CODE-Tag?

Keine Bits Rep. erforderlich schreibt er!

welchen engl. update guide?


Ist das der Log von Virtustotal?

SHA256: 7c36f238b7e3059c0062c8ba1c075bad83e6e5f5bed9253aad75bb71cdbe40aa
SHA1: 2940f8e301b8aa17833f9d2e60dc1089b4f18f05
MD5: 835d19bdddc180c2c80e5cd4bd3bb043
Dateigröße: 238.6 KB ( 244328 bytes )
Dateiname: smarterdownloader.dll
Datei-Typ: Win32 DLL
Erkennungsrate: 1 / 46
Analyse-Datum: 2013-02-28 17:06:33 UTC ( vor 0 Minuten )
0
0
Weniger Details

Analyse
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
Agnitum - 20130228
AhnLab-V3 - 20130228
AntiVir - 20130228
Antiy-AVL - 20130228
Avast - 20130228
AVG - 20130228
BitDefender - 20130228
ByteHero - 20130227
CAT-QuickHeal - 20130228
ClamAV - 20130228
Commtouch - 20130228
Comodo - 20130228
DrWeb Adware.Toolbar.25 20130228
Emsisoft - 20130228
eSafe - 20130211
ESET-NOD32 - 20130228
F-Prot - 20130228
F-Secure - 20130228
Fortinet - 20130228
GData - 20130228
Ikarus - 20130226
Jiangmin - 20130228
K7AntiVirus - 20130228
Kaspersky - 20130228
Kingsoft - 20130225
Malwarebytes - 20130228
McAfee - 20130228
McAfee-GW-Edition - 20130228
Microsoft - 20130228
MicroWorld-eScan - 20130228
NANO-Antivirus - 20130228
Norman - 20130228
nProtect - 20130228
Panda - 20130228
PCTools - 20130225
Rising - 20130228
Sophos - 20130228
SUPERAntiSpyware - 20130228
Symantec - 20130228
TheHacker - 20130228
TotalDefense - 20130227
TrendMicro - 20130228
TrendMicro-HouseCall - 20130228
VBA32 - 20130228
VIPRE - 20130228
ViRobot - 20130228



ssdeep
3072:fzbwTEec8NQ074neOOogPrt9+NWdfC6vyVhSFRZtS8xxNTIIA4:fzkdcGTLj+NWBC6vHVvNd
TrID
DirectShow filter (43.0%)
Windows OCX File (26.3%)
Win64 Executable Generic (18.2%)
Win32 Executable MS Visual C++ (generic) (8.0%)
Win32 Executable Generic (1.8%)
ExifTool

SubsystemVersion.........: 5.1
InitializedDataSize......: 78848
ImageVersion.............: 0.0
ProductName..............: TODO: <Product name>
FileVersionNumber........: 1.0.0.1
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 10.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1.0.0.1
TimeStamp................: 2012:11:04 16:25:42+01:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: smarterdownloader.dll
ProductVersion...........: 1.0.0.1
FileDescription..........: TODO: <File description>
OSVersion................: 5.1
OriginalFilename.........: smarterdownloader.dll
LegalCopyright...........: TODO: (c) <Company name>. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: TODO: <Company name>
CodeSize.................: 159232
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.1
EntryPoint...............: 0x1a946
ObjectFileType...........: Dynamic link library

Sigcheck

publisher................: TODO: _Company name_
product..................: TODO: _Product name_
internal name............: smarterdownloader.dll
copyright................: TODO: (c) _Company name_. All rights reserved.
original name............: smarterdownloader.dll
signing date.............: 4:00 PM 11/6/2012
signers..................: Terra Firma Internet Consulting LTD; Thawte Code Signing CA - G2; thawte Primary Root CA
file version.............: 1.0.0.1
description..............: TODO: _File description_

Portable Executable structural information

Compilation timedatestamp.....: 2012-11-04 15:25:42
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0001A946

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 159136 159232 6.54 1adc780f0bebf39ca271d7b214eeed98
.rdata 163840 41619 41984 4.76 55bb791189bbf1f708a44d0bcb71dda5
.data 208896 18268 10752 4.77 f5ce0371cf72a0422dcf691cf23e7e7c
.rsrc 229376 7912 8192 5.09 a5eaca082545c463b31a5fd3c7a4d2bf
.reloc 237568 17726 17920 4.94 add487cdd6bbba9406b005d46b749e08

PE Imports....................:

[]
CreateURLMoniker, RegisterBindStatusCallback

[[WININET.dll]]
InternetSetOptionW

[[GDI32.dll]]
GetDeviceCaps, DeleteDC, SelectObject, GetStockObject, CreateSolidBrush, GetObjectW, BitBlt, CreateCompatibleDC, DeleteObject, CreateCompatibleBitmap

[[ADVAPI32.dll]]
RegCreateKeyExW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegDeleteKeyW, RegQueryValueExW

[[KERNEL32.dll]]
SetThreadLocale, GetStdHandle, InterlockedPopEntrySList, HeapDestroy, EncodePointer, GetFileAttributesW, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, FreeEnvironmentStringsW, SetStdHandle, GetCPInfo, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, GetOEMCP, LocalFree, InterlockedPushEntrySList, LoadResource, InterlockedDecrement, MoveFileW, SetFileAttributesW, SetLastError, TlsGetValue, CopyFileW, GetModuleFileNameW, IsDebuggerPresent, HeapAlloc, GetModuleFileNameA, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, FlushInstructionCache, SetUnhandledExceptionFilter, MulDiv, IsProcessorFeaturePresent, DecodePointer, TerminateProcess, VirtualQuery, GetCurrentThreadId, LeaveCriticalSection, WriteConsoleW, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, FreeLibrary, QueryPerformanceCounter, GetTickCount, TlsAlloc, VirtualProtect, FlushFileBuffers, lstrcmpiW, RtlUnwind, GetStartupInfoW, DeleteFileW, GetProcAddress, GetProcessHeap, lstrcmpW, GlobalLock, CreateFileW, GetFileType, TlsSetValue, ExitProcess, InterlockedIncrement, GetLastError, LCMapStringW, GetSystemInfo, lstrlenA, GetConsoleCP, GetThreadLocale, GetEnvironmentStringsW, GlobalUnlock, GlobalAlloc, lstrlenW, SizeofResource, GetCurrentProcessId, LockResource, WideCharToMultiByte, HeapSize, GetCommandLineA, InterlockedCompareExchange, RaiseException, TlsFree, SetFilePointer, ReadFile, CloseHandle, GetACP, GetModuleHandleW, FindResourceExW, IsValidCodePage, HeapCreate, FindResourceW, VirtualFree, Sleep, VirtualAlloc

[[OLEAUT32.dll]]
Ord(12), Ord(161), Ord(10), Ord(149), Ord(420), Ord(277), Ord(200), Ord(6), Ord(186), Ord(150), Ord(7), Ord(33), Ord(4), Ord(162), Ord(163), Ord(35), Ord(8), Ord(2), Ord(9)

[[SHELL32.dll]]
SHGetFolderPathW, SHCreateDirectoryExW

[[ole32.dll]]
CreateStreamOnHGlobal, OleLockRunning, CLSIDFromProgID, CoTaskMemAlloc, CLSIDFromString, CoTaskMemRealloc, CoCreateInstance, OleUninitialize, CreateBindCtx, OleRun, OleInitialize, CoTaskMemFree, StringFromGUID2, CoGetClassObject

[[USER32.dll]]
SetFocus, RegisterWindowMessageW, GetClassInfoExW, RedrawWindow, RegisterClassExW, DefWindowProcW, CreateAcceleratorTableW, GetParent, DestroyAcceleratorTable, SetWindowPos, EndPaint, SetWindowLongW, IsWindow, ReleaseCapture, ClientToScreen, SetCapture, MoveWindow, GetFocus, GetSysColor, GetDC, ReleaseDC, BeginPaint, SendMessageW, UnregisterClassA, GetClientRect, GetDlgItem, GetWindow, ScreenToClient, InvalidateRect, CallWindowProcW, GetClassNameW, FillRect, SetWindowTextW, GetWindowTextW, GetDesktopWindow, LoadCursorW, GetWindowTextLengthW, CreateWindowExW, GetWindowLongW, InvalidateRgn, CharNextW, IsChild, DestroyWindow


PE Exports....................:

DllCanUnloadNow, DllGetClassObject, DllInstall, DllRegisterServer, DllUnregisterServer

PE Resources..................:

Resource type Number of resources
REGISTRY 4
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
RT_VERSION 1

Resource language Number of resources
ENGLISH US 8

Zuerst entdeckt von VirusTotal
2012-11-27 16:50:15 UTC ( vor 3 Monate )
Zuletzt entdeckt von VirusTotal
2013-02-28 17:06:33 UTC ( vor 3 Minuten )
Dateinamen (max. 25)

smarterdownloader.dll
file-5159971_dll

Zitat:

Zitat von Chris4You

Hi,

have a look at Remove the CouponDropDown Adware (Uninstall Guide)...

