Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.12.2012, 17:06   #1
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



Hallo,

auf meinem Gastkonto (Windows 7, 64 bit-Version), über das ich normalerweise in das Internet gehe, erschien heute eine GVU Sperrseite. Über den Taskmanager konnte ich auf mein Adminitratorkonto wechseln, hier lief alles normal. Ich bin dann auf eure Seite gestossen und habe über Malwarebytes Anti-Malware einen Quickscan laufen lassen. Dabei kamen drei Funde zu Tage, hier der Report:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-PC [Administrator]

27.12.2012 16:10:25
mbam-log-2012-12-27 (16-10-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228920
Laufzeit: 4 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Gast\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Wie muss ich jetzt weiter vorgehen?

Gruß - Mattes

Alt 27.12.2012, 17:08   #2
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 27.12.2012, 18:22   #3
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



So, habe den Scan ausgeführt, hier die beiden Terxte:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.12.2012 17:50:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users...\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,56% Memory free
15,89 Gb Paging File | 13,90 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 262,09 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,86 Gb Free Space | 92,65% Space Free | Partition Type: NTFS
Drive F: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ...-PC | User Name: ...| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matthias\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lidl_Fotos\dd.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\78940b28c21e0cc28b4b5121b667529f\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\aac83e0898f30f883ab3ba6e36270531\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lidl_Fotos\dd.exe ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\pmc.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\PixiePack Codec Pack\ffdshow.ax ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (rsvcdwdr) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys (RapidSolution Software AG)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (hcw17bda) -- C:\Windows\SysNative\drivers\hcw17bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DCamUSBET) -- C:\Windows\SysNative\drivers\etDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBET) -- C:\Windows\SysNative\drivers\etFilter64.sys (eMPIA Technology Inc.)
DRV:64bit: - (ScanUSBET) -- C:\Windows\SysNative\drivers\etScan64.sys (eMPIA Technology, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_deDE461
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2456286054-207897345-204598818-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.45
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.27 12:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 17:25:42 | 000,000,000 | ---D | M]
 
[2011.12.05 17:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.12.27 15:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\d7bnkbgv.default\extensions
[2012.12.07 23:39:19 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\d7bnkbgv.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012.12.27 15:59:48 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\d7bnkbgv.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2011.12.05 23:49:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\d7bnkbgv.default\extensions\engine@conduit.com
[2012.12.09 15:49:57 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\d7bnkbgv.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.11.21 17:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.29 22:34:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.07 23:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2012.12.07 23:55:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.07 23:55:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.11 17:25:42 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: iGoogle
CHR - homepage: iGoogle
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2456286054-207897345-204598818-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe (EMPIA Technology Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2456286054-207897345-204598818-1001..\Run: [Device Detection] C:\Program Files (x86)\Lidl_Fotos\dd.exe ()
O4 - HKU\S-1-5-21-2456286054-207897345-204598818-1001..\Run: [Facebook Update] C:\Users\Matthias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2456286054-207897345-204598818-1001..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2456286054-207897345-204598818-1001..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{159694A2-AD39-4632-A5BF-D1668E74E83E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B90C8-E1C6-4DBE-98C3-CEC093B9E718}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7621CF30-DD8F-42A9-A4B0-408B9C880D6E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A5C7118-2679-4E64-AE9A-6F14CA420B4B}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C361035-462E-4BD0-831E-A435CDDAA793}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.05 15:21:18 | 000,000,000 | ---D | M] - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2004.10.05 18:11:42 | 000,180,224 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004.08.24 16:57:32 | 000,000,042 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.12.27 16:09:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.27 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.27 16:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.27 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.27 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Sicherheit
[2012.12.27 12:46:07 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\TuneUp Software
[2012.12.27 12:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.27 12:46:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.27 12:46:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.27 12:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.27 12:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.27 11:45:07 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2012.12.09 16:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.09 16:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.09 16:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.09 16:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.09 16:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.07 23:35:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Facebook
[2012.12.03 15:47:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\RCT3
[2012.12.03 15:47:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Atari
[2012.12.03 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Leadertech
[2012.12.03 15:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2012.12.03 15:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2012.11.30 19:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.30 19:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 17:48:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 17:48:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 17:44:26 | 001,486,038 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.27 17:44:26 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.27 17:44:26 | 000,602,582 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.27 17:44:26 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.27 17:44:26 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.27 17:44:01 | 000,000,940 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001UA.job
[2012.12.27 17:37:53 | 000,364,521 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.12.27 17:37:42 | 000,001,958 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2012.12.27 17:37:16 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 17:37:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.27 17:36:37 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 17:01:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.27 17:01:00 | 000,000,262 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
[2012.12.27 16:25:37 | 000,001,916 | ---- | M] () -- C:\Users\Matthias\Desktop\Malware.rtf
[2012.12.27 16:25:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 16:09:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 15:39:25 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.24 00:22:36 | 000,000,918 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001Core.job
[2012.12.22 11:46:44 | 000,354,224 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.12 15:34:11 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.12.12 15:34:11 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.12.09 16:10:45 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.03 15:47:05 | 000,043,520 | ---- | M] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2012.12.03 15:44:49 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2012.11.30 19:31:37 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.27 16:25:36 | 000,001,916 | ---- | C] () -- C:\Users\Matthias\Desktop\Malware.rtf
[2012.12.27 16:09:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 15:39:25 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.09 16:10:45 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.07 23:35:15 | 000,000,940 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001UA.job
[2012.12.07 23:35:15 | 000,000,918 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001Core.job
[2012.12.03 15:47:05 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2012.12.03 15:44:49 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.08.24 20:24:59 | 000,000,872 | ---- | C] () -- C:\Users\Matthias\AppData\Local\recently-used.xbel
[2012.03.28 20:09:27 | 000,017,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\WebpageIcons.db
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.02.14 17:20:22 | 000,000,135 | ---- | C] () -- C:\windows\ODBC.INI
[2012.02.14 17:20:21 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012.02.14 17:20:07 | 000,037,639 | ---- | C] () -- C:\windows\Irremote.ini
[2012.02.14 17:20:03 | 000,142,337 | ---- | C] () -- C:\windows\SysWow64\Wait.exe
[2012.02.14 17:19:47 | 000,006,026 | ---- | C] () -- C:\windows\HCWPNP.INI
[2012.01.25 17:47:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.12.08 09:32:48 | 000,005,632 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.05 19:29:16 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.09 14:29:43 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.11.09 14:29:43 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.11.09 14:14:39 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.11.09 14:14:39 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.11.09 14:14:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.11.09 14:14:39 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.11.09 14:14:33 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.11.09 14:05:12 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011.11.09 14:05:12 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011.11.09 14:02:18 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.11.09 13:50:23 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.03 16:07:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Atari
[2012.12.27 14:01:09 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Dropbox
[2012.05.26 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\MAGIX
[2012.07.20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Simfy
[2012.12.27 12:10:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\SoftGrid Client
[2011.12.05 23:55:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo
[2012.12.03 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Atari
[2012.12.27 11:45:07 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2012.12.27 12:43:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoft
[2012.09.06 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.03 15:46:37 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Leadertech
[2011.12.11 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2012.12.27 12:43:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenCandy
[2012.12.27 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftGrid Client
[2011.12.05 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TP
[2012.12.27 12:46:07 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< Code: >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011.11.09 14:07:55 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.09 14:07:55 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.01.25 17:49:27 | 000,000,262 | ---- | C] () -- C:\windows\Tasks\HP Photo Creations Messager.job
[2012.03.28 20:08:28 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012.12.07 23:35:15 | 000,000,918 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001Core.job
[2012.12.07 23:35:15 | 000,000,940 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001UA.job
 
< --------- >
 
< %SYSTEMDRIVE%\*. >
[2011.12.07 13:27:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.05 17:38:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.25 19:16:27 | 000,000,000 | ---D | M] -- C:\Games
[2012.01.24 19:45:22 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.09 16:10:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.27 16:09:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.27 16:15:42 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.05 17:38:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.05 17:38:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.27 17:51:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.09 14:12:11 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2011.12.05 19:51:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.27 13:02:45 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.11.09 05:31:42 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.11.09 05:31:42 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.11.09 05:31:42 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.11.09 05:31:42 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.11.09 05:31:42 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.11.09 05:31:42 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.02.18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys
[2011.02.18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.11.09 05:33:50 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.11.09 05:33:50 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.11.09 05:33:50 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.11.09 05:33:50 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.11.09 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.11.09 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.11.09 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.11.09 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll
 
< %USERPROFILE%\*.* >
[2012.12.27 18:00:47 | 002,883,584 | -HS- | M] () -- C:\Users...\ntuser.dat
[2012.12.27 18:00:47 | 000,262,144 | -HS- | M] () -- C:\Users...\ntuser.dat.LOG1
[2011.12.05 17:39:05 | 000,000,000 | -HS- | M] () -- C:\Users...\ntuser.dat.LOG2
[2011.12.05 18:11:07 | 000,065,536 | -HS- | M] () -- C:\Users...\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.05 18:11:07 | 000,524,288 | -HS- | M] () -- C:\Users...\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.05 18:11:07 | 000,524,288 | -HS- | M] () -- C:\Users...\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.12 15:54:47 | 000,065,536 | -HS- | M] () -- C:\Users...\ntuser.dat{6dce0b3e-e45e-11e1-95fd-dc0ea1671c09}.TM.blf
[2012.08.12 15:54:47 | 000,524,288 | -HS- | M] () -- C:\Users...\ntuser.dat{6dce0b3e-e45e-11e1-95fd-dc0ea1671c09}.TMContainer00000000000000000001.regtrans-ms
[2012.08.12 15:54:47 | 000,524,288 | -HS- | M] () -- C:\Users...\ntuser.dat{6dce0b3e-e45e-11e1-95fd-dc0ea1671c09}.TMContainer00000000000000000002.regtrans-ms
[2012.11.23 23:01:35 | 000,065,536 | -HS- | M] () -- C:\Users...\ntuser.dat{7cc10cc9-35b4-11e2-999b-dc0ea1671c09}.TM.blf
[2012.11.23 23:01:35 | 000,524,288 | -HS- | M] () -- C:\Users...\ntuser.dat{7cc10cc9-35b4-11e2-999b-dc0ea1671c09}.TMContainer00000000000000000001.regtrans-ms
[2012.11.23 23:01:35 | 000,524,288 | -HS- | M] () -- C:\Users...\ntuser.dat{7cc10cc9-35b4-11e2-999b-dc0ea1671c09}.TMContainer00000000000000000002.regtrans-ms
[2011.12.05 17:39:05 | 000,000,020 | -HS- | M] () -- C:\Users...\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< --------- >

