\users\Andreas Tickert\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\00000004.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\201d3dde
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000004.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000008.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\000000cb.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000000.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000032.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000064.@
c:\windows\isRS-000.tmp
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-24 bis 2012-10-24  ))))))))))))))))))))))))))))))
.
.
2012-10-24 07:21 . 2012-10-24 07:27	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-10-23 10:29 . 2012-10-23 10:29	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-10-23 05:22 . 2012-10-23 05:22	--------	d-----w-	c:\program files (x86)\Red Sky
2012-10-22 15:03 . 2012-10-22 15:03	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-10-22 15:03 . 2004-08-17 00:40	16384	----a-w-	c:\windows\SysWow64\FileOps.exe
2012-10-22 14:58 . 2012-10-23 11:07	--------	d-----w-	C:\Programme
2012-10-20 07:40 . 2012-09-24 21:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 15:12 . 2002-03-08 06:03	179136	----a-w-	c:\windows\SysWow64\Tbdbf04.dll
2012-10-10 11:11 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 11:11 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 11:11 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-05 13:04 . 2012-10-05 13:04	--------	d-----w-	c:\users\Andreas Tickert\AppData\Roaming\TuneUp Software
2012-10-05 13:04 . 2012-10-05 13:04	--------	d-----w-	c:\programdata\TuneUp Software
2012-10-05 13:04 . 2012-10-05 13:04	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-05 13:04 . 2012-10-05 13:04	--------	d--h--w-	c:\programdata\Common Files
2012-09-30 14:59 . 2012-09-30 14:59	--------	d-----w-	c:\users\Andreas Tickert\.phet
2012-09-30 14:10 . 2012-09-30 14:15	--------	d-----w-	c:\program files (x86)\Chemie_Aber_Sicher
2012-09-30 13:56 . 2012-09-30 13:56	--------	d-----w-	c:\program files (x86)\Common Files\Borland Shared
2012-09-30 13:56 . 1999-11-12 03:11	183808	----a-w-	c:\windows\SysWow64\BDEADMIN.CPL
2012-09-30 13:56 . 1999-01-20 03:01	210032	----a-w-	c:\windows\SysWow64\DBCLIENT.DLL
2012-09-30 13:56 . 2012-09-30 13:56	--------	d-----w-	c:\program files (x86)\Chisela 5
2012-09-30 13:56 . 2001-12-14 09:25	423936	----a-w-	c:\windows\SysWow64\db2kr_de.DLL
2012-09-30 13:56 . 2001-06-14 20:03	4120608	----a-w-	c:\windows\SysWow64\db2kRUN.EXE
2012-09-30 13:56 . 1999-10-31 16:41	229376	----a-w-	c:\windows\SysWow64\Resource.DLL
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-29 10:43 . 2012-09-29 10:43	131072	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-29 10:43 . 2012-09-29 10:43	--------	d-----w-	c:\program files (x86)\QuickTime
2012-09-29 10:43 . 2012-09-29 10:43	--------	d-----w-	c:\programdata\Apple Computer
2012-09-29 10:42 . 2012-09-29 10:42	--------	d-----w-	c:\users\Andreas Tickert\AppData\Local\Apple
2012-09-29 10:42 . 2012-09-29 10:42	--------	d-----w-	c:\programdata\Apple
2012-09-29 10:42 . 2012-09-29 10:42	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-09-29 10:41 . 2012-09-29 10:52	--------	d-----w-	c:\users\Andreas Tickert\AppData\Roaming\Klett
2012-09-29 10:40 . 2012-09-29 10:40	--------	d-----w-	c:\program files (x86)\Klett
2012-09-29 10:40 . 2012-09-29 10:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-29 10:40 . 2012-09-29 10:39	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 05:16 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:13 . 2010-12-16 14:55	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 16:33 . 2012-04-02 06:34	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:33 . 2011-05-16 07:00	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2012-01-16 17:52	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-29 10:39 . 2010-12-15 17:29	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-22 06:43	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 06:43	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 06:43	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 06:43	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 06:43	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 06:43	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 06:43	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 06:43	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 06:43	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 06:43	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 06:43	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 06:43	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 06:43	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 06:43	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 06:43	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 06:43	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 06:43	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 06:43	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 06:43	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 06:43	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 06:43	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 06:43	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 08:33	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 08:33	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 08:33	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 08:33	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 11:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 08:33	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 08:33	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2003-03-21 12:45 . 2012-02-14 18:33	250544	----a-w-	c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-02 3931136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-20 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-04-27 1073744]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-04-27 884816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2011-08-25 153424]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-06-29 286720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-9-20 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-11-11 6104576]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-06 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/19 23:23];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2011-08-25 270672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:33]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 06:33]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 06:33]
.
2012-10-24 c:\windows\Tasks\MT66 Software Update.job
- c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2011-01-21 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - ExtSQL: 2012-09-12 18:49; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2012-10-05 15:03; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
AddRemove-WEKA Chemie unterrichten 4.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-24  15:41:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-24 13:41
.
Vor Suchlauf: 17 Verzeichnis(se), 47.495.720.960 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 49.530.044.416 Bytes frei
.
- - End Of File - - 551C626308D6D378F4B6C71F0B19F151
         