Lass MAM nach update im Fullscan-Mode laufen, Log posten...

chris

ist es das mit dem engl guide?
ja hab ich gemacht!

Code: Alles auswählenAufklappen

ATTFilter

2013-02-24 23:49:57:815 5400 1684 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-24 23:49:57:815 5400 1684 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-24 23:49:57:811 5400 1684 AUClnt Launched Client UI process
2013-02-24 23:49:59:071 5400 1684 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-24 23:49:59:071 5400 1684 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-24 23:49:59:071 5400 1684 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-24 23:49:59:071 5400 1684 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:08:02:021 2864 9d4 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:08:02:021 2864 9d4 Misc = Process: C:\Windows\Explorer.EXE
2013-02-25 00:08:02:021 2864 9d4 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 00:08:02:016 2864 9d4 WUApp No EULA acceptance needed
2013-02-25 00:08:02:026 5400 1684 CltUI AU client got new directive = 'Interactive Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:42:14:648 5400 1684 CltUI AU client got new directive = 'Install Complete Ux', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:43:44:644 5400 1684 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:43:44:681 5400 1684 CltUI FATAL: Failed to show download progress, hr=8024AFFF
2013-02-25 00:44:00:896 5232 1784 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:00:896 5232 1784 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:00:892 5232 1784 AUClnt Launched Client UI process
2013-02-25 00:44:01:112 5232 1784 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:01:113 5232 1784 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:01:113 5232 1784 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 00:44:01:112 5232 1784 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:44:01:135 5232 1784 CltUI FATAL: Failed to show download progress, hr=8024AFFF
2013-02-25 00:44:16:439 3316 126c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:16:439 3316 126c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:16:433 3316 126c AUClnt Launched Client UI process
2013-02-25 00:44:16:576 3316 126c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:16:576 3316 126c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:16:576 3316 126c Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 00:44:16:576 3316 126c CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 03:00:19:635 3316 126c CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 14:22:22:011 3772 135c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 14:22:22:022 3772 135c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 14:22:22:007 3772 135c AUClnt Launched Client UI process
2013-02-25 14:22:22:144 3772 135c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 14:22:22:144 3772 135c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 14:22:22:144 3772 135c Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 14:22:22:144 3772 135c CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 16:39:02:751 3144 16ac Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 16:39:02:751 3144 16ac Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 16:39:02:742 3144 16ac AUClnt Launched Client UI process
2013-02-25 16:39:03:022 3144 16ac Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 16:39:03:022 3144 16ac Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 16:39:03:022 3144 16ac Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 16:39:03:022 3144 16ac CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 03:00:09:710 3144 16ac CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 03:33:29:170 3596 dc Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 03:33:29:170 3596 dc Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 03:33:29:166 3596 dc AUClnt Launched Client UI process
2013-02-26 03:33:29:226 3596 dc Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 03:33:29:226 3596 dc Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 03:33:29:226 3596 dc Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-26 03:33:29:226 3596 dc CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 05:30:18:074 4800 fb8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 05:30:18:074 4800 fb8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 05:30:18:070 4800 fb8 AUClnt Launched Client UI process
2013-02-26 05:30:18:174 4800 fb8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 05:30:18:174 4800 fb8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 05:30:18:174 4800 fb8 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-26 05:30:18:174 4800 fb8 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 14:18:56:303 3192 a84 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 14:18:56:304 3192 a84 Misc = Process: C:\Windows\Explorer.EXE
2013-02-26 14:18:56:304 3192 a84 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-26 14:18:56:303 3192 a84 WUApp FATAL: GetProperty "updateSummaryImportantText" failed with hr=80070057
2013-02-26 14:19:09:292 3192 a84 WUApp FATAL: GetProperty "updateSummaryImportantText" failed with hr=80070057
2013-02-26 14:22:07:049 3192 a84 WUApp FATAL: GetProperty "updateSummaryImportantText" failed with hr=80070057
2013-02-27 03:00:11:273 4800 fb8 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 03:33:41:992 5332 1680 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 03:33:41:992 5332 1680 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 03:33:41:986 5332 1680 AUClnt Launched Client UI process
2013-02-27 03:33:42:098 5332 1680 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 03:33:42:098 5332 1680 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 03:33:42:098 5332 1680 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 03:33:42:098 5332 1680 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 05:21:28:739 4116 9e8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 05:21:28:739 4116 9e8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 05:21:28:735 4116 9e8 AUClnt Launched Client UI process
2013-02-27 05:21:28:790 4116 9e8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 05:21:28:790 4116 9e8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 05:21:28:790 4116 9e8 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 05:21:28:790 4116 9e8 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 17:16:15:611 4116 9e8 CltUI AU client got new directive = 'None', serviceId = {00000000-0000-0000-0000-000000000000}, return = 80010108
2013-02-27 17:17:35:158 5148 e38 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 17:17:35:159 5148 e38 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 17:17:35:153 5148 e38 AUClnt Launched Client UI process
2013-02-27 17:17:35:251 5148 e38 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 17:17:35:251 5148 e38 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 17:17:35:251 5148 e38 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 17:17:35:251 5148 e38 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 20:00:55:575 3268 160c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 20:00:55:575 3268 160c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 20:00:55:569 3268 160c AUClnt Launched Client UI process
2013-02-27 20:00:55:686 3268 160c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 20:00:55:686 3268 160c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 20:00:55:686 3268 160c Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 20:00:55:686 3268 160c CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 23:01:05:106 4568 1110 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 23:01:05:106 4568 1110 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 23:01:05:099 4568 1110 AUClnt Launched Client UI process
2013-02-27 23:01:05:929 4568 1110 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 23:01:05:929 4568 1110 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 23:01:05:929 4568 1110 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 23:01:05:929 4568 1110 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 23:01:07:324 4568 1110 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-28 03:00:17:560 4568 1110 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
         

Hi,

werde etwas rabiat, wir löschen mal die Verzeichnisse und den Browserhelper.


Fix für OTL:

• Doppelklick auf die OTL.exe, um das Programm auszuführen.

• Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

• Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)

:FILES
C:\Program Files\CouponDropDown
C:\Program Files\SockshareDownloader
C:\Users\ASUS\AppData\Local\CouponDropDown

:Commands
[emptytemp]
[Reboot]
         

• Den roten Run Fixes! Button anklicken.

• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

• Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

• %systemroot%\_OTL

Hast Du eine der folgenden Programme installiert, wenn ja über Systemsteuerung/Software deinstallieren, ebenfalls die Addons (Firefox etc.) überprüfen und löschen:

CouponDropDown
FBPhotoZoom
HDvid Codec
GoPhoto.it
Incredibar
IB Updater
OneClickDownload
OneClickDownloader
Online HD TV
PutLockerDownloader
StartNow Toolbar
TornTV
TorrentHandler
Yontoo

In welchen Browsern taucht das Teil auf?

chris

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
C:\Program Files\SockshareDownloader\smarterdownloader.dll moved successfully.
========== FILES ==========
File\Folder C:\Program Files\CouponDropDown not found.
C:\Program Files\SockshareDownloader folder moved successfully.
File\Folder C:\Users\ASUS\AppData\Local\CouponDropDown not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS
->Temp folder emptied: 369496 bytes
->Temporary Internet Files folder emptied: 1201106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7056300 bytes
->Flash cache emptied: 2614 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 336633781 bytes
RecycleBin emptied: 328539 bytes
 
Total Files Cleaned = 330,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03012013_193119

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\HFIBC62.tmp.html not found!
C:\Windows\temp\KB2600217_20130301_193143084-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\temp\KB2600217_20130301_193143084.html moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

hab keinen von den oben gelisteten auf dem PC.

Fire Fox

Hi,

ist das Teil noch da?

Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

Lass Cureit über Nacht laufen, er braucht sehr lange...

chris

C:\Windows\system32\AscConTest.dll - infected
C:\Windows\system32\drivers\etc\hosts - probably infected with DFH.HOSTS.corrupted
C:\Windows\system32\drivers\etc\hosts - infected

Hi,

interessant, dass Teil gehört eigentlich zur Anti Virus System Pro (Rogueware).
Du hast alles bereinigen lassen?