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.12.2012 17:50:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users...\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,56% Memory free
15,89 Gb Paging File | 13,90 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 262,09 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,86 Gb Free Space | 92,65% Space Free | Partition Type: NTFS
Drive F: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ...PC | User Name: ...| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2456286054-207897345-204598818-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00635C7B-80A4-4FAF-9097-700CFF7E7E4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{069CCA53-5614-46F1-AF45-87C95FA8B496}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{06C0580C-3711-4F5D-A8B3-8AFD7786DC68}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0D7F91B0-8497-4260-BEFE-1E9E65A9CF11}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{14B8CB42-DC6E-4B77-8F3D-3C932C5D8412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28C384D7-735B-4836-AA9B-117B859CAEB3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{77EFEB28-DFBA-43C2-8B8A-BCADED2E2012}" = rport=139 | protocol=6 | dir=out | app=system | 
"{81CC6F98-3294-44FF-812C-4F96F03E9437}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8CAB2CE0-5334-46A1-B39C-D5A85AF94B4D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8CC09458-0DF3-41BD-8D92-FBE204DAE7D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{994CEB26-8088-4136-8AE7-78EDDD905B06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0470867-CD21-477B-9BE1-08C67D20987C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA854079-9B65-4C3E-BA19-4AABA847B852}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AB039E61-D79E-4D79-B954-248E27652B71}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC13D055-2A10-45DB-BD52-A5E5F915BEFA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B02DAD9B-9EF6-4D42-BE9A-815A49648476}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B7332CCA-DED9-4698-807F-165C975C0EE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D0A6FFBB-DCDA-43C5-B083-AC286049E60F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D8C050D8-4BB6-40E7-A04A-BCF7DB1842D3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DC0EE4D7-8B3C-4330-8E27-93DAE4979B95}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E8830075-E606-4927-A0B7-076E2ECCA701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{ECF047BE-BBD1-419C-8223-3D1C5181B92D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F977736C-4279-44D0-997A-44A35930B270}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BEBC8A-9B5F-4A93-9C5D-C0BD5036BCE5}" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe | 
"{14B57309-A5A6-49A1-8353-95F05B4E80E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{14B8A005-888A-424C-B799-F61A520D3D51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{18DBCF77-4571-49A7-B49B-0923B5EF5403}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1A0F97E7-96E1-443C-9EA1-A6AF027536EA}" = protocol=6 | dir=out | app=system | 
"{2455FCF2-83FF-404C-9051-31EE7695DFFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2A081B03-B03C-49A4-937B-07439421FB75}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2D60ADD2-1191-4BA2-8297-6EE621B14493}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2E2B58E6-7CAA-4B81-BC53-5BC6A4185FA0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3045CCB4-7627-4B92-8BCA-95614C6C647B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4194024F-E9CA-44F0-8702-69E60C1B8C92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{46DEFCCF-4B27-46D9-BE94-CF4D6F882172}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AB7F483-5BB9-4C3C-8C05-590CCF239AAA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{693BFAC5-3E75-4962-9D57-DEB2562A9630}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6ADBECFF-FF53-405F-8511-FBA799740463}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{7A123CB7-3066-4FDD-8660-846516E75499}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B02D688-AEC2-4D24-95A5-F811847823B1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7D3AABD4-47FD-49AD-98AE-1C73B357E014}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D935C99-A543-4BF6-BC33-72E136AB5BD7}" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe | 
"{882BBE05-83C5-41BF-9D79-56546594589A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A7D8E4F-DDEC-421B-BF00-D666CF7D9C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D4DBE2E-976C-4DDA-B458-1028E67B4813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E658EAA-53D8-48EA-B82F-5F380EE0FC47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9098D133-F404-4170-84A4-44AA86D690BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{932036B1-A99E-4AF1-9579-D9CD20F602BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9AFB5910-18E3-4343-BEF3-7D79AA59D7AC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A900C411-5554-4DF3-9505-B543460024EE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AA7C86B5-28A6-4FEE-A720-7768287262C1}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{AB8FBEA5-AC79-430A-B152-D9777FB1BD0F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BD128A29-9E22-4061-A508-B1D253815EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF7DED5B-7DA1-4B04-9D79-0DAB8C589EC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D88300CC-5CC2-4993-A0B1-59E4D72DF1D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2353075-DE6C-45B9-906D-23F459588566}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0BF4E84-0EE3-4E47-B90E-27B40348E022}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D4452EF7-1982-400C-82AB-6BE9400A7EC3}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B5F2D4C-3B63-4EEF-A881-CFD39E8D9C47}" = MAGIX Screenshare
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D1FAE3E-7A6F-4045-BBF5-55DB4C5FB5FD}" = MAGIX Online Druck Service
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8BB05BC-2C4A-4178-A819-64B8F5392960}" = Radiotracker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B435433C-110A-4853-843A-7BD1EE59624E}_is1" = PlayerLiteHJ 1.0.2.2.LHJ
"{B5BC0FE6-29E8-4583-AA3E-AD8623CF3A51}" = MAGIX Xtreme Foto & Grafik Designer 5 (Silver)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85B0C49-754F-47FA-81CB-0C541D4084E2}" = MAGIX Foto Manager 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F69DC77F-A62C-428B-B00A-A15F5965020F}" = COMPUTERBILD-Abzockschutz
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bengal Special" = Bengal Special
"conduitEngine" = Conduit Engine
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Fried Cookie Updater" = Fried Cookie Updater
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HP Photo Creations" = HP Photo Creations
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Lidl-Fotos_is1" = Lidl-Fotos
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_XtremeGrafik5_Silver" = MAGIX Xtreme Foto & Grafik Designer 5 (Silver)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ringtone Maker" = Ringtone Maker
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wondershare Video Converter für iPod & iPhone_is1" = Wondershare Video Converter für iPod & iPhone(Build 4.2.0.56)
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2012 10:51:16 | Computer Name = ...PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2012 09:35:18 | Computer Name = ...PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2012 10:00:02 | Computer Name = ...PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2012 10:20:26 | Computer Name = ...PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 13.09.2012 12:26:43 | Computer Name = ...PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.09.2012 12:26:43 | Computer Name = ...PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15569
 
Error - 13.09.2012 12:26:43 | Computer Name = ...PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15569
 
Error - 13.09.2012 17:39:52 | Computer Name = ...PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2012 01:33:01 | Computer Name = ...PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2012 01:58:28 | Computer Name = ...PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.12.2012 10:42:52 | Computer Name = ...PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.12.2012 10:42:52 | Computer Name = ...PC | Source = DCOM | ID = 10000
Description = 
 
Error - 27.12.2012 11:27:04 | Computer Name = ...PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 27.12.2012 11:27:04 | Computer Name = ...PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 27.12.2012 11:27:08 | Computer Name = ...PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 27.12.2012 11:27:08 | Computer Name = ...PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 27.12.2012 12:37:06 | Computer Name = ...PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 27.12.2012 12:37:06 | Computer Name = ...PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 27.12.2012 12:37:08 | Computer Name = ...PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 27.12.2012 12:37:08 | Computer Name = ...PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---
__________________

Alt 27.12.2012, 18:23   #4
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



xxxx

Geändert von mattes4711 (27.12.2012 um 18:41 Uhr) Grund: antwort war doppelt

Alt 27.12.2012, 19:42   #5
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 20:13   #6
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



So, hab ich gemacht. Programm hat zwei Sachen gefunden. Ein weiterer Durchlauf nach Neustart ergab keinen Treffer mehr. Hab leider vergessen, den report nach dem ersten Durchlauf zu sichern.

Jetzt sind in dem Anti-Malware Programm noch drei Dateien (?) in der Quarantäne. Soolen die da bleiben oder sollen die gelöscht werden?

Alt 27.12.2012, 20:15   #7
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



öffne c: tdsskiller-version-datum.txt
inhalt posten
hast du etwa gelöscht mit dem TDSS killer, ich hatte eig gesagt du sollst skip wählen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 20:24   #8
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