Alt 24.10.2012, 14:49   #10
Psychotic
/// Malwareteam
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Scan mit adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.10.2012, 15:15   #11
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



ADWCLeaner:


Code:
ATTFilter
# AdwCleaner v2.005 - Datei am 24/10/2012 um 16:15:01 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Andreas Tickert - TICKERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas Tickert\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\Iminent
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\Iminent
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Local\Linkury
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\Iminent
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3844998663-1645465265-2987210626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-3844998663-1645465265-2987210626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3844998663-1645465265-2987210626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

*************************

AdwCleaner[R1].txt - [28908 octets] - [24/10/2012 16:15:01]

########## EOF - C:\AdwCleaner[R1].txt - [28969 octets] ##########
         

Alt 24.10.2012, 15:17   #12
Psychotic
/// Malwareteam
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Schritt 1: Fix mit adwCleaner


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: Neues OTL-Log

  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.10.2012, 16:55   #13
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



OTL Datei:

Code:
ATTFilter
OTL logfile created on: 24.10.2012 17:21:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas Tickert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,23% Memory free
7,71 Gb Paging File | 5,40 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 45,89 Gb Free Space | 39,41% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 236,28 Gb Free Space | 71,65% Space Free | Partition Type: NTFS
 
Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andreas Tickert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Windows\SysWOW64\prevhost.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe (IDT, Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M]
 