Erstelle und poste ein neues OTL-Log...

chris

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 05.03.2013 13:20:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 35,20% Memory free
6,20 Gb Paging File | 4,41 Gb Available in Paging File | 71,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178,85 Gb Total Space | 82,29 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Drive D: | 119,23 Gb Total Space | 103,17 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
 
Computer Name: FUXI | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\167651dd782f425f268fb00f948f78cd\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (FsUsbExDisk) -- C:\Windows\system32\FsUsbExDisk.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = hxxp://search.expatshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{B7719148-62EC-4539-80C0-48AEAB3C866F}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.oe3.at"
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ASUS\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\ASUS\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.12.21 15:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.24 15:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 15:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.21 15:23:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 15:22:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.21 15:23:00 | 000,000,000 | ---D | M]
 
[2012.02.15 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2012.02.15 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2013.03.01 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vasdy6o4.default\extensions
[2012.06.17 14:25:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vasdy6o4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(49)
[2012.12.01 02:40:49 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vasdy6o4.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.11.15 18:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\socksharedownloader@socksharedownloader.com.xpi
[2011.08.27 19:17:45 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.02.14 11:43:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 19:41:44 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.02.16 00:47:33 | 000,002,342 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\searchplugins\icq-search.xml
[2011.11.08 18:05:46 | 000,000,950 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\searchplugins\icqplugin-4.xml
[2012.08.02 21:36:23 | 000,000,950 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\searchplugins\icqplugin-5.xml
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.19 23:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.21 15:46:18 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2013.02.19 23:01:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.08.03 14:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2013.02.08 04:55:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.08 04:55:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.08 04:55:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.02.01 04:16:53 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2013.02.08 04:55:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.08 04:55:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.08 04:55:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.04 13:22:41 | 000,000,802 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1	localhost
O1 - Hosts: 	::1		localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Spotify] "C:\Users\ASUS\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D827FF7B-104B-418D-88A8-286EF2737543}: DhcpNameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D98009D2-C8C2-4FFD-80F6-F9982BD69DA1}: DhcpNameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3759B92-3389-493E-AFDB-36DC3BFFB67C}: DhcpNameServer = 213.153.32.129 213.153.32.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68ef0606-b344-11de-ae7c-9e7336002150}\Shell - "" = AutoRun
O33 - MountPoints2\{68ef0606-b344-11de-ae7c-9e7336002150}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{9d7916b7-5fce-11df-95e9-0aeb2e000433}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{9d7916b7-5fce-11df-95e9-0aeb2e000433}\Shell\menu1\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.04 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Doctor Web
[2013.02.25 21:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.25 21:39:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.25 21:33:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\ASUS\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.24 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SUPERAntiSpyware.com
[2013.02.24 21:50:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.23 16:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.23 16:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.23 16:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.23 16:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.22 12:14:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2013.02.21 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.21 16:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.21 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.02.20 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\IsolatedStorage
[2013.02.20 17:57:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Medion
[2013.02.20 17:57:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\MEDION
[2013.02.20 17:27:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.20 17:27:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.20 17:27:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.20 17:27:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.19 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.14 11:18:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 11:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 11:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 11:18:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 11:18:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 11:18:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 11:18:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 11:18:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.14 10:29:07 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 10:29:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.14 10:29:00 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 10:29:00 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.12 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.02.12 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.02.10 19:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.05 13:15:52 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000UA.job
[2013.03.05 13:15:42 | 000,214,694 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.05 13:15:42 | 000,214,694 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.05 13:15:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 13:15:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 00:11:57 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 00:11:57 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 23:30:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000Core.job
[2013.03.04 13:26:26 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 13:22:41 | 000,000,802 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.04 12:44:30 | 000,677,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 12:44:30 | 000,637,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 12:44:30 | 000,146,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 12:44:30 | 000,120,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.27 23:09:36 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 23:09:35 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.27 22:55:21 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.02.25 21:39:33 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.25 21:37:55 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\ASUS\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.24 21:59:40 | 000,594,019 | ---- | M] () -- C:\Users\ASUS\Desktop\adwcleaner.exe
[2013.02.23 16:46:31 | 000,001,631 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 14:22:37 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013.02.22 12:14:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2013.02.20 17:59:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.20 17:26:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.20 17:26:53 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.20 17:26:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.20 17:26:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.20 17:26:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.02.20 17:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.20 17:16:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2013.02.20 14:08:02 | 000,007,808 | ---- | M] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2013.02.14 11:32:09 | 001,796,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.12 23:08:32 | 000,001,158 | ---- | M] () -- C:\Users\ASUS\Desktop\Free YouTube to MP3 Converter.lnk
[2013.02.10 19:23:09 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.10 19:23:09 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.25 21:39:33 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 21:59:24 | 000,594,019 | ---- | C] () -- C:\Users\ASUS\Desktop\adwcleaner.exe
[2013.02.23 16:46:31 | 000,001,631 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 14:22:37 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013.02.20 17:59:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.20 17:59:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2013.02.20 17:16:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2013.02.12 23:08:32 | 000,001,158 | ---- | C] () -- C:\Users\ASUS\Desktop\Free YouTube to MP3 Converter.lnk
[2013.02.10 19:23:09 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.10 19:22:46 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.01.12 16:54:56 | 000,056,903 | ---- | C] () -- C:\Users\ASUS\iphone_weiss-6c3408a89806dac4.jpg
[2012.01.12 00:02:29 | 000,000,844 | ---- | C] () -- C:\Users\ASUS\.recently-used.xbel
[2011.04.11 22:10:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.26 04:59:33 | 000,150,468 | ---- | C] () -- C:\Users\ASUS\798.jpg
[2009.12.17 13:43:04 | 000,007,808 | ---- | C] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2009.10.25 14:24:35 | 000,000,353 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\burnaware.ini
[2009.06.17 22:47:12 | 000,068,096 | ---- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.17 01:05:47 | 000,214,694 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.17 00:59:15 | 000,214,694 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.17 00:29:58 | 000,000,091 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\AVSDVDPlayer.m3u
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 05.03.2013 13:20:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 35,20% Memory free
6,20 Gb Paging File | 4,41 Gb Available in Paging File | 71,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178,85 Gb Total Space | 82,29 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Drive D: | 119,23 Gb Total Space | 103,17 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
 
Computer Name: FUXI | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2593200360-2997682069-409558613-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A543E68-50B4-4280-8BB2-AF4DB71FDA93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C30E30E-06F7-4A52-95C2-1C4541E58B23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E993F14-44D1-4437-8B9A-902B61661856}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{27858E58-10E5-4B38-A6FA-09D3956417FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BBEAB61-B35E-49E9-B982-00CD20BA9B74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5762BB8C-5713-42F2-B76B-4A0BDE6ACF6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63C28116-2ADF-4398-BF2F-0E4FA2E21BF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79ACAE4E-82E3-4F7A-B778-9AEF715286FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81DA91E1-6DB8-4E52-8501-5DF583EBA4DD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{89988D43-F3D5-4C04-9523-93123877D53E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A2C6BAEF-39E9-4EA3-BBCD-EA661A81BF29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ACD7BD19-9B8F-4917-A218-A949DA546214}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C9BA2135-5E8A-4158-903F-0CE661F6F9BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D94C0A8C-9655-43BD-9646-F1C1D5B959D9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E2040A9C-36D7-47E7-9DDA-1117CC61FEC9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E3F8752F-D2C0-463D-9B1F-0E29B86A28D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E82F8434-88D5-4A4C-9D7E-AE9A6AFF98F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB73A0D1-89CA-4877-A3F1-11B0E57CD040}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC125BF-7535-4C3A-926A-E369B915D277}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2846BFB9-A37C-40E9-905E-C498C3402230}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{28C196C2-8DAA-4ED0-915A-FF0B40732C8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2C707093-1204-4053-9730-B5F7323B17BE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2E78A1AD-4BFA-4E69-83A8-B315F4C51310}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{302AA768-BB91-41C2-89C9-E37D0BA4D70E}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{3F0A46E9-4F84-48C7-BEF0-24002C136DCF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C7B8896-4F9B-4D53-B344-3F36AA503B1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4CD9B703-92A9-4A00-B907-C7A887E79A99}" = protocol=6 | dir=out | app=system | 
"{525F908F-DB7A-4454-8513-1920A23CA372}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{5C3A3761-0F61-4A9F-B02E-3949F048F026}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{5DE767E6-E14A-4C72-AD62-2D88493B1599}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EF7E2AB-DEAD-47EC-B2F8-3DAA8157F22C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{6D184CAA-983F-435F-888F-572CFA2CE395}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{6E6B1BF0-3059-4700-BB17-B9D0BA241DFE}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{6FB80A46-2835-4163-B544-CBB70DC80C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{764F1010-6A97-486B-A570-4203E725470E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{78D99BC1-0845-4931-B31C-684270711CDC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8C9114D4-450D-459D-BDBF-F87D1D628920}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D3EA953-0D3F-42A4-9403-D4D1C22BE830}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{918A5634-D5D5-4094-898C-43743E99ADCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0C7150C-B38A-4CC8-ADB7-10BDCC711491}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B0BC3717-50D8-49D5-8AB8-959107F835B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B376F9B6-5526-44DF-AE9B-A6A40FDC2EE9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{BEEBAB89-2F33-4895-8512-1133E2EA2038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6664F16-B08C-45F9-BAC7-810306B06421}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD865DCE-E0C3-4CDB-8358-B2B12B0F2ED8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF7E2BF2-C54A-4669-8B2C-6FBBA8B5FBA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2BDF7EE-D352-4B08-8880-8E118275C1FD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D53A8B30-2A40-4666-8874-66428BBB3144}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC934799-E8E3-4D12-BD2A-FB95D0066AF3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E003579F-41F2-4624-A179-224E8214C7B2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E9AD6D57-3083-4F77-BFDF-ACD140199E34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F50A829C-3760-4E67-BBC0-25171994712A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FB56F7EF-11B2-43BE-AFD2-8C9327CDBC46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{26070578-49A6-4630-A98F-8D8E011C24D4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{34844064-54FC-47AA-B1DD-88472A47283F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{474CDC70-4D32-488F-AFD0-DB64CBE8F420}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4B44284A-230D-45C8-A6B0-E3B2166DBA23}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{76DB59A0-01AE-459F-9493-0B9FE4A74867}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{772B22A7-4235-42C0-9B62-E6EBED34AECB}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"TCP Query User{82E5D594-1A79-4057-B1AB-0039C42907B4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{90676244-9304-4638-A066-53FFEB679179}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{98C5A6EF-DCFC-4F1E-900D-53496C1BEDFB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{99B187F5-82F8-4C64-8A8B-1C7D998CAE61}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AA32D57C-FBD0-46B0-B693-2BBD11EDABD1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{BCEA742A-3146-4677-A318-C0764E98D8E5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{C298E0EA-750C-4839-B676-90518D7D57F8}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C96A2365-F468-4055-9EEE-4D620E2ABDE1}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{E8B7B721-F16A-4938-A318-539E1F7B9D29}C:\users\asus\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\asus\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{F9389D45-D78F-4448-85B0-22C90BF4C652}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{056DA071-4F49-4830-AD63-AB5D5269B8B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1B27E940-C221-4BBA-8155-F055F7DB23F2}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{24A33CCF-011F-423A-8CAB-2838002A031D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{34C3E988-19C4-4076-8703-76157A99971F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{435B2682-1E82-4311-BD2C-6C4BF9DA6FFD}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{56C390FE-FBCE-4F94-8A68-B27C9C2D7595}C:\users\asus\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\asus\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{81A664F2-1598-495D-BCAB-929AC6F50A0E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9DF648F1-2AD8-45CF-B521-7342AE0683C8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A910CA21-C825-4010-BC92-90B79DD4BECC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B89A04BA-5163-4008-807A-F35B2710A81F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D329B893-F43C-4004-940B-140144C13308}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{D7EC0D91-E179-416D-B489-B212AD17B645}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E3204786-3219-4209-9278-21C9C02CC539}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{E6BE28FD-7367-4FBC-BB3E-89AE4503BA32}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{EA2A26F1-9E35-48CC-88B2-AE01C248BF84}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EC55580F-43DA-4FC2-8EC9-05C97CA43009}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{330A9A13-25F2-4E5F-8CE5-9D1AED7CA342}" = Microsoft Security Client
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE500B8E-564F-4D25-AE7F-7BDE30F64642}" = Deutsch (IBM) - Custom
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"mIRC" = mIRC
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = EasyBits GO
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2013 08:24:09 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
 