Ja, hatte wohl leider gelöscht, sorry. Hier der Inhalt:
19:57:21.0440 6604 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:57:21.0737 6604 ============================================================
19:57:21.0737 6604 Current date / time: 2012/12/27 19:57:21.0737
19:57:21.0737 6604 SystemInfo:
19:57:21.0737 6604
19:57:21.0737 6604 OS Version: 6.1.7601 ServicePack: 1.0
19:57:21.0737 6604 Product type: Workstation
19:57:21.0737 6604 ComputerName: MATTHIAS-PC
19:57:21.0737 6604 UserName: Matthias
19:57:21.0737 6604 Windows directory: C:\windows
19:57:21.0737 6604 System windows directory: C:\windows
19:57:21.0737 6604 Running under WOW64
19:57:21.0737 6604 Processor architecture: Intel x64
19:57:21.0737 6604 Number of processors: 4
19:57:21.0737 6604 Page size: 0x1000
19:57:21.0737 6604 Boot type: Normal boot
19:57:21.0737 6604 ============================================================
19:57:22.0158 6604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:57:22.0158 6604 ============================================================
19:57:22.0158 6604 \Device\Harddisk0\DR0:
19:57:22.0158 6604 MBR partitions:
19:57:22.0158 6604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:57:22.0158 6604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
19:57:22.0189 6604 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
19:57:22.0189 6604 ============================================================
19:57:22.0252 6604 C: <-> \Device\Harddisk0\DR0\Partition2
19:57:22.0298 6604 D: <-> \Device\Harddisk0\DR0\Partition3
19:57:22.0298 6604 ============================================================
19:57:22.0298 6604 Initialize success
19:57:22.0298 6604 ============================================================
19:57:32.0314 6956 ============================================================
19:57:32.0314 6956 Scan started
19:57:32.0314 6956 Mode: Manual; SigCheck; TDLFS;
19:57:32.0314 6956 ============================================================
19:57:32.0641 6956 ================ Scan system memory ========================
19:57:32.0641 6956 System memory - ok
19:57:32.0641 6956 ================ Scan services =============================
19:57:32.0907 6956 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:57:33.0047 6956 1394ohci - ok
19:57:33.0078 6956 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:57:33.0109 6956 ACPI - ok
19:57:33.0109 6956 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:57:33.0203 6956 AcpiPmi - ok
19:57:33.0281 6956 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
19:57:33.0312 6956 ACPIVPC - ok
19:57:33.0421 6956 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:33.0453 6956 AdobeARMservice - ok
19:57:33.0655 6956 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:33.0687 6956 AdobeFlashPlayerUpdateSvc - ok
19:57:33.0718 6956 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:57:33.0749 6956 adp94xx - ok
19:57:33.0765 6956 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:57:33.0796 6956 adpahci - ok
19:57:33.0796 6956 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:57:33.0827 6956 adpu320 - ok
19:57:33.0858 6956 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:57:33.0967 6956 AeLookupSvc - ok
19:57:34.0045 6956 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:57:34.0123 6956 AFD - ok
19:57:34.0170 6956 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:57:34.0186 6956 agp440 - ok
19:57:34.0201 6956 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:57:34.0295 6956 ALG - ok
19:57:34.0326 6956 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:57:34.0342 6956 aliide - ok
19:57:34.0357 6956 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:57:34.0389 6956 amdide - ok
19:57:34.0404 6956 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:57:34.0467 6956 AmdK8 - ok
19:57:34.0467 6956 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:57:34.0529 6956 AmdPPM - ok
19:57:34.0576 6956 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:57:34.0607 6956 amdsata - ok
19:57:34.0623 6956 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:57:34.0654 6956 amdsbs - ok
19:57:34.0685 6956 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:57:34.0701 6956 amdxata - ok
19:57:34.0825 6956 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:57:34.0857 6956 AntiVirSchedulerService - ok
19:57:34.0888 6956 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:57:34.0903 6956 AntiVirService - ok
19:57:34.0950 6956 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:57:35.0059 6956 AppID - ok
19:57:35.0106 6956 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:57:35.0184 6956 AppIDSvc - ok
19:57:35.0231 6956 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:57:35.0356 6956 Appinfo - ok
19:57:35.0465 6956 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:57:35.0481 6956 Apple Mobile Device - ok
19:57:35.0512 6956 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:57:35.0543 6956 arc - ok
19:57:35.0574 6956 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:57:35.0590 6956 arcsas - ok
19:57:35.0605 6956 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:57:35.0699 6956 AsyncMac - ok
19:57:35.0746 6956 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:57:35.0761 6956 atapi - ok
19:57:35.0793 6956 [ F88EF61BCD43ADDF2C9555430C16CD96 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
19:57:35.0824 6956 atksgt - ok
19:57:35.0855 6956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:57:35.0980 6956 AudioEndpointBuilder - ok
19:57:36.0027 6956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:57:36.0089 6956 AudioSrv - ok
19:57:36.0136 6956 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
19:57:36.0136 6956 avgntflt - ok
19:57:36.0198 6956 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
19:57:36.0229 6956 avipbb - ok
19:57:36.0261 6956 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
19:57:36.0276 6956 avkmgr - ok
19:57:36.0323 6956 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:57:36.0401 6956 AxInstSV - ok
19:57:36.0448 6956 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:57:36.0541 6956 b06bdrv - ok
19:57:36.0588 6956 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:57:36.0651 6956 b57nd60a - ok
19:57:36.0760 6956 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:57:36.0791 6956 BBSvc - ok
19:57:36.0853 6956 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:57:36.0885 6956 BBUpdate - ok
19:57:37.0041 6956 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
19:57:37.0212 6956 BCM43XX - ok
19:57:37.0259 6956 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:57:37.0337 6956 BDESVC - ok
19:57:37.0384 6956 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:57:37.0493 6956 Beep - ok
19:57:37.0555 6956 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:57:37.0649 6956 BFE - ok
19:57:37.0711 6956 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:57:37.0805 6956 BITS - ok
19:57:37.0852 6956 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:57:37.0883 6956 blbdrive - ok
19:57:37.0961 6956 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:57:37.0992 6956 Bonjour Service - ok
19:57:38.0023 6956 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:57:38.0086 6956 bowser - ok
19:57:38.0117 6956 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
19:57:38.0133 6956 BPntDrv - ok
19:57:38.0179 6956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:57:38.0226 6956 BrFiltLo - ok
19:57:38.0242 6956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:57:38.0273 6956 BrFiltUp - ok
19:57:38.0320 6956 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:57:38.0382 6956 Browser - ok
19:57:38.0398 6956 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:57:38.0491 6956 Brserid - ok
19:57:38.0507 6956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:57:38.0569 6956 BrSerWdm - ok
19:57:38.0569 6956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:57:38.0616 6956 BrUsbMdm - ok
19:57:38.0632 6956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:57:38.0663 6956 BrUsbSer - ok
19:57:38.0741 6956 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:57:38.0819 6956 BthEnum - ok
19:57:38.0850 6956 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:57:38.0913 6956 BTHMODEM - ok
19:57:38.0913 6956 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:57:38.0975 6956 BthPan - ok
19:57:39.0053 6956 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:57:39.0115 6956 BTHPORT - ok
19:57:39.0162 6956 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:57:39.0240 6956 bthserv - ok
19:57:39.0256 6956 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:57:39.0318 6956 BTHUSB - ok
19:57:39.0412 6956 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:57:39.0505 6956 cdfs - ok
19:57:39.0552 6956 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:57:39.0599 6956 cdrom - ok
19:57:39.0630 6956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:57:39.0739 6956 CertPropSvc - ok
19:57:39.0771 6956 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:57:39.0817 6956 circlass - ok
19:57:39.0849 6956 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:57:39.0880 6956 CLFS - ok
19:57:39.0973 6956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:39.0989 6956 clr_optimization_v2.0.50727_32 - ok
19:57:40.0036 6956 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:57:40.0051 6956 clr_optimization_v2.0.50727_64 - ok
19:57:40.0114 6956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:40.0145 6956 clr_optimization_v4.0.30319_32 - ok
19:57:40.0176 6956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:57:40.0207 6956 clr_optimization_v4.0.30319_64 - ok
19:57:40.0254 6956 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
19:57:40.0270 6956 clwvd - ok
19:57:40.0317 6956 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:57:40.0363 6956 CmBatt - ok
19:57:40.0395 6956 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:57:40.0410 6956 cmdide - ok
19:57:40.0473 6956 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
19:57:40.0535 6956 CNG - ok
19:57:40.0613 6956 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
19:57:40.0707 6956 CnxtHdAudService - ok
19:57:40.0753 6956 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:57:40.0785 6956 Compbatt - ok
19:57:40.0816 6956 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:57:40.0863 6956 CompositeBus - ok
19:57:40.0878 6956 COMSysApp - ok
19:57:40.0941 6956 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
19:57:40.0972 6956 cphs - ok
19:57:40.0987 6956 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:57:41.0003 6956 crcdisk - ok
19:57:41.0050 6956 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:57:41.0097 6956 CryptSvc - ok
19:57:41.0190 6956 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:57:41.0237 6956 cvhsvc - ok
19:57:41.0284 6956 [ A05C2E7F6C45213B299153EFE401489C ] DCamUSBET C:\windows\system32\DRIVERS\etDevice64.sys
19:57:41.0362 6956 DCamUSBET - ok
19:57:41.0409 6956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:57:41.0533 6956 DcomLaunch - ok
19:57:41.0565 6956 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:57:41.0643 6956 defragsvc - ok
19:57:41.0658 6956 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:57:41.0736 6956 DfsC - ok
19:57:41.0767 6956 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:57:41.0861 6956 Dhcp - ok
19:57:41.0892 6956 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:57:41.0986 6956 discache - ok
19:57:42.0033 6956 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:57:42.0064 6956 Disk - ok
19:57:42.0095 6956 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:57:42.0157 6956 Dnscache - ok
19:57:42.0204 6956 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:57:42.0313 6956 dot3svc - ok
19:57:42.0345 6956 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:57:42.0407 6956 DPS - ok
19:57:42.0469 6956 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:57:42.0516 6956 drmkaud - ok
19:57:42.0579 6956 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:57:42.0625 6956 DXGKrnl - ok
19:57:42.0657 6956 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:57:42.0735 6956 EapHost - ok
19:57:42.0828 6956 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:57:42.0906 6956 ebdrv - ok
19:57:42.0969 6956 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:57:43.0000 6956 EFS - ok
19:57:43.0062 6956 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:57:43.0156 6956 ehRecvr - ok
19:57:43.0171 6956 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:57:43.0203 6956 ehSched - ok
19:57:43.0249 6956 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:57:43.0281 6956 elxstor - ok
19:57:43.0281 6956 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:57:43.0312 6956 ErrDev - ok
19:57:43.0359 6956 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:57:43.0468 6956 EventSystem - ok