[2012.08.05 21:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Extensions
[2012.10.23 09:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions
[2012.10.05 15:03:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.12 18:49:12 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.09.12 18:39:52 | 000,003,915 | ---- | M] () -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\firefox\profiles\wkarz4j6.default\searchplugins\sweetim.xml
[2012.10.13 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.13 14:23:11 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2012.10.13 14:23:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.13 14:23:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.31 11:51:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 11:51:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.31 11:51:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 11:51:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 11:51:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 11:51:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266B6562-B205-4206-BD0C-CC0327319233}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.24 15:41:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.24 15:36:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.24 15:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.24 15:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.24 15:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.24 15:12:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.24 15:12:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.24 15:10:43 | 004,988,277 | R--- | C] (Swearware) -- C:\Users\Andreas Tickert\Desktop\ComboFix.exe
[2012.10.24 09:21:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.23 16:26:38 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andreas Tickert\Desktop\tdsskiller.exe
[2012.10.23 12:29:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.10.23 12:28:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe
[2012.10.23 12:26:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe
[2012.10.23 07:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012.10.22 17:10:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\Documents\Updater
[2012.10.22 17:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.10.22 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012.10.22 16:58:45 | 000,000,000 | ---D | C] -- C:\Programme
[2012.10.20 09:40:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.20 09:40:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.20 09:40:57 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.16 17:12:31 | 000,179,136 | ---- | C] (Q+E Software, Inc.) -- C:\Windows\SysWow64\Tbdbf04.dll
[2012.10.13 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.10 13:11:06 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 13:10:55 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 13:10:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 13:10:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 13:10:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 13:10:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 13:10:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 13:10:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 13:10:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 13:10:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 13:10:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 13:10:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 13:10:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:10:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 13:10:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:10:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:10:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:10:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:10:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:10:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:10:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:10:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:10:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:10:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:10:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:10:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:10:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:10:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:10:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:10:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 13:10:35 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 13:10:32 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 13:10:31 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 13:10:03 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 13:10:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.05 15:04:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\TuneUp Software
[2012.10.05 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.05 15:04:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.05 15:04:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.30 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\.phet
[2012.09.30 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chemie - Aber Sicher
[2012.09.30 16:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chemie_Aber_Sicher
[2012.09.30 15:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2012.09.30 15:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chisela 5
[2012.09.30 15:56:24 | 000,229,376 | ---- | C] (dBASE Inc.) -- C:\Windows\SysWow64\Resource.DLL
[2012.09.30 15:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chisela 5
[2012.09.29 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.09.29 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Local\Apple
[2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.09.29 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\Klett
[2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klett
[2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klett
[2012.09.29 12:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.29 12:40:04 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.27 07:16:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.02.14 20:33:16 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.24 17:19:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.24 17:18:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.24 17:18:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.24 16:14:21 | 000,538,941 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\adwcleaner.exe
[2012.10.24 15:50:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 15:50:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 15:42:42 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.24 15:42:27 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.24 15:19:34 | 000,001,368 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.10.24 15:10:55 | 004,988,277 | R--- | M] (Swearware) -- C:\Users\Andreas Tickert\Desktop\ComboFix.exe
[2012.10.24 09:19:28 | 000,458,063 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\ATRAPS.gen2 von AVIRA gemeldet - Trojaner-Board.pdf
[2012.10.24 06:58:45 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2012.10.23 16:26:40 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andreas Tickert\Desktop\tdsskiller.exe
[2012.10.23 15:56:24 | 000,000,512 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\MBR.dat
[2012.10.23 13:05:05 | 000,409,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.23 13:04:51 | 594,801,137 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.23 12:28:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe
[2012.10.23 12:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe
[2012.10.23 12:26:28 | 000,000,000 | ---- | M] () -- C:\Users\Andreas Tickert\defogger_reenable
[2012.10.23 08:43:10 | 000,050,477 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe
[2012.10.23 07:22:18 | 000,000,014 | ---- | M] () -- C:\end
[2012.10.22 19:38:27 | 000,002,326 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.10.21 12:10:20 | 000,000,584 | ---- | M] () -- C:\Users\Andreas Tickert\Documents\grstyles.stl
[2012.10.17 18:59:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.17 18:59:19 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.17 18:59:19 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.17 18:59:19 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.17 18:59:19 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.09 18:33:28 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 18:33:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.29 12:50:30 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk
[2012.09.29 12:43:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.09.29 12:41:11 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk
[2012.09.29 12:39:30 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.29 12:39:30 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.27 13:18:54 | 001,319,805 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\DSCF8611.JPG
[2012.09.24 23:16:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.24 16:14:20 | 000,538,941 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\adwcleaner.exe
[2012.10.24 15:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.24 15:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.24 15:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.24 15:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.24 15:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.24 09:19:26 | 000,458,063 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\ATRAPS.gen2 von AVIRA gemeldet - Trojaner-Board.pdf
[2012.10.23 15:56:24 | 000,000,512 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\MBR.dat
[2012.10.23 12:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Andreas Tickert\defogger_reenable
[2012.10.23 08:43:09 | 000,050,477 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe
[2012.10.23 07:22:01 | 000,000,014 | ---- | C] () -- C:\end
[2012.10.22 17:03:59 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012.10.16 17:12:32 | 000,000,440 | ---- | C] () -- C:\Windows\SysWow64\Qeasymtx.lic
[2012.09.30 15:56:34 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2012.09.30 15:56:34 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL
[2012.09.30 15:56:24 | 004,120,608 | ---- | C] () -- C:\Windows\SysWow64\db2kRUN.EXE
[2012.09.30 15:56:24 | 000,423,936 | ---- | C] () -- C:\Windows\SysWow64\db2kr_de.DLL
[2012.09.29 12:50:30 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk
[2012.09.29 12:43:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.09.29 12:42:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.29 12:41:11 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk
[2012.04.15 11:07:55 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012.03.21 22:57:02 | 000,002,054 | ---- | C] () -- C:\Users\Andreas Tickert\.powerupdate.user.properties
[2012.03.11 17:47:43 | 000,000,066 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2012.02.13 14:24:54 | 000,293,712 | ---- | C] () -- C:\Windows\SysWow64\Tbsql03.dll
[2012.02.13 14:24:54 | 000,246,368 | ---- | C] () -- C:\Windows\SysWow64\Tbqry03.dll
[2012.02.13 14:24:54 | 000,145,696 | ---- | C] () -- C:\Windows\SysWow64\Tblib.dll
[2012.02.13 14:24:54 | 000,090,688 | ---- | C] () -- C:\Windows\SysWow64\Tbutl03.dll
[2012.02.13 14:24:54 | 000,014,512 | ---- | C] () -- C:\Windows\SysWow64\Tbgui03.dll
[2012.02.13 14:24:54 | 000,005,488 | ---- | C] () -- C:\Windows\SysWow64\Tbmds03.dll
[2011.01.06 12:02:16 | 000,003,584 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.26 20:35:00 | 000,000,360 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Roaming\burnaware.ini
[2010.12.26 20:29:25 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2010.12.09 11:43:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2012.10.24 15:18:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L
[2012.10.24 15:18:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         