Error - 13.02.2013 08:24:09 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error - 13.02.2013 08:24:11 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2013 08:24:11 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2933
 
Error - 13.02.2013 08:24:11 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2933
 
Error - 13.02.2013 08:24:12 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2013 08:24:12 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4072
 
Error - 13.02.2013 08:24:12 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4072
 
Error - 13.02.2013 08:24:13 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2013 08:24:13 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
 
Error - 13.02.2013 08:24:13 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
 
[ OSession Events ]
Error - 08.11.2011 02:00:09 | Computer Name = Fuxi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 382
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.02.2013 07:57:11 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 01.03.2013 14:31:20 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 03.03.2013 13:45:25 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 03.03.2013 14:04:38 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 03.03.2013 14:04:38 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 03.03.2013 14:04:38 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%853     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.03.2013 07:23:02 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 04.03.2013 07:35:45 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.03.2013 07:35:45 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.03.2013 07:35:45 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%853     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
 
< End of report >
         

Hi,

• Doppelklick auf die OTL.exe, um das Programm auszuführen.

• Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

• Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code: Alles auswählenAufklappen

ATTFilter

:OTL
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
[2013.02.19 23:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

:Commands
[emptytemp]
[RESTHOSTS]
[Reboot]
         

• Den roten Run Fixes! Button anklicken.

• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

• Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

• %systemroot%\_OTL

Wie ist jetzt der Stand, Werbung noch da und was macht das Windowsupdate?

chris

Ja beides noch da!

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File  C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 removed from extensions.enabledItems
Prefs.js: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS
->Temp folder emptied: 120547027 bytes
->Temporary Internet Files folder emptied: 109949 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7317056 bytes
->Flash cache emptied: 3245 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86869495 bytes
RecycleBin emptied: 277650273 bytes
 
Total Files Cleaned = 470,00 mb
 
Error: Unable to interpret <[RESTHOSTS]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03062013_132859

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Hi,

auch nach Abfahren des OTL-Scripts...

Momentan sehe ich nichts starte Firefox mal im abgesicherten Modus (ohne Plugins), ist die Werbung noch da (dann wäre kein Plugin beteiligt), falls die Werbung weg ist, normal starten und alle Plugins per Hand disablen, Firefox neu starten eines enablen, firefox schließen, neu starten, prüfen etc. Irgendwann sollte die Werbung dann wieder da sein, und das schuldige Plugin ist gefunden (tarnt sich gut ;o)...

Wenn das nicht zum Erfolg führt, dann werden wir etwas "härter"..

chris

hab es als admin ausgeführt und die werbung kommt wieder

Hi,

hast Du die Add-Ons deaktiviert und Firefox neu gestartet?

Sonst wie folgt: Firefox starten->Hilfe->mit "deaktivierten Add-ons neu starten", Popup, Button ->"Neu starten". Dann prüfen ob die Popups weg sind...

Wenn nein:

Poste ein Screenshot vom Browser mit Werbung...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-03-10.02 - ASUS 10.03.2013  18:43:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3071.1887 [GMT 1:00]
ausgeführt von:: c:\users\ASUS\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {85C1E965-F997-4AB1-E20C-5C67B92E993B}
SP: Microsoft Security Essentials *Enabled/Updated* {3EA00881-DFAD-453F-D8BC-6715C2A9D386}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\users\ASUS\798.jpg
c:\windows\msvcr71.dll
c:\windows\system32\DEBUG.log
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-10 bis 2013-03-10  ))))))))))))))))))))))))))))))
.
.
2013-03-10 17:56 . 2013-03-10 17:56	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-10 17:53 . 2013-03-10 17:56	--------	d-----w-	c:\users\ASUS\AppData\Local\temp
2013-03-10 17:53 . 2013-03-10 17:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-10 17:36 . 2013-03-10 17:36	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 17:15 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AFB87C-3E54-499A-907F-93E55E7A16E1}\mpengine.dll
2013-03-06 18:14 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-04 11:35 . 2013-03-04 12:22	--------	d-----w-	c:\users\ASUS\Doctor Web
2013-02-25 20:39 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-24 21:10 . 2013-02-24 21:10	--------	d-----w-	c:\users\ASUS\AppData\Roaming\SUPERAntiSpyware.com
2013-02-24 20:50 . 2013-02-24 20:50	--------	d-----w-	C:\_OTL
2013-02-23 15:45 . 2013-02-23 15:45	--------	d-----w-	c:\program files\iPod
2013-02-23 15:45 . 2013-02-23 15:46	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-23 15:45 . 2013-02-23 15:46	--------	d-----w-	c:\program files\iTunes
2013-02-21 15:43 . 2013-02-21 15:43	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-21 15:42 . 2013-02-21 15:42	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-02-21 14:22 . 2013-02-21 14:30	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-02-20 16:57 . 2013-02-20 16:57	--------	d-----w-	c:\users\ASUS\AppData\Local\IsolatedStorage
2013-02-20 16:57 . 2013-02-20 16:57	--------	d-----w-	c:\users\ASUS\AppData\Local\MEDION
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 10:17 . 2013-01-08 22:01	768000	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-14 09:29 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 09:29 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-14 09:29 . 2013-01-04 11:28	914792	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 09:29 . 2013-01-04 01:55	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2013-02-14 09:29 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 09:29 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-12 22:07 . 2013-02-12 22:08	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2013-02-12 22:07 . 2013-02-12 22:08	--------	d-----w-	c:\program files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 17:55 . 2009-02-01 09:00	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-03-10 17:36 . 2012-06-25 14:27	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-10 17:36 . 2010-06-14 21:08	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-27 22:09 . 2012-10-18 22:18	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-27 22:09 . 2012-10-18 22:18	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2009-10-03 00:12	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-20 22:36	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-20 22:36	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-13 12:50 . 2012-12-13 12:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50	45056	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2008-07-02 03:28 . 2008-07-02 03:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2013-03-10 17:17 . 2013-03-10 17:16	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-02-28 929664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\ASUS\AppData\Local\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe [2013-2-22 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-02-01 08:54	47672	----a-w-	c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-02-01 08:54	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37	1263952	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-07-12 16:17	127040	----a-w-	c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2593200360-2997682069-409558613-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL5701E724
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 22:09]
.
2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000Core.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 21:25]
.
2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000UA.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 21:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vasdy6o4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.oe3.at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
HKCU-Run-Spotify - c:\users\ASUS\AppData\Roaming\Spotify\Spotify.exe
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ChkMail - c:\program files\ChkMail\ChkMail\ChkMail.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2593200360-2997682069-409558613-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,ec,05,39,14,4b,db,fc,36,f4,4b,be,42,0d,dc,a8,36,62,e5,98,38,
   99,db,2b,f3,33,f3,e7,64,80,d8,58,8f,dd,4a,84,3e,89,da,a2,68,2f,4c,15,42,f3,\
"rkeysecu"=hex:45,c7,43,b5,de,56,c8,d3,bd,4c,6d,93,b4,02,b5,b9
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1588)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dgdersvc.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\mcafee\SITEAD~1\saui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-10  19:02:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-10 18:02
.
Vor Suchlauf: 10 Verzeichnis(se), 89.757.601.792 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 89.366.499.328 Bytes frei
.
- - End Of File - - 9592B79644D2E993B7FF29FA0CADC347
         

Zitat:

Zitat von Chris4You

Hi,

hast Du die Add-Ons deaktiviert und Firefox neu gestartet?