19:57:43.0515 6956 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\windows\system32\DRIVERS\ewusbwwan.sys
19:57:43.0577 6956 ewusbmbb - ok
19:57:43.0624 6956 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\windows\system32\DRIVERS\ew_hwusbdev.sys
19:57:43.0702 6956 ew_hwusbdev - ok
19:57:43.0733 6956 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:57:43.0811 6956 exfat - ok
19:57:43.0858 6956 Fabs - ok
19:57:43.0905 6956 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:57:43.0998 6956 fastfat - ok
19:57:44.0061 6956 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:57:44.0139 6956 Fax - ok
19:57:44.0154 6956 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
19:57:44.0170 6956 fbfmon - ok
19:57:44.0185 6956 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:57:44.0232 6956 fdc - ok
19:57:44.0263 6956 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:57:44.0357 6956 fdPHost - ok
19:57:44.0388 6956 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:57:44.0497 6956 FDResPub - ok
19:57:44.0529 6956 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:57:44.0544 6956 FileInfo - ok
19:57:44.0575 6956 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:57:44.0685 6956 Filetrace - ok
19:57:44.0731 6956 [ CFF00A40BE20AF27A156B72F5B17777C ] FiltUSBET C:\windows\system32\DRIVERS\etFilter64.sys
19:57:44.0763 6956 FiltUSBET - ok
19:57:44.0872 6956 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:57:44.0981 6956 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:57:44.0981 6956 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:57:45.0028 6956 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:57:45.0059 6956 flpydisk - ok
19:57:45.0075 6956 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:57:45.0106 6956 FltMgr - ok
19:57:45.0153 6956 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:57:45.0246 6956 FontCache - ok
19:57:45.0324 6956 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:57:45.0340 6956 FontCache3.0.0.0 - ok
19:57:45.0371 6956 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:57:45.0387 6956 FsDepends - ok
19:57:45.0418 6956 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:57:45.0449 6956 Fs_Rec - ok
19:57:45.0480 6956 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:57:45.0527 6956 fvevol - ok
19:57:45.0558 6956 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:57:45.0589 6956 gagp30kx - ok
19:57:45.0605 6956 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:57:45.0636 6956 GEARAspiWDM - ok
19:57:45.0683 6956 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:57:45.0761 6956 gpsvc - ok
19:57:45.0808 6956 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:57:45.0839 6956 gupdate - ok
19:57:45.0870 6956 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:57:45.0886 6956 gupdatem - ok
19:57:45.0917 6956 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:57:45.0933 6956 gusvc - ok
19:57:45.0995 6956 [ FFFF099F1DA0A4B7E765642A5A4D1399 ] HauppaugeTVServer C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
19:57:46.0011 6956 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
19:57:46.0011 6956 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
19:57:46.0042 6956 [ FFE2B6DA03F47DB339A538679D2DC600 ] hcw17bda C:\windows\system32\drivers\hcw17bda.sys
19:57:46.0104 6956 hcw17bda - ok
19:57:46.0135 6956 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:57:46.0198 6956 hcw85cir - ok
19:57:46.0229 6956 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:57:46.0291 6956 HdAudAddService - ok
19:57:46.0338 6956 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:57:46.0401 6956 HDAudBus - ok
19:57:46.0416 6956 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:57:46.0447 6956 HidBatt - ok
19:57:46.0479 6956 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:57:46.0541 6956 HidBth - ok
19:57:46.0572 6956 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:57:46.0619 6956 HidIr - ok
19:57:46.0650 6956 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:57:46.0744 6956 hidserv - ok
19:57:46.0759 6956 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:57:46.0791 6956 HidUsb - ok
19:57:46.0822 6956 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:57:46.0915 6956 hkmsvc - ok
19:57:46.0947 6956 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:57:47.0009 6956 HomeGroupListener - ok
19:57:47.0040 6956 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:57:47.0103 6956 HomeGroupProvider - ok
19:57:47.0134 6956 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:57:47.0165 6956 HpSAMD - ok
19:57:47.0227 6956 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:57:47.0352 6956 HTTP - ok
19:57:47.0416 6956 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
19:57:47.0462 6956 huawei_enumerator - ok
19:57:47.0540 6956 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
19:57:47.0634 6956 hwdatacard - ok
19:57:47.0728 6956 [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
19:57:47.0759 6956 HWDeviceService64.exe - ok
19:57:47.0774 6956 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:57:47.0790 6956 hwpolicy - ok
19:57:47.0837 6956 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:57:47.0868 6956 i8042prt - ok
19:57:47.0915 6956 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:57:47.0946 6956 iaStor - ok
19:57:48.0008 6956 [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:57:48.0024 6956 IAStorDataMgrSvc - ok
19:57:48.0071 6956 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:57:48.0118 6956 iaStorV - ok
19:57:48.0196 6956 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:57:48.0258 6956 idsvc - ok
19:57:48.0430 6956 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:57:48.0570 6956 igfx - ok
19:57:48.0601 6956 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:57:48.0617 6956 iirsp - ok
19:57:48.0664 6956 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:57:48.0757 6956 IKEEXT - ok
19:57:48.0820 6956 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:57:48.0851 6956 IntcDAud - ok
19:57:48.0866 6956 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:57:48.0882 6956 intelide - ok
19:57:48.0898 6956 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:57:48.0944 6956 intelppm - ok
19:57:48.0976 6956 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:57:49.0085 6956 IPBusEnum - ok
19:57:49.0116 6956 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:57:49.0163 6956 IpFilterDriver - ok
19:57:49.0210 6956 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:57:49.0288 6956 iphlpsvc - ok
19:57:49.0288 6956 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:57:49.0319 6956 IPMIDRV - ok
19:57:49.0366 6956 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:57:49.0490 6956 IPNAT - ok
19:57:49.0615 6956 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:57:49.0646 6956 iPod Service - ok
19:57:49.0678 6956 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:57:49.0740 6956 IRENUM - ok
19:57:49.0740 6956 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:57:49.0756 6956 isapnp - ok
19:57:49.0787 6956 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:57:49.0818 6956 iScsiPrt - ok
19:57:49.0849 6956 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:57:49.0865 6956 kbdclass - ok
19:57:49.0896 6956 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:57:49.0927 6956 kbdhid - ok
19:57:49.0958 6956 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:57:49.0974 6956 KeyIso - ok
19:57:50.0005 6956 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:57:50.0021 6956 KSecDD - ok
19:57:50.0052 6956 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:57:50.0083 6956 KSecPkg - ok
19:57:50.0099 6956 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:57:50.0192 6956 ksthunk - ok
19:57:50.0239 6956 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:57:50.0348 6956 KtmRm - ok
19:57:50.0380 6956 [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
19:57:50.0395 6956 L1C - ok
19:57:50.0442 6956 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:57:50.0536 6956 LanmanServer - ok
19:57:50.0582 6956 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:57:50.0692 6956 LanmanWorkstation - ok
19:57:50.0738 6956 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
19:57:50.0770 6956 LHDmgr - ok
19:57:50.0832 6956 [ 8E4CA9AFD55EF6B509C80A8715ABF8C6 ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
19:57:50.0848 6956 lirsgt - ok
19:57:50.0894 6956 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:57:50.0988 6956 lltdio - ok
19:57:51.0035 6956 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:57:51.0144 6956 lltdsvc - ok
19:57:51.0175 6956 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:57:51.0269 6956 lmhosts - ok
19:57:51.0316 6956 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:57:51.0331 6956 LMS - ok
19:57:51.0347 6956 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:57:51.0362 6956 LSI_FC - ok
19:57:51.0378 6956 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:57:51.0394 6956 LSI_SAS - ok
19:57:51.0394 6956 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:57:51.0409 6956 LSI_SAS2 - ok
19:57:51.0425 6956 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:57:51.0425 6956 LSI_SCSI - ok
19:57:51.0456 6956 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:57:51.0550 6956 luafv - ok
19:57:51.0596 6956 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:57:51.0643 6956 Mcx2Svc - ok
19:57:51.0659 6956 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:57:51.0674 6956 megasas - ok
19:57:51.0721 6956 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:57:51.0752 6956 MegaSR - ok
19:57:51.0784 6956 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:57:51.0815 6956 MEIx64 - ok
19:57:51.0846 6956 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:57:51.0924 6956 MMCSS - ok
19:57:52.0002 6956 [ 60AC73EB57682F361E07AE26A62DFD6A ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
19:57:52.0033 6956 Mobile Partner. RunOuc - ok
19:57:52.0049 6956 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:57:52.0127 6956 Modem - ok
19:57:52.0189 6956 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:57:52.0236 6956 monitor - ok
19:57:52.0298 6956 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:57:52.0330 6956 mouclass - ok
19:57:52.0376 6956 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:57:52.0423 6956 mouhid - ok
19:57:52.0486 6956 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:57:52.0501 6956 mountmgr - ok
19:57:52.0579 6956 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:57:52.0610 6956 MozillaMaintenance - ok
19:57:52.0626 6956 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:57:52.0657 6956 mpio - ok
19:57:52.0657 6956 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:57:52.0720 6956 mpsdrv - ok
19:57:52.0751 6956 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:57:52.0860 6956 MpsSvc - ok
19:57:52.0876 6956 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:57:52.0922 6956 MRxDAV - ok
19:57:52.0954 6956 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:57:53.0000 6956 mrxsmb - ok
19:57:53.0032 6956 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:57:53.0047 6956 mrxsmb10 - ok
19:57:53.0063 6956 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:57:53.0078 6956 mrxsmb20 - ok
19:57:53.0094 6956 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:57:53.0110 6956 msahci - ok
19:57:53.0110 6956 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:57:53.0141 6956 msdsm - ok
19:57:53.0172 6956 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:57:53.0234 6956 MSDTC - ok
19:57:53.0281 6956 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:57:53.0390 6956 Msfs - ok
19:57:53.0406 6956 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:57:53.0515 6956 mshidkmdf - ok
19:57:53.0531 6956 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:57:53.0562 6956 msisadrv - ok
19:57:53.0593 6956 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:57:53.0671 6956 MSiSCSI - ok
19:57:53.0687 6956 msiserver - ok
19:57:53.0734 6956 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:57:53.0812 6956 MSKSSRV - ok
19:57:53.0843 6956 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:57:53.0921 6956 MSPCLOCK - ok
19:57:53.0952 6956 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:57:53.0999 6956 MSPQM - ok
19:57:54.0030 6956 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:57:54.0046 6956 MsRPC - ok
19:57:54.0061 6956 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:57:54.0061 6956 mssmbios - ok
19:57:54.0077 6956 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:57:54.0124 6956 MSTEE - ok
19:57:54.0139 6956 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:57:54.0139 6956 MTConfig - ok