Und der Extra txt.:

Code:
ATTFilter
OTL Extras logfile created on: 24.10.2012 17:21:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas Tickert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,23% Memory free
7,71 Gb Paging File | 5,40 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 45,89 Gb Free Space | 39,41% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 236,28 Gb Free Space | 71,65% Space Free | Partition Type: NTFS
 
Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BA6794A2-C276-4069-92C5-FC4FC0051E21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F32168E1-487C-4564-BD01-D57FE521574E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8E873A0F-CE17-416C-BDDD-FD3648764D71}C:\program files (x86)\iminent\iminent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"TCP Query User{99807D84-B22B-4816-A638-BDC78F0FDC0C}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{247D31BC-59C6-4988-9E01-6AF4E62817F3}C:\program files (x86)\iminent\iminent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"UDP Query User{CE4D47F9-E556-4E4B-8398-7D9DB9C58EA7}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PanoramaStudio2" = PanoramaStudio 2.2 ((deinstallieren))
"PDF-XChange 3_is1" = PDF-XChange 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1" = Chemie_Aber_Sicher Version 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A505EBCB-C827-433F-B5A1-D242F20A4B23}" = Elemente Chemie Multimedial 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB91071A-F029-4B98-B6EE-EBA3AB14D530}" = Elemente Chemie Multimedial 2
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2739D43-F30E-4294-87C1-0F814CCEB9E9}" = Catalyst Control Center InstallProxy
"{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chisela 5_is1" = Chisela 5.2.2
"DealPly" = DealPly
"Diablo III" = Diablo III
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.25.423
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.1004
"Google Chrome" = Google Chrome
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IMBoosterARP" = Iminent
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PartyPoker" = PartyPoker
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rainlendar2" = Rainlendar2 (remove only)
"RB-DATA Notentabelle für Excel_is1" = RB-DATA Notentabelle für Excel
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"WEKA Chemie unterrichten 4.0" = WEKA Chemie unterrichten 4.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.10.2012 09:02:13 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x1530  Startzeit der fehlerhaften Anwendung: 0x01cdb1e7c935b266  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 06e49ea7-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:03:13 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x1738  Startzeit der fehlerhaften Anwendung: 0x01cdb1e7ed106c87  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 2ac1ba28-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:04:13 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x11ac  Startzeit der fehlerhaften Anwendung: 0x01cdb1e810f70d89  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 4ea5f9c9-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:05:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x1654  Startzeit der fehlerhaften Anwendung: 0x01cdb1e834d1c7a9  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 7283154a-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:06:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x1738  Startzeit der fehlerhaften Anwendung: 0x01cdb1e858b1448b  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 966030cb-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:07:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x7ac  Startzeit der fehlerhaften Anwendung: 0x01cdb1e87c8bfeab  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: ba3d4c4c-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:08:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x1670  Startzeit der fehlerhaften Anwendung: 0x01cdb1e8a0696817  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: de185457-1ddb-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:09:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x42c  Startzeit der fehlerhaften Anwendung: 0x01cdb1e8c4448f65  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 01f83e66-1ddc-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:10:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x13e0  Startzeit der fehlerhaften Anwendung: 0x01cdb1e8e8238f1c  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 25d27b5d-1ddc-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:11:15 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x12a8  Startzeit der fehlerhaften Anwendung: 0x01cdb1e90c050039  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 49b64dda-1ddc-11e2-b1b3-20cf3062b3b1
 
Error - 24.10.2012 09:13:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dcc9f1  ID des fehlerhaften
 Prozesses: 0x1a30  Startzeit der fehlerhaften Anwendung: 0x01cdb1e95f3d7b75  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 9dad372c-1ddc-11e2-b1b3-20cf3062b3b1
 