Sonst wie folgt: Firefox starten->Hilfe->mit "deaktivierten Add-ons neu starten", Popup, Button ->"Neu starten". Dann prüfen ob die Popups weg sind...

da kam nix

Hi,

CF hat eine infizierte userinit ersetzt, das deutet auf TDSS hin..

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

Danach MAM updaten und FULLSCAN laufen lassen, Log posten...

aswMBR
Folge den Anweisungen hier.
Kurzanleitung:
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.

• Doppelklick auf die aswMBR.exe.

• Scan-Button anklicken

• Bootsectoren (MBR) etc. werden nun untersucht.....

• Log speichern und im Thread posten

Disable in Firefox folgende ADDons:
- DVDVideoSoft (Videodownloader)

chris

Code: Alles auswählenAufklappen

ATTFilter

11:11:51.0265 5616  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:11:51.0463 5616  ============================================================
11:11:51.0463 5616  Current date / time: 2013/03/11 11:11:51.0463
11:11:51.0463 5616  SystemInfo:
11:11:51.0463 5616  
11:11:51.0463 5616  OS Version: 6.0.6002 ServicePack: 2.0
11:11:51.0463 5616  Product type: Workstation
11:11:51.0463 5616  ComputerName: FUXI
11:11:51.0464 5616  UserName: ASUS
11:11:51.0464 5616  Windows directory: C:\Windows
11:11:51.0464 5616  System windows directory: C:\Windows
11:11:51.0464 5616  Processor architecture: Intel x86
11:11:51.0464 5616  Number of processors: 2
11:11:51.0464 5616  Page size: 0x1000
11:11:51.0464 5616  Boot type: Normal boot
11:11:51.0464 5616  ============================================================
11:11:54.0238 5616  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:11:54.0241 5616  ============================================================
11:11:54.0241 5616  \Device\Harddisk0\DR0:
11:11:54.0241 5616  MBR partitions:
11:11:54.0241 5616  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x165B5800
11:11:54.0260 5616  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x165B6800, BlocksNum 0xEE77800
11:11:54.0260 5616  ============================================================
11:11:54.0285 5616  C: <-> \Device\Harddisk0\DR0\Partition1
11:11:54.0331 5616  D: <-> \Device\Harddisk0\DR0\Partition2
11:11:54.0331 5616  ============================================================
11:11:54.0331 5616  Initialize success
11:11:54.0331 5616  ============================================================
11:12:24.0532 5984  ============================================================
11:12:24.0532 5984  Scan started
11:12:24.0532 5984  Mode: Manual; 
11:12:24.0532 5984  ============================================================
11:12:24.0936 5984  ================ Scan system memory ========================
11:12:24.0936 5984  System memory - ok
11:12:24.0937 5984  ================ Scan services =============================
11:12:25.0129 5984  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:12:25.0136 5984  ACPI - ok
11:12:25.0241 5984  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:12:25.0244 5984  AdobeARMservice - ok
11:12:25.0299 5984  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:12:25.0304 5984  AdobeFlashPlayerUpdateSvc - ok
11:12:25.0354 5984  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:12:25.0362 5984  adp94xx - ok
11:12:25.0395 5984  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:12:25.0407 5984  adpahci - ok
11:12:25.0429 5984  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:12:25.0435 5984  adpu160m - ok
11:12:25.0473 5984  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:12:25.0484 5984  adpu320 - ok
11:12:25.0559 5984  [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService     C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
11:12:25.0561 5984  ADSMService - ok
11:12:25.0584 5984  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:12:25.0590 5984  AeLookupSvc - ok
11:12:25.0636 5984  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
11:12:25.0645 5984  AFD - ok
11:12:25.0688 5984  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:12:25.0691 5984  agp440 - ok
11:12:25.0718 5984  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:12:25.0725 5984  aic78xx - ok
11:12:25.0755 5984  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
11:12:25.0761 5984  ALG - ok
11:12:25.0784 5984  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:12:25.0787 5984  aliide - ok
11:12:25.0821 5984  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:12:25.0825 5984  amdagp - ok
11:12:25.0854 5984  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:12:25.0858 5984  amdide - ok
11:12:25.0874 5984  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:12:25.0877 5984  AmdK7 - ok
11:12:25.0913 5984  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:12:25.0917 5984  AmdK8 - ok
11:12:25.0980 5984  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
11:12:25.0985 5984  Appinfo - ok
11:12:26.0065 5984  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:12:26.0070 5984  Apple Mobile Device - ok
11:12:26.0129 5984  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
11:12:26.0162 5984  arc - ok
11:12:26.0230 5984  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:12:26.0250 5984  arcsas - ok
11:12:26.0294 5984  [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys
11:12:26.0326 5984  AsDsm - ok
11:12:26.0376 5984  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
11:12:26.0381 5984  ASLDRService - ok
11:12:26.0411 5984  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
11:12:26.0413 5984  ASMMAP - ok
11:12:26.0530 5984  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:12:26.0538 5984  aspnet_state - ok
11:12:26.0576 5984  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:12:26.0579 5984  AsyncMac - ok
11:12:26.0617 5984  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:12:26.0620 5984  atapi - ok
11:12:26.0693 5984  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
11:12:26.0719 5984  athr - ok
11:12:26.0734 5984  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
11:12:26.0736 5984  ATKGFNEXSrv - ok
11:12:26.0805 5984  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
11:12:26.0815 5984  atksgt - ok
11:12:26.0853 5984  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:12:26.0864 5984  AudioEndpointBuilder - ok
11:12:26.0880 5984  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:12:26.0891 5984  Audiosrv - ok
11:12:26.0936 5984  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:12:26.0938 5984  Beep - ok
11:12:26.0993 5984  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
11:12:27.0009 5984  BFE - ok
11:12:27.0067 5984  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
11:12:27.0158 5984  BITS - ok
11:12:27.0194 5984  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:12:27.0198 5984  blbdrive - ok
11:12:27.0282 5984  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:12:27.0288 5984  Bonjour Service - ok
11:12:27.0315 5984  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:12:27.0318 5984  bowser - ok
11:12:27.0340 5984  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:12:27.0344 5984  BrFiltLo - ok
11:12:27.0361 5984  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:12:27.0364 5984  BrFiltUp - ok
11:12:27.0406 5984  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
11:12:27.0418 5984  Browser - ok
11:12:27.0435 5984  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:12:27.0440 5984  Brserid - ok
11:12:27.0466 5984  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:12:27.0472 5984  BrSerWdm - ok
11:12:27.0487 5984  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:12:27.0492 5984  BrUsbMdm - ok
11:12:27.0508 5984  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:12:27.0517 5984  BrUsbSer - ok
11:12:27.0540 5984  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:12:27.0546 5984  BTHMODEM - ok
11:12:27.0617 5984  catchme - ok
11:12:27.0650 5984  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:12:27.0654 5984  cdfs - ok
11:12:27.0688 5984  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:12:27.0692 5984  cdrom - ok
11:12:27.0736 5984  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:12:27.0746 5984  CertPropSvc - ok
11:12:27.0790 5984  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
11:12:27.0795 5984  circlass - ok
11:12:27.0840 5984  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
11:12:27.0856 5984  CLFS - ok
11:12:27.0915 5984  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:27.0926 5984  clr_optimization_v2.0.50727_32 - ok
11:12:27.0955 5984  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:12:27.0964 5984  clr_optimization_v4.0.30319_32 - ok
11:12:27.0999 5984  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:12:28.0003 5984  CmBatt - ok
11:12:28.0026 5984  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:12:28.0030 5984  cmdide - ok
11:12:28.0052 5984  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:12:28.0057 5984  Compbatt - ok
11:12:28.0068 5984  COMSysApp - ok
11:12:28.0087 5984  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:12:28.0093 5984  crcdisk - ok
11:12:28.0120 5984  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:12:28.0125 5984  Crusoe - ok
11:12:28.0179 5984  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:12:28.0196 5984  CryptSvc - ok
11:12:28.0260 5984  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:12:28.0350 5984  DcomLaunch - ok
11:12:28.0374 5984  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:12:28.0380 5984  DfsC - ok
11:12:28.0487 5984  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
11:12:28.0534 5984  DFSR - ok
11:12:28.0576 5984  [ 3BE1651C63954067940E7F473498AD70 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
11:12:28.0580 5984  dgderdrv - ok
11:12:28.0618 5984  [ 10B8F89D146D0E20B1284D47BB4EC6C9 ] dgdersvc        C:\Windows\system32\dgdersvc.exe
11:12:28.0644 5984  dgdersvc - ok
11:12:28.0691 5984  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:12:28.0722 5984  Dhcp - ok
11:12:28.0765 5984  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
11:12:28.0769 5984  disk - ok
11:12:28.0826 5984  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:12:28.0853 5984  Dnscache - ok
11:12:28.0889 5984  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:12:28.0918 5984  dot3svc - ok
11:12:28.0955 5984  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
11:12:28.0986 5984  DPS - ok
11:12:29.0020 5984  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:12:29.0024 5984  drmkaud - ok