19:57:54.0186 6956 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:57:54.0217 6956 Mup - ok
19:57:54.0248 6956 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:57:54.0358 6956 napagent - ok
19:57:54.0404 6956 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:57:54.0451 6956 NativeWifiP - ok
19:57:54.0529 6956 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:57:54.0576 6956 NDIS - ok
19:57:54.0623 6956 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:57:54.0670 6956 NdisCap - ok
19:57:54.0701 6956 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:57:54.0732 6956 NdisTapi - ok
19:57:54.0748 6956 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:57:54.0841 6956 Ndisuio - ok
19:57:54.0872 6956 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:57:54.0982 6956 NdisWan - ok
19:57:55.0013 6956 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:57:55.0060 6956 NDProxy - ok
19:57:55.0091 6956 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:57:55.0153 6956 NetBIOS - ok
19:57:55.0184 6956 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:57:55.0247 6956 NetBT - ok
19:57:55.0262 6956 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:57:55.0278 6956 Netlogon - ok
19:57:55.0309 6956 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:57:55.0434 6956 Netman - ok
19:57:55.0481 6956 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:57:55.0590 6956 netprofm - ok
19:57:55.0621 6956 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:57:55.0637 6956 NetTcpPortSharing - ok
19:57:55.0668 6956 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:57:55.0699 6956 nfrd960 - ok
19:57:55.0746 6956 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:57:55.0793 6956 NlaSvc - ok
19:57:55.0808 6956 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:57:55.0855 6956 Npfs - ok
19:57:55.0886 6956 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:57:55.0980 6956 nsi - ok
19:57:56.0011 6956 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:57:56.0120 6956 nsiproxy - ok
19:57:56.0198 6956 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:57:56.0261 6956 Ntfs - ok
19:57:56.0276 6956 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:57:56.0370 6956 Null - ok
19:57:56.0386 6956 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:57:56.0432 6956 nvraid - ok
19:57:56.0464 6956 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:57:56.0479 6956 nvstor - ok
19:57:56.0495 6956 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:57:56.0526 6956 nv_agp - ok
19:57:56.0542 6956 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:57:56.0588 6956 ohci1394 - ok
19:57:56.0620 6956 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:56.0635 6956 ose - ok
19:57:56.0791 6956 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:57:56.0885 6956 osppsvc - ok
19:57:56.0916 6956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:57:56.0978 6956 p2pimsvc - ok
19:57:56.0994 6956 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:57:57.0025 6956 p2psvc - ok
19:57:57.0056 6956 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:57:57.0072 6956 Parport - ok
19:57:57.0103 6956 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:57:57.0119 6956 partmgr - ok
19:57:57.0134 6956 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:57:57.0181 6956 PcaSvc - ok
19:57:57.0212 6956 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:57:57.0228 6956 pci - ok
19:57:57.0244 6956 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:57:57.0259 6956 pciide - ok
19:57:57.0275 6956 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:57:57.0290 6956 pcmcia - ok
19:57:57.0337 6956 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:57:57.0368 6956 pcw - ok
19:57:57.0400 6956 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:57:57.0509 6956 PEAUTH - ok
19:57:57.0618 6956 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:57:57.0665 6956 PerfHost - ok
19:57:57.0758 6956 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:57:57.0899 6956 pla - ok
19:57:57.0946 6956 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:57:58.0024 6956 PlugPlay - ok
19:57:58.0039 6956 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:57:58.0086 6956 PNRPAutoReg - ok
19:57:58.0117 6956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:57:58.0164 6956 PNRPsvc - ok
19:57:58.0195 6956 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:57:58.0304 6956 PolicyAgent - ok
19:57:58.0351 6956 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:57:58.0460 6956 Power - ok
19:57:58.0492 6956 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:57:58.0586 6956 PptpMiniport - ok
19:57:58.0617 6956 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:57:58.0664 6956 Processor - ok
19:57:58.0711 6956 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:57:58.0789 6956 ProfSvc - ok
19:57:58.0805 6956 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:57:58.0836 6956 ProtectedStorage - ok
19:57:58.0867 6956 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:57:58.0976 6956 Psched - ok
19:57:59.0039 6956 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
19:57:59.0070 6956 PSI - ok
19:57:59.0148 6956 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:57:59.0195 6956 ql2300 - ok
19:57:59.0195 6956 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:57:59.0210 6956 ql40xx - ok
19:57:59.0257 6956 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:57:59.0319 6956 QWAVE - ok
19:57:59.0335 6956 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:57:59.0366 6956 QWAVEdrv - ok
19:57:59.0382 6956 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:57:59.0444 6956 RasAcd - ok
19:57:59.0507 6956 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:57:59.0561 6956 RasAgileVpn - ok
19:57:59.0608 6956 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:57:59.0702 6956 RasAuto - ok
19:57:59.0749 6956 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:57:59.0827 6956 Rasl2tp - ok
19:57:59.0873 6956 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:57:59.0936 6956 RasMan - ok
19:57:59.0951 6956 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:58:00.0014 6956 RasPppoe - ok
19:58:00.0045 6956 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:58:00.0123 6956 RasSstp - ok
19:58:00.0154 6956 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:58:00.0201 6956 rdbss - ok
19:58:00.0217 6956 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:58:00.0279 6956 rdpbus - ok
19:58:00.0310 6956 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:58:00.0373 6956 RDPCDD - ok
19:58:00.0388 6956 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:58:00.0451 6956 RDPENCDD - ok
19:58:00.0482 6956 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:58:00.0513 6956 RDPREFMP - ok
19:58:00.0544 6956 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:58:00.0607 6956 RdpVideoMiniport - ok
19:58:00.0638 6956 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:58:00.0716 6956 RDPWD - ok
19:58:00.0747 6956 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:58:00.0778 6956 rdyboost - ok
19:58:00.0825 6956 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:58:00.0887 6956 RemoteAccess - ok
19:58:00.0919 6956 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:58:00.0997 6956 RemoteRegistry - ok
19:58:01.0043 6956 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:58:01.0090 6956 RFCOMM - ok
19:58:01.0121 6956 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:58:01.0184 6956 RpcEptMapper - ok
19:58:01.0231 6956 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:58:01.0262 6956 RpcLocator - ok
19:58:01.0293 6956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:58:01.0355 6956 RpcSs - ok
19:58:01.0387 6956 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:58:01.0449 6956 rspndr - ok
19:58:01.0465 6956 [ 89DFB71B370D82DFE75183F677043CEE ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
19:58:01.0496 6956 RSUSBVSTOR - ok
19:58:01.0527 6956 [ 53F59CDD096E963B839A1D314000368C ] rsvcdwdr C:\windows\system32\DRIVERS\rsvcdwdr.sys
19:58:01.0543 6956 rsvcdwdr - ok
19:58:01.0574 6956 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:58:01.0605 6956 RTL8167 - ok
19:58:01.0621 6956 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:58:01.0652 6956 SamSs - ok
19:58:01.0652 6956 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:58:01.0683 6956 sbp2port - ok
19:58:01.0714 6956 [ FF3E9E410BAF2E210401CF6B455EF138 ] ScanUSBET C:\windows\system32\DRIVERS\etScan64.sys
19:58:01.0730 6956 ScanUSBET - ok
19:58:01.0777 6956 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:58:01.0886 6956 SCardSvr - ok
19:58:01.0901 6956 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:58:01.0995 6956 scfilter - ok
19:58:02.0042 6956 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:58:02.0135 6956 Schedule - ok
19:58:02.0167 6956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:58:02.0198 6956 SCPolicySvc - ok
19:58:02.0213 6956 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:58:02.0291 6956 SDRSVC - ok
19:58:02.0323 6956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:58:02.0401 6956 secdrv - ok
19:58:02.0432 6956 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:58:02.0525 6956 seclogon - ok
19:58:02.0603 6956 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:58:02.0650 6956 Secunia PSI Agent - ok
19:58:02.0697 6956 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
19:58:02.0744 6956 Secunia Update Agent - ok
19:58:02.0775 6956 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:58:02.0853 6956 SENS - ok
19:58:02.0884 6956 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:58:02.0931 6956 SensrSvc - ok
19:58:02.0962 6956 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:58:03.0009 6956 Serenum - ok
19:58:03.0040 6956 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:58:03.0087 6956 Serial - ok
19:58:03.0134 6956 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:58:03.0165 6956 sermouse - ok
19:58:03.0196 6956 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:58:03.0290 6956 SessionEnv - ok
19:58:03.0290 6956 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:58:03.0321 6956 sffdisk - ok
19:58:03.0321 6956 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:58:03.0368 6956 sffp_mmc - ok
19:58:03.0368 6956 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:58:03.0399 6956 sffp_sd - ok
19:58:03.0399 6956 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:58:03.0430 6956 sfloppy - ok
19:58:03.0477 6956 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
19:58:03.0524 6956 Sftfs - ok
19:58:03.0602 6956 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:58:03.0633 6956 sftlist - ok
19:58:03.0664 6956 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
19:58:03.0680 6956 Sftplay - ok
19:58:03.0695 6956 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
19:58:03.0711 6956 Sftredir - ok
19:58:03.0758 6956 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
19:58:03.0773 6956 Sftvol - ok
19:58:03.0805 6956 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:58:03.0820 6956 sftvsa - ok
19:58:03.0883 6956 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:58:03.0961 6956 SharedAccess - ok
19:58:04.0007 6956 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:58:04.0101 6956 ShellHWDetection - ok
19:58:04.0148 6956 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:58:04.0179 6956 SiSRaid2 - ok
19:58:04.0179 6956 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:58:04.0210 6956 SiSRaid4 - ok
19:58:04.0273 6956 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:58:04.0304 6956 SkypeUpdate - ok
19:58:04.0319 6956 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:58:04.0444 6956 Smb - ok
19:58:04.0507 6956 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:58:04.0538 6956 SNMPTRAP - ok
19:58:04.0553 6956 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:58:04.0585 6956 spldr - ok
19:58:04.0631 6956 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:58:04.0694 6956 Spooler - ok
19:58:04.0803 6956 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:58:04.0928 6956 sppsvc - ok
19:58:04.0959 6956 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:58:05.0006 6956 sppuinotify - ok
19:58:05.0037 6956 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:58:05.0068 6956 srv - ok
19:58:05.0099 6956 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:58:05.0146 6956 srv2 - ok
19:58:05.0162 6956 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:58:05.0177 6956 srvnet - ok
19:58:05.0209 6956 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:58:05.0302 6956 SSDPSRV - ok
19:58:05.0333 6956 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:58:05.0396 6956 SstpSvc - ok
19:58:05.0427 6956 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:58:05.0443 6956 stexstor - ok