[ Media Center Events ]
Error - 16.12.2011 04:21:33 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:33 - Fehler beim Herstellen der Internetverbindung.  09:21:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.12.2011 04:21:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:38 - Fehler beim Herstellen der Internetverbindung.  09:21:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.12.2011 14:05:50 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:50 - Fehler beim Herstellen der Internetverbindung.  19:05:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.12.2011 14:05:59 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:55 - Fehler beim Herstellen der Internetverbindung.  19:05:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.12.2011 04:25:52 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:52 - Fehler beim Herstellen der Internetverbindung.  09:25:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.12.2011 04:26:03 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:57 - Fehler beim Herstellen der Internetverbindung.  09:25:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.12.2011 04:01:32 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:32 - Fehler beim Herstellen der Internetverbindung.  09:01:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.12.2011 04:01:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:38 - Fehler beim Herstellen der Internetverbindung.  09:01:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 04:39:11 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:11 - Fehler beim Herstellen der Internetverbindung.  09:39:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 04:39:20 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:16 - Fehler beim Herstellen der Internetverbindung.  09:39:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 26.02.2012 08:43:30 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16050
 seconds with 8220 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2012 15:01:59 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31775
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2012 04:45:15 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3033
 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error - 07.10.2012 05:27:51 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8388
 seconds with 3780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
 beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 300000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 2 
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.10.2012 09:19:30 | Computer Name = Tickert | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 24.10.2012 09:19:56 | Computer Name = Tickert | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 24.10.2012 09:21:07 | Computer Name = Tickert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 24.10.2012 09:31:37 | Computer Name = Tickert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.10.2012 09:33:53 | Computer Name = Tickert | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 24.10.2012 09:34:40 | Computer Name = Tickert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         

Alt 26.10.2012, 07:42   #14
Psychotic
/// Malwareteam
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



Schritt 1: Fix mit OTL


  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
[2012.09.12 18:49:12 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

:FILES
C:\Program Files (x86)\DealPly
C:\Program Files (x86)\SweetIM
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}
:COMMANDS
[emptytemp]
[emptyjava]
[emptyflash]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.10.2012, 12:43   #15
Snorre
 
ATRAPS.gen2 von AVIRA gemeldet - Standard

ATRAPS.gen2 von AVIRA gemeldet



OTL Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\DealPly not found.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U folder moved successfully.
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L folder moved successfully.
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andreas Tickert
->Temp folder emptied: 218030 bytes
->Temporary Internet Files folder emptied: 638797880 bytes
->Java cache emptied: 2479135 bytes
->FireFox cache emptied: 75711469 bytes
->Flash cache emptied: 549 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 684,00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Andreas Tickert
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andreas Tickert
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10272012_132703

Files\Folders moved on Reboot...
C:\Users\Andreas Tickert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
MBam hat keine infizierten Dateien mehr gefunden:


Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andreas Tickert :: TICKERT [Administrator]

27.10.2012 13:43:55
mbam-log-2012-10-27 (13-43-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208895
Laufzeit: 4 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu ATRAPS.gen2 von AVIRA gemeldet
anhang, atraps.gen, atraps.gen2, avira, gemeldet, infektion, logdatei, melde, meldet, stunde, virus.win64.zaccess.a



Ähnliche Themen: ATRAPS.gen2 von AVIRA gemeldet


  1. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von avira gemeldet
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (18)
  3. ATRAPS.gen2 von AVIRA gemeldet
    Log-Analyse und Auswertung - 01.01.2013 (11)
  4. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira in $Recycle.bin gemeldet.
    Log-Analyse und Auswertung - 18.12.2012 (31)
  5. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  6. TR/ATRAPS Gen und TR/ATRAPS Gen2 C:\RECYCLER\S-1-5-21-3287549451-3649138221-mit Avira endeckt. Mit Malewarebytes entfernt. Logfiles angefügt
    Log-Analyse und Auswertung - 13.10.2012 (2)
  7. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  8. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  9. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  10. Avira findet dauernd TR/ATRAPS.Gen und TR/ATRAPS.Gen2, was muss ich machen damit es verschwindet ?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (25)
  11. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  12. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  13. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)
  14. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  15. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  16. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  17. TR/ATRAPS.GEN und TR/ATRAPS.GEN2 von Avira und Malwarebytes nicht aufzufinden
    Log-Analyse und Auswertung - 10.06.2012 (1)

Zum Thema ATRAPS.gen2 von AVIRA gemeldet - Seit ner Stunde meldet mein AVIRA ne INfektion mit ATRAPS.gen2 Im Anhang die Logdatei von Malwarebytes. Hoffe dat kann man wieder gerade biegen. Gruß Andi - ATRAPS.gen2 von AVIRA gemeldet...
Archiv
Du betrachtest: ATRAPS.gen2 von AVIRA gemeldet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.