11:12:29.0075 5984  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:12:29.0085 5984  DXGKrnl - ok
11:12:29.0109 5984  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:12:29.0115 5984  E1G60 - ok
11:12:29.0145 5984  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
11:12:29.0179 5984  EapHost - ok
11:12:29.0227 5984  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:12:29.0235 5984  Ecache - ok
11:12:29.0306 5984  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:12:29.0316 5984  ehRecvr - ok
11:12:29.0341 5984  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
11:12:29.0348 5984  ehSched - ok
11:12:29.0365 5984  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
11:12:29.0371 5984  ehstart - ok
11:12:29.0421 5984  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:12:29.0435 5984  elxstor - ok
11:12:29.0485 5984  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:12:29.0545 5984  EMDMgmt - ok
11:12:29.0585 5984  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:12:29.0589 5984  ErrDev - ok
11:12:29.0639 5984  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
11:12:29.0672 5984  EventSystem - ok
11:12:29.0726 5984  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
11:12:29.0733 5984  exfat - ok
11:12:29.0775 5984  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:12:29.0782 5984  fastfat - ok
11:12:29.0822 5984  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:12:29.0827 5984  fdc - ok
11:12:29.0854 5984  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:12:29.0886 5984  fdPHost - ok
11:12:29.0907 5984  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:12:29.0940 5984  FDResPub - ok
11:12:29.0962 5984  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:12:29.0967 5984  FileInfo - ok
11:12:29.0988 5984  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:12:29.0994 5984  Filetrace - ok
11:12:30.0057 5984  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:12:30.0077 5984  FLEXnet Licensing Service - ok
11:12:30.0107 5984  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:12:30.0113 5984  flpydisk - ok
11:12:30.0148 5984  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:12:30.0154 5984  FltMgr - ok
11:12:30.0243 5984  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
11:12:30.0296 5984  FontCache - ok
11:12:30.0355 5984  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:12:30.0359 5984  FontCache3.0.0.0 - ok
11:12:30.0389 5984  [ 574CEA4D3510EC905C0163C42D305BA5 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
11:12:30.0396 5984  fssfltr - ok
11:12:30.0486 5984  [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:12:30.0511 5984  fsssvc - ok
11:12:30.0532 5984  FsUsbExDisk - ok
11:12:30.0567 5984  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:12:30.0574 5984  Fs_Rec - ok
11:12:30.0606 5984  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:12:30.0614 5984  gagp30kx - ok
11:12:30.0643 5984  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:12:30.0650 5984  GEARAspiWDM - ok
11:12:30.0708 5984  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:12:30.0766 5984  gpsvc - ok
11:12:30.0853 5984  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:12:30.0864 5984  HdAudAddService - ok
11:12:30.0917 5984  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:12:30.0926 5984  HDAudBus - ok
11:12:30.0952 5984  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:12:30.0957 5984  HidBth - ok
11:12:30.0992 5984  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:12:30.0997 5984  HidIr - ok
11:12:31.0032 5984  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
11:12:31.0069 5984  hidserv - ok
11:12:31.0087 5984  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:12:31.0092 5984  HidUsb - ok
11:12:31.0136 5984  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:12:31.0186 5984  hkmsvc - ok
11:12:31.0206 5984  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:12:31.0212 5984  HpCISSs - ok
11:12:31.0250 5984  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:12:31.0265 5984  HTTP - ok
11:12:31.0295 5984  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:12:31.0301 5984  i2omp - ok
11:12:31.0343 5984  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:12:31.0349 5984  i8042prt - ok
11:12:31.0371 5984  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:12:31.0382 5984  iaStorV - ok
11:12:31.0451 5984  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:12:31.0455 5984  IDriverT - ok
11:12:31.0529 5984  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:12:31.0554 5984  idsvc - ok
11:12:31.0580 5984  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:12:31.0588 5984  iirsp - ok
11:12:31.0632 5984  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:12:31.0693 5984  IKEEXT - ok
11:12:31.0815 5984  [ 0557AAEE4C86E2C333ACD2BAF42A7619 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:12:31.0893 5984  IntcAzAudAddService - ok
11:12:31.0936 5984  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:12:31.0943 5984  intelide - ok
11:12:31.0975 5984  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:12:31.0981 5984  intelppm - ok
11:12:32.0016 5984  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:12:32.0070 5984  IPBusEnum - ok
11:12:32.0094 5984  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:12:32.0101 5984  IpFilterDriver - ok
11:12:32.0143 5984  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:12:32.0197 5984  iphlpsvc - ok
11:12:32.0208 5984  IpInIp - ok
11:12:32.0247 5984  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:12:32.0256 5984  IPMIDRV - ok
11:12:32.0277 5984  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:12:32.0284 5984  IPNAT - ok
11:12:32.0334 5984  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:12:32.0342 5984  iPod Service - ok
11:12:32.0366 5984  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:12:32.0373 5984  IRENUM - ok
11:12:32.0398 5984  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:12:32.0406 5984  isapnp - ok
11:12:32.0448 5984  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:12:32.0459 5984  iScsiPrt - ok
11:12:32.0489 5984  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:12:32.0496 5984  iteatapi - ok
11:12:32.0532 5984  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:12:32.0539 5984  iteraid - ok
11:12:32.0563 5984  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:12:32.0570 5984  kbdclass - ok
11:12:32.0585 5984  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:12:32.0597 5984  kbdhid - ok
11:12:32.0641 5984  [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
11:12:32.0649 5984  kbfiltr - ok
11:12:32.0679 5984  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
11:12:32.0746 5984  KeyIso - ok
11:12:32.0798 5984  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:12:32.0821 5984  KSecDD - ok
11:12:32.0877 5984  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:12:32.0963 5984  KtmRm - ok
11:12:33.0000 5984  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:12:33.0122 5984  LanmanServer - ok
11:12:33.0229 5984  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:12:33.0370 5984  LanmanWorkstation - ok
11:12:33.0404 5984  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
11:12:33.0410 5984  lirsgt - ok
11:12:33.0432 5984  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:12:33.0439 5984  lltdio - ok
11:12:33.0475 5984  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:12:33.0531 5984  lltdsvc - ok
11:12:33.0553 5984  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:12:33.0603 5984  lmhosts - ok
11:12:33.0629 5984  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:12:33.0638 5984  LSI_FC - ok
11:12:33.0670 5984  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:12:33.0678 5984  LSI_SAS - ok
11:12:33.0725 5984  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:12:33.0733 5984  LSI_SCSI - ok
11:12:33.0775 5984  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
11:12:33.0783 5984  luafv - ok
11:12:33.0827 5984  [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
11:12:33.0833 5984  lullaby - ok
11:12:33.0873 5984  [ C6D085C7045200143528136A43A65FDE ] ManyCam         C:\Windows\system32\DRIVERS\ManyCam.sys
11:12:33.0882 5984  ManyCam - ok
11:12:33.0939 5984  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:12:33.0947 5984  MBAMProtector - ok
11:12:34.0006 5984  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:12:34.0012 5984  MBAMScheduler - ok
11:12:34.0053 5984  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:12:34.0062 5984  MBAMService - ok
11:12:34.0112 5984  [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
11:12:34.0115 5984  McAfee SiteAdvisor Service - ok
11:12:34.0142 5984  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:12:34.0196 5984  Mcx2Svc - ok
11:12:34.0231 5984  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:12:34.0237 5984  megasas - ok
11:12:34.0274 5984  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
11:12:34.0289 5984  MegaSR - ok
11:12:34.0315 5984  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
11:12:34.0373 5984  MMCSS - ok
11:12:34.0395 5984  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
11:12:34.0402 5984  Modem - ok
11:12:34.0418 5984  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:12:34.0424 5984  monitor - ok
11:12:34.0462 5984  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:12:34.0469 5984  mouclass - ok
11:12:34.0491 5984  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:12:34.0497 5984  mouhid - ok
11:12:34.0521 5984  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:12:34.0528 5984  MountMgr - ok
11:12:34.0571 5984  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:12:34.0682 5984  MozillaMaintenance - ok
11:12:34.0713 5984  [ 8D745200A0928743D9DF22258861A807 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:12:34.0722 5984  MpFilter - ok
11:12:34.0753 5984  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:12:34.0759 5984  mpio - ok
11:12:34.0891 5984  [ A69630D039C38018689190234F866D77 ] MpKsl5701e724   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8AFB87C-3E54-499A-907F-93E55E7A16E1}\MpKsl5701e724.sys
11:12:34.0893 5984  MpKsl5701e724 - ok
11:12:34.0926 5984  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:12:34.0935 5984  mpsdrv - ok
11:12:34.0978 5984  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:12:35.0064 5984  MpsSvc - ok
11:12:35.0108 5984  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:12:35.0117 5984  Mraid35x - ok