19:58:05.0474 6956 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
19:58:05.0521 6956 StillCam - ok
19:58:05.0583 6956 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:58:05.0661 6956 stisvc - ok
19:58:05.0692 6956 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:58:05.0708 6956 swenum - ok
19:58:05.0739 6956 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:58:05.0817 6956 swprv - ok
19:58:05.0895 6956 [ 9643991B5CFD7A9BA68626B7A005F7E6 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:58:05.0942 6956 SynTP - ok
19:58:05.0989 6956 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:58:06.0067 6956 SysMain - ok
19:58:06.0082 6956 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:58:06.0113 6956 TabletInputService - ok
19:58:06.0129 6956 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:58:06.0176 6956 TapiSrv - ok
19:58:06.0207 6956 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\windows\system32\drivers\tbhsd.sys
19:58:06.0223 6956 tbhsd - ok
19:58:06.0254 6956 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:58:06.0285 6956 TBS - ok
19:58:06.0379 6956 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:58:06.0441 6956 Tcpip - ok
19:58:06.0519 6956 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:58:06.0581 6956 TCPIP6 - ok
19:58:06.0628 6956 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:58:06.0660 6956 tcpipreg - ok
19:58:06.0692 6956 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:58:06.0770 6956 TDPIPE - ok
19:58:06.0801 6956 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:58:06.0832 6956 TDTCP - ok
19:58:06.0848 6956 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:58:06.0926 6956 tdx - ok
19:58:06.0957 6956 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:58:06.0972 6956 TermDD - ok
19:58:07.0019 6956 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:58:07.0097 6956 TermService - ok
19:58:07.0113 6956 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:58:07.0128 6956 Themes - ok
19:58:07.0144 6956 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:58:07.0206 6956 THREADORDER - ok
19:58:07.0222 6956 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:58:07.0300 6956 TrkWks - ok
19:58:07.0362 6956 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:58:07.0425 6956 TrustedInstaller - ok
19:58:07.0440 6956 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:58:07.0550 6956 tssecsrv - ok
19:58:07.0612 6956 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:58:07.0675 6956 TsUsbFlt - ok
19:58:07.0707 6956 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:58:07.0769 6956 TsUsbGD - ok
19:58:07.0800 6956 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:58:07.0894 6956 tunnel - ok
19:58:07.0909 6956 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:58:07.0925 6956 uagp35 - ok
19:58:07.0956 6956 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:58:08.0034 6956 udfs - ok
19:58:08.0065 6956 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:58:08.0112 6956 UI0Detect - ok
19:58:08.0128 6956 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:58:08.0143 6956 uliagpkx - ok
19:58:08.0190 6956 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:58:08.0237 6956 umbus - ok
19:58:08.0237 6956 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:58:08.0268 6956 UmPass - ok
19:58:08.0393 6956 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:58:08.0455 6956 UNS - ok
19:58:08.0487 6956 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:58:08.0533 6956 upnphost - ok
19:58:08.0580 6956 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
19:58:08.0627 6956 USBAAPL64 - ok
19:58:08.0658 6956 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:58:08.0721 6956 usbccgp - ok
19:58:08.0752 6956 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:58:08.0783 6956 usbcir - ok
19:58:08.0814 6956 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:58:08.0861 6956 usbehci - ok
19:58:08.0908 6956 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:58:08.0939 6956 usbhub - ok
19:58:08.0970 6956 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:58:09.0033 6956 usbohci - ok
19:58:09.0048 6956 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
19:58:09.0095 6956 usbprint - ok
19:58:09.0142 6956 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:58:09.0204 6956 USBSTOR - ok
19:58:09.0220 6956 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:58:09.0267 6956 usbuhci - ok
19:58:09.0298 6956 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:58:09.0360 6956 usbvideo - ok
19:58:09.0407 6956 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:58:09.0501 6956 UxSms - ok
19:58:09.0516 6956 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:58:09.0547 6956 VaultSvc - ok
19:58:09.0563 6956 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:58:09.0579 6956 vdrvroot - ok
19:58:09.0610 6956 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:58:09.0657 6956 vds - ok
19:58:09.0703 6956 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:58:09.0703 6956 vga - ok
19:58:09.0735 6956 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:58:09.0828 6956 VgaSave - ok
19:58:09.0828 6956 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:58:09.0859 6956 vhdmp - ok
19:58:09.0859 6956 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:58:09.0875 6956 viaide - ok
19:58:09.0906 6956 [ 5CB80AFA98111FC6ED6E8702A0D7AC5B ] vm2uvcflt C:\windows\system32\Drivers\vm2uvcflt.sys
19:58:09.0922 6956 vm2uvcflt - ok
19:58:09.0969 6956 [ FE75ED0244AEDFF9B278A2A09AC06CA9 ] vm332avs C:\windows\system32\Drivers\vm332avs.sys
19:58:09.0984 6956 vm332avs - ok
19:58:10.0015 6956 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:58:10.0031 6956 volmgr - ok
19:58:10.0062 6956 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:58:10.0093 6956 volmgrx - ok
19:58:10.0125 6956 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:58:10.0156 6956 volsnap - ok
19:58:10.0187 6956 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:58:10.0218 6956 vsmraid - ok
19:58:10.0281 6956 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:58:10.0405 6956 VSS - ok
19:58:10.0421 6956 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:58:10.0452 6956 vwifibus - ok
19:58:10.0499 6956 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:58:10.0546 6956 vwififlt - ok
19:58:10.0624 6956 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:58:10.0686 6956 vwifimp - ok
19:58:10.0733 6956 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:58:10.0795 6956 W32Time - ok
19:58:10.0811 6956 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:58:10.0842 6956 WacomPen - ok
19:58:10.0889 6956 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:58:10.0967 6956 WANARP - ok
19:58:10.0983 6956 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:58:11.0045 6956 Wanarpv6 - ok
19:58:11.0123 6956 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:58:11.0185 6956 WatAdminSvc - ok
19:58:11.0248 6956 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:58:11.0341 6956 wbengine - ok
19:58:11.0357 6956 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:58:11.0404 6956 WbioSrvc - ok
19:58:11.0435 6956 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:58:11.0482 6956 wcncsvc - ok
19:58:11.0513 6956 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:58:11.0575 6956 WcsPlugInService - ok
19:58:11.0591 6956 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:58:11.0607 6956 Wd - ok
19:58:11.0653 6956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:58:11.0669 6956 Wdf01000 - ok
19:58:11.0685 6956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:58:11.0731 6956 WdiServiceHost - ok
19:58:11.0731 6956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:58:11.0747 6956 WdiSystemHost - ok
19:58:11.0778 6956 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:58:11.0825 6956 WebClient - ok
19:58:11.0856 6956 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:58:11.0965 6956 Wecsvc - ok
19:58:11.0981 6956 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:58:12.0075 6956 wercplsupport - ok
19:58:12.0121 6956 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:58:12.0168 6956 WerSvc - ok
19:58:12.0199 6956 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:58:12.0231 6956 WfpLwf - ok
19:58:12.0262 6956 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:58:12.0262 6956 WIMMount - ok
19:58:12.0293 6956 WinDefend - ok
19:58:12.0293 6956 WinHttpAutoProxySvc - ok
19:58:12.0355 6956 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:58:12.0433 6956 Winmgmt - ok
19:58:12.0511 6956 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:58:12.0589 6956 WinRM - ok
19:58:12.0652 6956 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:58:12.0714 6956 WinUsb - ok
19:58:12.0777 6956 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:58:12.0855 6956 Wlansvc - ok
19:58:12.0917 6956 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:58:12.0933 6956 wlcrasvc - ok
19:58:13.0042 6956 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:58:13.0120 6956 wlidsvc - ok
19:58:13.0135 6956 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:58:13.0151 6956 WmiAcpi - ok
19:58:13.0198 6956 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:58:13.0245 6956 wmiApSrv - ok
19:58:13.0276 6956 WMPNetworkSvc - ok
19:58:13.0291 6956 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:58:13.0338 6956 WPCSvc - ok
19:58:13.0354 6956 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:58:13.0385 6956 WPDBusEnum - ok
19:58:13.0401 6956 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:58:13.0463 6956 ws2ifsl - ok
19:58:13.0479 6956 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:58:13.0541 6956 wscsvc - ok
19:58:13.0541 6956 WSearch - ok
19:58:13.0588 6956 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
19:58:13.0603 6956 wsvd - ok
19:58:13.0697 6956 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:58:13.0744 6956 wuauserv - ok
19:58:13.0822 6956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:58:13.0884 6956 WudfPf - ok
19:58:14.0071 6956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:58:14.0103 6956 WUDFRd - ok
19:58:14.0134 6956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:58:14.0169 6956 wudfsvc - ok
19:58:14.0209 6956 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:58:14.0269 6956 WwanSvc - ok
19:58:14.0329 6956 ================ Scan global ===============================
19:58:14.0359 6956 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:58:14.0399 6956 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
19:58:14.0419 6956 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
19:58:14.0459 6956 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:58:14.0489 6956 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:58:14.0499 6956 [Global] - ok
19:58:14.0499 6956 ================ Scan MBR ==================================
19:58:14.0519 6956 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:58:14.0938 6956 \Device\Harddisk0\DR0 - ok
19:58:14.0938 6956 ================ Scan VBR ==================================
19:58:14.0953 6956 [ 4C72155CF0A5B87B9A3FF4E31F221E49 ] \Device\Harddisk0\DR0\Partition1
19:58:14.0953 6956 \Device\Harddisk0\DR0\Partition1 - ok
19:58:14.0985 6956 [ C305FF9D055E0E230C23E900E480DF97 ] \Device\Harddisk0\DR0\Partition2
19:58:14.0985 6956 \Device\Harddisk0\DR0\Partition2 - ok
19:58:15.0016 6956 [ 4F59C076B0ED8610F5A41C76EE20C582 ] \Device\Harddisk0\DR0\Partition3
19:58:15.0016 6956 \Device\Harddisk0\DR0\Partition3 - ok
19:58:15.0031 6956 ============================================================
19:58:15.0031 6956 Scan finished
19:58:15.0031 6956 ============================================================
19:58:15.0047 6396 Detected object count: 2
19:58:15.0047 6396 Actual detected object count: 2
19:58:42.0425 6396 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe - copied to quarantine
19:58:42.0425 6396 HKLM\SYSTEM\ControlSet001\services\FirebirdServerMAGIXInstance - will be deleted on reboot
19:58:42.0472 6396 HKLM\SYSTEM\ControlSet002\services\FirebirdServerMAGIXInstance - will be deleted on reboot
19:58:42.0706 6396 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe - will be deleted on reboot
19:58:42.0706 6396 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Delete
19:58:42.0784 6396 C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE - copied to quarantine
19:58:42.0784 6396 HKLM\SYSTEM\ControlSet001\services\HauppaugeTVServer - will be deleted on reboot
19:58:42.0799 6396 HKLM\SYSTEM\ControlSet002\services\HauppaugeTVServer - will be deleted on reboot
19:58:42.0799 6396 C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE - will be deleted on reboot
19:58:42.0799 6396 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Delete
19:58:47.0932 1884 Deinitialize success