11:12:35.0147 5984  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:12:35.0158 5984  MRxDAV - ok
11:12:35.0188 5984  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:12:35.0198 5984  mrxsmb - ok
11:12:35.0229 5984  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:12:35.0242 5984  mrxsmb10 - ok
11:12:35.0265 5984  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:12:35.0277 5984  mrxsmb20 - ok
11:12:35.0298 5984  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
11:12:35.0306 5984  msahci - ok
11:12:35.0334 5984  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:12:35.0343 5984  msdsm - ok
11:12:35.0373 5984  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
11:12:35.0452 5984  MSDTC - ok
11:12:35.0494 5984  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:12:35.0500 5984  Msfs - ok
11:12:35.0516 5984  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:12:35.0526 5984  msisadrv - ok
11:12:35.0559 5984  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:12:35.0603 5984  MSiSCSI - ok
11:12:35.0618 5984  msiserver - ok
11:12:35.0643 5984  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:12:35.0651 5984  MSKSSRV - ok
11:12:35.0713 5984  [ B15ECEAF5B36C6F9C1B3930A6C3DB1DE ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:12:35.0715 5984  MsMpSvc - ok
11:12:35.0763 5984  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:12:35.0770 5984  MSPCLOCK - ok
11:12:35.0795 5984  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:12:35.0802 5984  MSPQM - ok
11:12:35.0836 5984  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:12:35.0845 5984  MsRPC - ok
11:12:35.0871 5984  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:12:35.0878 5984  mssmbios - ok
11:12:35.0888 5984  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:12:35.0900 5984  MSTEE - ok
11:12:35.0946 5984  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
11:12:35.0949 5984  MTsensor - ok
11:12:35.0964 5984  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
11:12:35.0972 5984  Mup - ok
11:12:36.0006 5984  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
11:12:36.0090 5984  napagent - ok
11:12:36.0132 5984  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:12:36.0144 5984  NativeWifiP - ok
11:12:36.0201 5984  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:12:36.0215 5984  NDIS - ok
11:12:36.0244 5984  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:12:36.0251 5984  NdisTapi - ok
11:12:36.0265 5984  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:12:36.0272 5984  Ndisuio - ok
11:12:36.0306 5984  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:12:36.0315 5984  NdisWan - ok
11:12:36.0327 5984  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:12:36.0336 5984  NDProxy - ok
11:12:36.0431 5984  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
11:12:36.0460 5984  Netaapl - ok
11:12:36.0491 5984  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:12:36.0527 5984  NetBIOS - ok
11:12:36.0558 5984  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:12:36.0572 5984  netbt - ok
11:12:36.0590 5984  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
11:12:36.0659 5984  Netlogon - ok
11:12:36.0708 5984  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
11:12:36.0775 5984  Netman - ok
11:12:36.0803 5984  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:12:36.0814 5984  NetMsmqActivator - ok
11:12:36.0823 5984  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:12:36.0834 5984  NetPipeActivator - ok
11:12:36.0864 5984  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
11:12:36.0937 5984  netprofm - ok
11:12:36.0947 5984  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:12:36.0960 5984  NetTcpActivator - ok
11:12:36.0970 5984  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:12:36.0982 5984  NetTcpPortSharing - ok
11:12:37.0031 5984  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:12:37.0040 5984  nfrd960 - ok
11:12:37.0078 5984  [ ECA329684BDE55E3939F73B25E5CFC86 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:12:37.0086 5984  NisDrv - ok
11:12:37.0115 5984  [ 0579ACAB3764CBFBE92E53C5F04E2A0D ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
11:12:37.0124 5984  NisSrv - ok
11:12:37.0157 5984  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:12:37.0228 5984  NlaSvc - ok
11:12:37.0273 5984  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:12:37.0282 5984  Npfs - ok
11:12:37.0304 5984  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
11:12:37.0374 5984  nsi - ok
11:12:37.0401 5984  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:12:37.0410 5984  nsiproxy - ok
11:12:37.0476 5984  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:12:37.0498 5984  Ntfs - ok
11:12:37.0543 5984  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:12:37.0551 5984  ntrigdigi - ok
11:12:37.0562 5984  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
11:12:37.0570 5984  Null - ok
11:12:37.0884 5984  [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:12:38.0014 5984  nvlddmkm - ok
11:12:38.0056 5984  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:12:38.0067 5984  nvraid - ok
11:12:38.0093 5984  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:12:38.0102 5984  nvstor - ok
11:12:38.0141 5984  [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:12:38.0218 5984  nvsvc - ok
11:12:38.0244 5984  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:12:38.0266 5984  nv_agp - ok
11:12:38.0278 5984  NwlnkFlt - ok
11:12:38.0289 5984  NwlnkFwd - ok
11:12:38.0386 5984  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:12:38.0404 5984  odserv - ok
11:12:38.0445 5984  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:12:38.0453 5984  ohci1394 - ok
11:12:38.0489 5984  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:38.0492 5984  ose - ok
11:12:38.0563 5984  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:12:38.0674 5984  p2pimsvc - ok
11:12:38.0695 5984  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:12:38.0777 5984  p2psvc - ok
11:12:38.0802 5984  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
11:12:38.0812 5984  Parport - ok
11:12:38.0840 5984  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:12:38.0849 5984  partmgr - ok
11:12:38.0869 5984  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:12:38.0878 5984  Parvdm - ok
11:12:38.0910 5984  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:12:38.0988 5984  PcaSvc - ok
11:12:39.0007 5984  pccsmcfd - ok
11:12:39.0050 5984  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
11:12:39.0059 5984  pci - ok
11:12:39.0094 5984  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
11:12:39.0103 5984  pciide - ok
11:12:39.0143 5984  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:12:39.0154 5984  pcmcia - ok
11:12:39.0203 5984  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:12:39.0232 5984  PEAUTH - ok
11:12:39.0328 5984  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
11:12:39.0443 5984  pla - ok
11:12:39.0479 5984  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:12:39.0584 5984  PlugPlay - ok
11:12:39.0617 5984  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:12:39.0698 5984  PNRPAutoReg - ok
11:12:39.0723 5984  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:12:39.0805 5984  PNRPsvc - ok
11:12:39.0838 5984  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:12:39.0887 5984  PolicyAgent - ok
11:12:39.0931 5984  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:12:39.0941 5984  PptpMiniport - ok
11:12:39.0966 5984  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
11:12:39.0975 5984  Processor - ok
11:12:40.0013 5984  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:12:40.0096 5984  ProfSvc - ok
11:12:40.0112 5984  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:12:40.0164 5984  ProtectedStorage - ok
11:12:40.0195 5984  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:12:40.0204 5984  PSched - ok
11:12:40.0280 5984  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:12:40.0319 5984  ql2300 - ok
11:12:40.0342 5984  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:12:40.0353 5984  ql40xx - ok
11:12:40.0394 5984  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
11:12:40.0479 5984  QWAVE - ok
11:12:40.0510 5984  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:12:40.0519 5984  QWAVEdrv - ok
11:12:40.0587 5984  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
11:12:40.0596 5984  RapiMgr - ok
11:12:40.0611 5984  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:12:40.0619 5984  RasAcd - ok
11:12:40.0654 5984  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
11:12:40.0738 5984  RasAuto - ok
11:12:40.0757 5984  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:12:40.0767 5984  Rasl2tp - ok
11:12:40.0813 5984  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
11:12:40.0899 5984  RasMan - ok
11:12:40.0933 5984  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:12:40.0942 5984  RasPppoe - ok
11:12:40.0962 5984  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:12:40.0976 5984  RasSstp - ok
11:12:41.0004 5984  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:12:41.0020 5984  rdbss - ok
11:12:41.0052 5984  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:12:41.0061 5984  RDPCDD - ok
11:12:41.0095 5984  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:12:41.0107 5984  rdpdr - ok
11:12:41.0116 5984  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:12:41.0127 5984  RDPENCDD - ok
11:12:41.0168 5984  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:12:41.0183 5984  RDPWD - ok
11:12:41.0222 5984  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:12:41.0282 5984  RemoteAccess - ok
11:12:41.0313 5984  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:12:41.0395 5984  RemoteRegistry - ok
11:12:41.0448 5984  [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
11:12:41.0458 5984  rimmptsk - ok
11:12:41.0472 5984  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
11:12:41.0483 5984  rimsptsk - ok
11:12:41.0498 5984  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
11:12:41.0509 5984  rismxdp - ok
11:12:41.0523 5984  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
11:12:41.0574 5984  RpcLocator - ok
11:12:41.0604 5984  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
11:12:41.0692 5984  RpcSs - ok
11:12:41.0730 5984  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:12:41.0742 5984  rspndr - ok