Alt 27.12.2012, 20:28   #9
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 20:49   #10
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



Jo, ist auch erledigt. Hier die logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-27.03 - ... 27.12.2012  20:35:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8136.6249 [GMT 1:00]
ausgeführt von:: c:\users\...\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 19:41 . 2012-12-27 19:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-27 19:41 . 2012-12-27 19:41	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-12-27 18:58 . 2012-12-27 18:58	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-12-27 17:56 . 2012-12-27 19:02	--------	d-----r-	c:\users\Matthias\Dropbox
2012-12-27 15:09 . 2012-12-27 15:09	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-12-27 15:09 . 2012-12-27 15:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-27 15:09 . 2012-12-27 15:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-27 15:09 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-27 14:39 . 2012-12-27 14:39	2865	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-27 11:46 . 2012-12-27 11:46	--------	d-----w-	c:\users\Matthias\AppData\Roaming\TuneUp Software
2012-12-27 11:46 . 2012-12-27 11:46	--------	d-----w-	c:\programdata\TuneUp Software
2012-12-27 11:46 . 2012-12-27 11:56	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-27 11:46 . 2012-12-27 11:46	--------	d--h--w-	c:\programdata\Common Files
2012-12-27 11:43 . 2012-12-27 11:43	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-27 11:43 . 2012-12-27 11:43	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2012-12-27 10:47 . 2012-12-27 19:15	--------	d-----r-	c:\users\Gast\Dropbox
2012-12-27 10:45 . 2012-12-27 19:02	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Dropbox
2012-12-27 10:44 . 2012-12-27 19:15	--------	d-----w-	c:\users\Gast\AppData\Roaming\Dropbox
2012-12-26 21:41 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{423EB3E5-67A2-43CB-9084-2486CD618A5F}\mpengine.dll
2012-12-22 10:55 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-22 10:55 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-22 10:55 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-22 10:55 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-22 10:55 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-22 10:55 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-22 10:55 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-22 10:55 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-12-22 10:55 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-12-22 10:45 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 10:45 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 10:45 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 10:45 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-13 20:34 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 20:33 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 20:33 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-09 15:10 . 2012-12-09 15:10	--------	d-----w-	c:\program files\iPod
2012-12-09 15:10 . 2012-12-09 15:10	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-09 15:10 . 2012-12-09 15:10	--------	d-----w-	c:\program files\iTunes
2012-12-09 15:10 . 2012-12-09 15:10	--------	d-----w-	c:\program files (x86)\iTunes
2012-12-07 22:35 . 2012-12-07 22:35	--------	d-----w-	c:\users\Matthias\AppData\Local\Facebook
2012-12-07 22:27 . 2012-12-07 22:28	--------	d-----w-	c:\users\Gast\AppData\Local\Facebook
2012-12-03 15:07 . 2012-12-03 15:07	--------	d-----w-	c:\users\Gast\AppData\Roaming\Atari
2012-12-03 14:47 . 2012-12-03 14:47	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Atari
2012-12-03 14:47 . 2012-12-03 14:47	43520	----a-w-	c:\windows\SysWow64\CmdLineExt03.dll
2012-12-03 14:40 . 2012-12-03 14:40	--------	d-----w-	c:\program files (x86)\Atari
2012-11-30 18:31 . 2012-11-30 18:31	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 21:03 . 2011-12-06 22:04	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-13 20:26 . 2012-03-28 19:08	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 20:26 . 2011-12-05 23:05	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 14:34 . 2012-11-02 14:15	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-12 14:34 . 2012-11-02 14:15	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-21 19:20 . 2012-10-21 19:20	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-21 19:20 . 2012-09-30 13:58	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-21 19:20 . 2012-09-30 13:58	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-21 18:16 . 2012-10-21 18:16	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
2012-10-16 08:38 . 2012-11-28 19:29	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 19:29	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 19:29	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-10 01:22 . 2012-10-10 01:22	80384	----a-w-	c:\windows\system32\igdde64.dll
2012-10-10 01:22 . 2012-10-10 01:22	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2012-10-10 01:22 . 2012-10-10 01:22	216064	----a-w-	c:\windows\system32\iglhcp64.dll
2012-10-10 01:22 . 2012-10-10 01:22	180224	----a-w-	c:\windows\SysWow64\iglhcp32.dll
2012-10-10 01:22 . 2012-10-10 01:22	5903392	----a-w-	c:\windows\system32\GfxUI.exe
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrdeu.lrc
2012-10-10 01:22 . 2012-10-10 01:22	438272	----a-w-	c:\windows\system32\igfxrhun.lrc
2012-10-10 01:22 . 2012-10-10 01:22	3776512	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 01:22 . 2012-10-10 01:22	10673664	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2012-10-10 01:22 . 2012-10-10 01:22	64512	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-10-10 01:22 . 2012-10-10 01:22	501760	----a-w-	c:\windows\system32\igfxcmrt64.dll
2012-10-10 01:22 . 2012-10-10 01:22	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-10-10 01:22 . 2012-10-10 01:22	431104	----a-w-	c:\windows\system32\igfxrkor.lrc
2012-10-10 01:22 . 2012-10-10 01:22	410624	----a-w-	c:\windows\system32\igfxTMM.dll
2012-10-10 01:22 . 2011-11-09 12:50	12836864	----a-w-	c:\windows\system32\igd10umd64.dll
2012-10-10 01:22 . 2011-11-09 12:50	110592	----a-w-	c:\windows\system32\hccutils.dll
2012-10-10 01:22 . 2012-10-10 01:22	330240	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2012-10-10 01:22 . 2012-10-10 01:22	12604416	----a-w-	c:\windows\system32\igdumd64.dll
2012-10-10 01:22 . 2012-10-10 01:22	441888	----a-w-	c:\windows\system32\igfxpers.exe
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrhrv.lrc
2012-10-10 01:22 . 2012-10-10 01:22	438272	----a-w-	c:\windows\system32\igfxrcsy.lrc
2012-10-10 01:22 . 2012-10-10 01:22	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2012-10-10 01:22 . 2012-10-10 01:22	9007616	----a-w-	c:\windows\system32\igfxress.dll
2012-10-10 01:22 . 2012-10-10 01:22	5343584	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 01:22 . 2012-10-10 01:22	448512	----a-w-	c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 01:22 . 2012-10-10 01:22	441856	----a-w-	c:\windows\system32\igfxdev.dll
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrnld.lrc
2012-10-10 01:22 . 2012-10-10 01:22	399392	----a-w-	c:\windows\system32\hkcmd.exe
2012-10-10 01:22 . 2012-10-10 01:22	272928	----a-w-	c:\windows\system32\igvpkrng600.bin
2012-10-10 01:22 . 2012-10-10 01:22	126976	----a-w-	c:\windows\system32\igfxcpl.cpl
2012-10-10 01:22 . 2012-10-10 01:22	116224	----a-w-	c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 01:22 . 2011-11-09 12:50	63488	----a-w-	c:\windows\system32\igfxsrvc.dll
2012-10-10 01:22 . 2012-10-10 01:22	604160	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 01:22 . 2012-10-10 01:22	4571136	----a-w-	c:\windows\system32\igfxcmjit64.dll
2012-10-10 01:22 . 2012-10-10 01:22	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2012-10-10 01:22 . 2012-10-10 01:22	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2012-10-10 01:22 . 2012-10-10 01:22	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2012-10-10 01:22 . 2012-10-10 01:22	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2012-10-10 01:22 . 2012-10-10 01:22	437760	----a-w-	c:\windows\system32\igfxrnor.lrc
2012-10-10 01:22 . 2012-10-10 01:22	437248	----a-w-	c:\windows\system32\igfxrdan.lrc
2012-10-10 01:22 . 2012-10-10 01:22	277024	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 01:22 . 2012-10-10 01:22	185376	----a-w-	c:\windows\system32\difx64.exe
2012-10-10 01:22 . 2012-10-10 01:22	173568	----a-w-	c:\windows\system32\gfxSrvc.dll
2012-10-10 01:22 . 2012-10-10 01:22	12887040	----a-w-	c:\windows\system32\ig4icd64.dll
2012-10-10 01:22 . 2012-10-10 01:22	435712	----a-w-	c:\windows\system32\igfxrheb.lrc
2012-10-10 01:22 . 2012-10-10 01:22	429056	----a-w-	c:\windows\system32\igfxrcht.lrc
2012-10-10 01:22 . 2012-10-10 01:22	171040	----a-w-	c:\windows\system32\igfxtray.exe
2012-10-10 01:22 . 2012-10-10 01:22	11158528	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-10-10 01:22 . 2012-10-10 01:22	509984	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-10-10 01:22 . 2012-10-10 01:22	440320	----a-w-	c:\windows\system32\igfxrell.lrc
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrplk.lrc
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrita.lrc
2012-10-10 01:22 . 2012-10-10 01:22	438272	----a-w-	c:\windows\system32\igfxrfin.lrc
2012-10-10 01:22 . 2012-10-10 01:22	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2012-10-10 01:22 . 2012-10-10 01:22	428544	----a-w-	c:\windows\system32\igfxrchs.lrc
2012-10-10 01:22 . 2012-10-10 01:22	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2012-10-10 01:22 . 2012-10-10 01:22	142336	----a-w-	c:\windows\system32\igfxdo.dll
2012-10-10 01:22 . 2012-10-10 01:22	963452	----a-w-	c:\windows\system32\igcodeckrng600.bin
2012-10-10 01:22 . 2012-10-10 01:22	482304	----a-w-	c:\windows\system32\igfx11cmrt64.dll
2012-10-10 01:22 . 2012-10-10 01:22	386048	----a-w-	c:\windows\system32\igfxpph.dll
2012-10-10 01:22 . 2012-10-10 01:22	438784	----a-w-	c:\windows\system32\igfxrsky.lrc
2012-10-10 01:22 . 2012-10-10 01:22	435712	----a-w-	c:\windows\system32\igfxrara.lrc
2012-10-10 01:22 . 2012-10-10 01:22	432128	----a-w-	c:\windows\system32\igfxrjpn.lrc
2012-10-10 01:22 . 2012-10-10 01:22	28672	----a-w-	c:\windows\system32\igfxexps.dll
2012-10-10 01:22 . 2012-10-10 01:22	252448	----a-w-	c:\windows\system32\igfxext.exe
2012-10-10 01:22 . 2011-11-09 12:50	11040256	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-10-10 01:22 . 2012-10-10 01:22	9728	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2012-10-10 01:22 . 2012-10-10 01:22	439808	----a-w-	c:\windows\system32\igfxrfra.lrc
2012-10-10 01:22 . 2012-10-10 01:22	437760	----a-w-	c:\windows\system32\igfxrptb.lrc
2012-10-09 18:17 . 2012-11-16 14:41	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 14:41	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 14:41	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 14:41	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 20:34	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 14:41	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 14:41	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 14:41	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 14:41	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 14:41	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 14:41	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 14:41	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 14:41	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 14:41	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 14:41	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 14:41	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2011-12-05 366024]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-09 39408]
"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"Device Detection"="c:\program files (x86)\Lidl_Fotos\dd.exe" [2012-09-28 800704]
"Facebook Update"="c:\users\Matthias\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-07 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-09 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-12 384800]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-2-14 117344]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-2-14 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-02-24 239968]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 DCamUSBET;ET USB 2750 Camera;c:\windows\system32\DRIVERS\etDevice64.sys [2008-03-01 187776]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-02-24 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-02-24 421376]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [2007-09-13 259968]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2010-01-27 67456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [2011-11-17 45160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [2007-09-07 9216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-11-09 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-11-09 39008]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-11-09 13408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-12 85280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-11-09 29792]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-02-24 86016]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-12-10 234960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 38162735
*NewlyCreated* - 49231353
*NewlyCreated* - 92927673
*NewlyCreated* - 98849475
*Deregistered* - 38162735
*Deregistered* - 49231353
*Deregistered* - 92927673
*Deregistered* - 98849475
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 20:26]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001Core.job
- c:\users\...\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 22:39]
.
2012-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2456286054-207897345-204598818-1001UA.job
- c:\users\...\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 22:39]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-09 13:07]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-09 13:07]
.
2012-12-27 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-11-09 13:14	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-09 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-09 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-09 5908928]
"etMonitor"="c:\windows\etMon.exe" [2007-04-04 88576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{159694A2-AD39-4632-A5BF-D1668E74E83E}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{6B4B90C8-E1C6-4DBE-98C3-CEC093B9E718}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{7621CF30-DD8F-42A9-A4B0-408B9C880D6E}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{7A5C7118-2679-4E64-AE9A-6F14CA420B4B}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\0d184xt1.default\
FF - ExtSQL: 2012-12-27 12:43; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-98849475.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-27  20:43:43
ComboFix-quarantined-files.txt  2012-12-27 19:43
.
Vor Suchlauf: 8 Verzeichnis(se), 280.723.881.984 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 281.567.461.376 Bytes frei
.
- - End Of File - - 65A61477026D320930DFD9B6AD8EF885
         
--- --- ---


Soll ich jetzt einen Neustart machen??

Neustart ist jetzt erfolgt, keine Meldungen erschienen!!

Sollte es das jetzt gewesen sein ein riesengroßes

Mattes

Alt 28.12.2012, 15:49   #11
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi
n bissel Arbeit is schon noch.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 21:52   #12
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



Hab ich fast befürchtet ! Hier die Liste

Zattoo4 4.0.5 Zattoo Inc. 28.03.2012 4.0.5 notwendig
Wondershare Video Converter für iPod & iPhone(Build 4.2.0.56) Wondershare Software 06.02.2012 unnötig
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) Lenovo 09.11.2011 12/02/2010 6.1.0.1 nowendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 09.11.2011 5,57MB 15.4.5722.2 unbekannt
Windows Live Essentials Microsoft Corporation 09.11.2011 15.4.3508.1109 unbekannt
VLC media player 2.0.2 VideoLAN 22.08.2012 2.0.2 notwendig
VeriFace Lenovo 09.11.2011 4.0.0.1224 unnötig
UserGuide Lenovo 09.11.2011 51,3MB 1.0.0.6 notwendig (?)
Synaptics Pointing Device Driver Synaptics Incorporated 09.11.2011 46,4MB 15.3.0.0 unbekannt
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten Hewlett-Packard Co. 25.01.2012 8,13MB 23.0.504.0 unnötig
Skype™ 6.0 Skype Technologies S.A. 30.11.2012 20,3MB 6.0.126 notwendig
Skype Click to Call Skype Technologies S.A. 05.12.2011 14,4MB 5.6.8442 notwendig
Secunia PSI (3.0.0.3001) Secunia 22.08.2012 5,77MB 3.0.0.3001 notwendig
RollerCoaster Tycoon 3 Atari 03.12.2012 unnötig
Ringtone Maker Fried Cookie 22.08.2012 1.0 notwendig
Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 09.11.2011 6.1.7600.10003 unbekannt
Radiotracker RapidSolution Software AG 27.07.2012 249MB 6.2.13700.0 unnötig
QuickTime Apple Inc. 12.11.2012 73,1MB 7.73.80.64 notwendig
Power2Go CyberLink Corp. 09.11.2011 5.6.0.7303 notwendig
PlayerLiteHJ 1.0.2.2.LHJ AVTECH 16.04.2012 1,64MB 1.0.2.2.LHJ notwendig
PixiePack Codec Pack None 27.07.2012 17,2MB 1.1.1200.0 unbekannt
OneKey Recovery CyberLink Corp. 09.11.2011 7.0.1628 unbekannt unbekannt
MyAshampoo Toolbar MyAshampoo 05.12.2011 6.2.7.3 unbekannt
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 12.12.2011 1,53MB 4.30.2107.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 11.07.2012 1,53MB 4.30.2114.0 unbekannt
MSXML 4.0 SP3 Parser Microsoft Corporation 11.12.2011 1,47MB 4.30.2100.0 unbekannt
Mozilla Maintenance Service Mozilla 11.12.2012 329KB 17.0.1 unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 11.12.2012 90,9MB 17.0.1 notwendig
Mobile Partner Huawei Technologies Co.,Ltd 24.02.2012 21.005.15.02.382 unbekannt
Microsoft Windows Media Video 9 VCM 11.12.2011 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 31.01.2012 16,5MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 21.11.2012 13,8MB 10.0.40219 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 05.12.2011 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.04.2012 228KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.12.2011 240KB 9.0.30729 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.12.2011 298KB 8.0.59193 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 09.11.2011 1,69MB 3.1.0000 unbekannt
Microsoft Silverlight Microsoft Corporation 10.05.2012 80,3MB 4.1.10329.0 unbekannt
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 05.12.2011 14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 05.12.2011 14.0.4763.1000 unbekannt
Microsoft Office 2010 Microsoft Corporation 09.11.2011 6,31MB 14.0.4763.1000 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 07.12.2011 2,93MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 07.12.2011 38,8MB 4.0.30319 unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 27.12.2012 19,4MB 1.65.1.1000 notwendig
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) MAGIX AG 11.12.2011 5.1.2.15876 unnötig
MAGIX Screenshare MAGIX AG 11.12.2011 1,42MB 4.3.6.1987 unnötig
MAGIX Online Druck Service MAGIX AG 11.12.2011 10,2MB 3.4.3.0 unnötig
MAGIX Foto Manager 10 MAGIX AG 11.12.2011 8.0.1.136 unnötig
Lidl-Fotos 04.10.2012 unnötig
Lenovo_Wireless_Driver Lenovo 09.11.2011 1.02.01 notwendig (?)
Lenovo YouCam CyberLink Corp. 09.11.2011 135MB 3.1.3728 notwendig
Lenovo OneKey Recovery CyberLink Corp. 09.11.2011 7.0.1628 unbekannt
Lenovo Games Console Oberon Media Inc. 09.11.2011 1.2.6.436 unbekannt
Lenovo EE Boot Optimizer Lenovo 09.11.2011 0.0.1.6 unbekannt
Lenovo EasyCamera Lenovo EasyCamera 09.11.2011 1.10.1209.1 notwendig
Java 7 Update 9 Oracle 21.10.2012 130MB 7.0.90 unbekannt
iTunes Apple Inc. 09.12.2012 190MB 11.0.0.163 notwendig
Intel(R) Rapid Storage Technology Intel Corporation 09.11.2011 10.1.5.1001 unbekannt
Intel(R) Processor Graphics Intel Corporation 22.12.2012 9.17.10.2867 unbekannt
Intel(R) Management Engine Components Intel Corporation 09.11.2011 7.0.0.1144 unbekannt
Intel(R) Control Center Intel Corporation 09.11.2011 1.2.1.1007 unbekannt
IncrediMail 2.0 IncrediMail Ltd. 05.12.2011 6.2.9.5139 notwendig
iCloud Apple Inc. 15.12.2011 31,1MB 1.0.2.17 unbekannt
HP Update Hewlett-Packard 30.01.2012 3,98MB 5.003.000.004 notwendig
HP Photo Creations HP Photo Creations 25.01.2012 40,0MB 1.0.0.5192 unbekannt
HP Deskjet 3070 B611 series Hilfe Hewlett Packard 25.01.2012 8,89MB 140.0.2.2 notwendig
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 30.01.2012 152MB 25.0.571.0 notwendig
Hauppauge WinTV 7 Hauppauge Computer Works 14.02.2012 v7.0.28314 unnötig
Google Toolbar for Internet Explorer Google Inc. 25.09.2012 7.4.3230.2052 unnötig
Google Chrome Google, Inc. 12.12.2012 30,6MB 65.61.49249 unnötig
Fried Cookie Updater Fried Cookie 22.08.2012 1.0.0.0 unbekannt
Free YouTube to MP3 Converter version 3.11.37.1212 DVDVideoSoft Ltd. 27.12.2012 72,8MB 3.11.37.1212 notwendig
FotoMix version 8.5.5 Digital Photo Software 11.12.2011 4,30MB 8.5.5
Firebird SQL Server - MAGIX Edition MAGIX AG 11.12.2011 10,1MB 2.1.27.0 unbekannt
Facebook Video Calling 1.2.0.287 Skype Limited 07.12.2012 9,53MB 1.2.287 notwendig
Energy Management Lenovo 09.11.2011 16,8MB 6.0.2.0 unbekannt
Dropbox Dropbox, Inc. 27.12.2012 1.6.10 notwendig
DEUTSCHLAND SPIELT GAME CENTER 06.10.2012 unnötig
CyberLink PhotoDirector 2011 CyberLink Corp. 30.04.2012 194MB 2.0.2105 unnötig
Conexant HD Audio Conexant 09.11.2011 8.54.1.0 unbekannt
Conduit Engine Conduit Ltd. 05.12.2011 unbekannt
COMPUTERBILD-Abzockschutz J3S 27.12.2012 2,65MB 1.0.45 notwendig
CCleaner Piriform 19.12.2012 3.26 notwendig
Bonjour Apple Inc. 05.12.2011 2,00MB 3.0.0.10 unbekannt
Bing Bar Microsoft Corporation 24.08.2012 464KB 7.1.391.0 unbekannt
Bengal Special 06.10.2012 unnötig
Avira Free Antivirus Avira 12.12.2012 124MB 13.0.0.2890 notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 09.11.2011 1.0.0.36 unbekannt
Ashampoo Photo Commander 8 v.8.4.0 Ashampoo GmbH & Co. KG 05.12.2011 126MB 8.4.0 unnötig
Apple Software Update Apple Inc. 05.12.2011 2,38MB 2.1.3.127 notwendig
Apple Mobile Device Support Apple Inc. 09.12.2012 25,1MB 6.0.1.3 unbekannt
Apple Application Support Apple Inc. 09.12.2012 65,0MB 2.3.2 unbekannt
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 20.08.2012 122MB 10.1.4 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.12.2012 6,00MB 11.5.502.135 notwendig
Adobe AIR Adobe Systems Incorporated 22.12.2012 3.5.0.880 unbekannt

Alt 02.01.2013, 21:40   #13
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



deinstaliere:
Wondershare
Windows Live : alle von dir nicht benötigten
VeriFace
Studie
RollerCoaster
Radiotracker
PixiePack
MyAshampoo
MAGIX : alle
Lidl
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:

IncrediMail : ist unsicher, da sollte man lieber was vernünftiges nutzen wie Thunderbird.

Deinstaliere:
Google : alle
DEUTSCHLAND
CyberLink
Conduit
Bing
Bengal
Ashampoo
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok




öffne ccleaner, analysieren, starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 23:00   #14
mattes4711
 
GVU Trojaner - Standard

GVU Trojaner



# AdwCleaner v2.104 - Datei am 02/01/2013 um 22:57:29 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ...- ...-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\...\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\d7bnkbgv.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Ordner Gefunden : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\d7bnkbgv.default\extensions\engine@conduit.com
Ordner Gefunden : C:\Users\...\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-2456286054-207897345-204598818-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\0d184xt1.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\d7bnkbgv.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\f9s5zser.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2629 octets] - [02/01/2013 22:57:29]

########## EOF - C:\AdwCleaner[R1].txt - [2689 octets] ##########

zu Windows Live: ich weiß nicht genau, was ich benötige bzw.was gelöscht werden kann - gibt es da Hinweise/ Tipps?

zu IncrediMail: ist noch nicht deinstalliert, werde ich aber noch in Angriff nehmen

Alt 03.01.2013, 18:35   #15
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi
windows live, alle die du persönlich nicht nutzt, können weg.


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)
Teste bitte, nach Neustart, wie PC und Programme, wie Browser, laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner
administrator, anti-malware, appdata, autostart, dateien, dsgsdgdsgdsgw.pad, erfolgreich, explorer, gelöscht, gen, heute, internet, konto, malwarebytes, microsoft, quarantäne, report, roaming, runctf.lnk, service, speicher, startup, taskmanager, trojaner, wechseln, windows, windows 7



Zum Thema GVU Trojaner - Hallo, auf meinem Gastkonto (Windows 7, 64 bit-Version), über das ich normalerweise in das Internet gehe, erschien heute eine GVU Sperrseite. Über den Taskmanager konnte ich auf mein Adminitratorkonto wechseln, - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.