11:12:41.0757 5984  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
11:12:41.0808 5984  SamSs - ok
11:12:41.0829 5984  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:12:41.0841 5984  sbp2port - ok
11:12:41.0870 5984  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:12:41.0956 5984  SCardSvr - ok
11:12:41.0999 5984  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
11:12:42.0089 5984  Schedule - ok
11:12:42.0114 5984  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:12:42.0124 5984  SCPolicySvc - ok
11:12:42.0165 5984  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:12:42.0175 5984  sdbus - ok
11:12:42.0207 5984  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:12:42.0294 5984  SDRSVC - ok
11:12:42.0327 5984  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:12:42.0337 5984  secdrv - ok
11:12:42.0351 5984  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
11:12:42.0437 5984  seclogon - ok
11:12:42.0456 5984  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
11:12:42.0545 5984  SENS - ok
11:12:42.0562 5984  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:12:42.0573 5984  Serenum - ok
11:12:42.0592 5984  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
11:12:42.0604 5984  Serial - ok
11:12:42.0627 5984  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:12:42.0637 5984  sermouse - ok
11:12:42.0692 5984  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:12:42.0787 5984  SessionEnv - ok
11:12:42.0809 5984  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
11:12:42.0822 5984  sffdisk - ok
11:12:42.0853 5984  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:12:42.0865 5984  sffp_mmc - ok
11:12:42.0899 5984  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
11:12:42.0911 5984  sffp_sd - ok
11:12:42.0925 5984  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:12:42.0939 5984  sfloppy - ok
11:12:42.0975 5984  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:12:43.0023 5984  SharedAccess - ok
11:12:43.0064 5984  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:12:43.0153 5984  ShellHWDetection - ok
11:12:43.0174 5984  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:12:43.0184 5984  sisagp - ok
11:12:43.0231 5984  [ 73838461F11FC7DAEE7922C945B2D74F ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSGB6.sys
11:12:43.0241 5984  SiSGbeLH - ok
11:12:43.0271 5984  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:12:43.0282 5984  SiSRaid2 - ok
11:12:43.0306 5984  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:12:43.0318 5984  SiSRaid4 - ok
11:12:43.0442 5984  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
11:12:43.0570 5984  slsvc - ok
11:12:43.0598 5984  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:12:43.0685 5984  SLUINotify - ok
11:12:43.0727 5984  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:12:43.0738 5984  Smb - ok
11:12:43.0799 5984  [ C8A58FC905C9184FA70E37F71060C64D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
11:12:43.0836 5984  smserial - ok
11:12:43.0881 5984  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:12:43.0968 5984  SNMPTRAP - ok
11:12:44.0056 5984  [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
11:12:44.0083 5984  SNP2UVC - ok
11:12:44.0106 5984  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
11:12:44.0117 5984  spldr - ok
11:12:44.0137 5984  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
11:12:44.0226 5984  Spooler - ok
11:12:44.0289 5984  [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd            C:\Windows\system32\Drivers\sptd.sys
11:12:44.0298 5984  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A80CD850D69D996C832BEA37E3A6AA1E
11:12:44.0302 5984  sptd ( LockedFile.Multi.Generic ) - warning
11:12:44.0302 5984  sptd - detected LockedFile.Multi.Generic (1)
11:12:44.0346 5984  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:12:44.0363 5984  srv - ok
11:12:44.0390 5984  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:12:44.0404 5984  srv2 - ok
11:12:44.0418 5984  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:12:44.0431 5984  srvnet - ok
11:12:44.0458 5984  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:12:44.0557 5984  SSDPSRV - ok
11:12:44.0587 5984  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:12:44.0681 5984  SstpSvc - ok
11:12:44.0727 5984  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
11:12:44.0835 5984  stisvc - ok
11:12:44.0857 5984  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:12:44.0868 5984  swenum - ok
11:12:44.0906 5984  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
11:12:45.0004 5984  swprv - ok
11:12:45.0033 5984  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:12:45.0045 5984  Symc8xx - ok
11:12:45.0062 5984  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:12:45.0073 5984  Sym_hi - ok
11:12:45.0095 5984  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:12:45.0107 5984  Sym_u3 - ok
11:12:45.0145 5984  [ 55F6E55CC2430CA8713387106FA79817 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:12:45.0160 5984  SynTP - ok
11:12:45.0203 5984  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
11:12:45.0310 5984  SysMain - ok
11:12:45.0349 5984  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:12:45.0442 5984  TabletInputService - ok
11:12:45.0473 5984  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
11:12:45.0484 5984  taphss - ok
11:12:45.0526 5984  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:12:45.0621 5984  TapiSrv - ok
11:12:45.0647 5984  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
11:12:45.0741 5984  TBS - ok
11:12:45.0802 5984  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:12:45.0821 5984  Tcpip - ok
11:12:45.0852 5984  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:12:45.0870 5984  Tcpip6 - ok
11:12:45.0902 5984  [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:12:45.0912 5984  tcpipreg - ok
11:12:45.0940 5984  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:12:45.0951 5984  TDPIPE - ok
11:12:45.0968 5984  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:12:45.0980 5984  TDTCP - ok
11:12:46.0018 5984  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:12:46.0028 5984  tdx - ok
11:12:46.0038 5984  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:12:46.0054 5984  TermDD - ok
11:12:46.0095 5984  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
11:12:46.0193 5984  TermService - ok
11:12:46.0220 5984  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
11:12:46.0310 5984  Themes - ok
11:12:46.0327 5984  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:12:46.0382 5984  THREADORDER - ok
11:12:46.0419 5984  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
11:12:46.0517 5984  TrkWks - ok
11:12:46.0582 5984  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:12:46.0584 5984  TrustedInstaller - ok
11:12:46.0637 5984  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:12:46.0671 5984  tssecsrv - ok
11:12:46.0785 5984  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:12:46.0796 5984  tunmp - ok
11:12:46.0823 5984  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:12:46.0834 5984  tunnel - ok
11:12:46.0849 5984  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:12:46.0861 5984  uagp35 - ok
11:12:46.0889 5984  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:12:46.0905 5984  udfs - ok
11:12:46.0951 5984  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:12:47.0045 5984  UI0Detect - ok
11:12:47.0078 5984  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:12:47.0091 5984  uliagpkx - ok
11:12:47.0125 5984  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:12:47.0143 5984  uliahci - ok
11:12:47.0172 5984  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:12:47.0185 5984  UlSata - ok
11:12:47.0210 5984  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:12:47.0224 5984  ulsata2 - ok
11:12:47.0243 5984  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:12:47.0292 5984  umbus - ok
11:12:47.0320 5984  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
11:12:47.0419 5984  upnphost - ok
11:12:47.0453 5984  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
11:12:47.0515 5984  USBAAPL - ok
11:12:47.0552 5984  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:12:47.0567 5984  usbccgp - ok
11:12:47.0606 5984  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:12:47.0619 5984  usbcir - ok
11:12:47.0658 5984  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:12:47.0670 5984  usbehci - ok
11:12:47.0701 5984  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:12:47.0717 5984  usbhub - ok
11:12:47.0732 5984  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:12:47.0744 5984  usbohci - ok
11:12:47.0781 5984  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:12:47.0793 5984  usbprint - ok
11:12:47.0828 5984  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:12:47.0841 5984  usbscan - ok
11:12:47.0876 5984  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:12:47.0889 5984  USBSTOR - ok
11:12:47.0908 5984  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:12:47.0920 5984  usbuhci - ok
11:12:47.0954 5984  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:12:47.0969 5984  usbvideo - ok
11:12:47.0999 5984  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
11:12:48.0100 5984  UxSms - ok
11:12:48.0138 5984  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
11:12:48.0239 5984  vds - ok
11:12:48.0253 5984  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:12:48.0266 5984  vga - ok
11:12:48.0288 5984  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:12:48.0300 5984  VgaSave - ok
11:12:48.0317 5984  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:12:48.0335 5984  viaagp - ok
11:12:48.0368 5984  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:12:48.0381 5984  ViaC7 - ok
11:12:48.0405 5984  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
11:12:48.0417 5984  viaide - ok
11:12:48.0444 5984  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:12:48.0457 5984  volmgr - ok
11:12:48.0483 5984  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:12:48.0502 5984  volmgrx - ok
11:12:48.0543 5984  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:12:48.0566 5984  volsnap - ok
11:12:48.0599 5984  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:12:48.0613 5984  vsmraid - ok
11:12:48.0672 5984  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
11:12:48.0782 5984  VSS - ok