Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Netbook Backdoor versucht, Passwörter gehackt! (https://www.trojaner-board.de/115102-netbook-backdoor-versucht-passwoerter-gehackt.html)

donniedarko 14.05.2012 09:24
Netbook Backdoor versucht, Passwörter gehackt!
 
Hallo Leute,
Gestern bekamen ein paar Leute von mir eine Spammail von meinem GMX-Account inkl. Virus.
Ich vermute ich hab mir irgendwas eingefangen. :headbang:

Ich hoffe ihr könnt mich weiterhelfen.
Code:
Malwarebytes:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.13.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: MARCUS-EEEPC [Administrator]

Schutz: Aktiviert

14.05.2012 00:58:21
mbam-log-2012-05-14 (00-58-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200770
Laufzeit: 22 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Marcus\AppData\Local\Temp\is-BSUII.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)






OTL:
OTL Logfile:
Code:
OTL logfile created on: 5/14/2012 9:54:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\Marcus\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 235.43 Mb Available Physical Memory | 23.21% Memory free
1.99 Gb Paging File | 0.73 Gb Available in Paging File | 36.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.94 Gb Free Space | 19.92% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 13.59 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2012/05/06 11:40:43 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/05 15:38:12 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 19:03:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/06 11:40:42 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/18 09:26:14 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 11:40:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/05 15:38:12 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 19:03:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj77l0wd)
DRV - [2012/05/14 09:50:59 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\weckg.sys -- (jdwrp)
DRV - [2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 15:38:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/05 15:38:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/10 18:02:47 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/10 09:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [1999/03/06 13:38:28 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASUSHWIO.SYS -- (asushwio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\..\SearchScopes,DefaultScope = {CFB29CFD-38CD-45DA-8D09-B824417EEEB1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{CFB29CFD-38CD-45DA-8D09-B824417EEEB1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 16:42:08 | 000,000,000 | ---D | M]
 
[2011/01/03 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/05/02 20:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions
[2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 18:34:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/15 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/30 18:34:26 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011/08/23 21:08:26 | 000,025,939 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2012/05/06 11:40:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/03 23:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/12/21 11:14:26 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/06 21:43:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 21:43:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/06 21:43:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/10/06 21:43:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 21:43:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 21:43:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON BX305 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A020C8-05B7-4AAD-B2AC-EB300F9D73D4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60F15E-2C5D-436D-80C2-6B3D7392C60A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 01:01:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:56:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2012/05/14 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 00:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 00:56:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/14 00:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 00:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/14 00:34:39 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/05/14 00:11:19 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/05/14 00:08:16 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/05/13 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Avira
[2012/05/08 16:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO
[2012/05/08 16:32:14 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2012/05/06 11:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012/05/03 11:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/05/03 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/05/03 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/05/03 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012/05/03 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/04/21 13:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/19 13:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 09:50:59 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\weckg.sys
[2012/05/14 09:30:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:04:17 | 000,002,413 | ---- | M] () -- C:\windows\System32\lgAxconfig.ini
[2012/05/13 20:29:09 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/13 20:04:59 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 20:04:59 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 19:52:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/13 19:51:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 12:18:24 | 000,440,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/11 11:30:03 | 000,657,676 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/11 11:30:03 | 000,618,912 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/11 11:30:03 | 000,131,016 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/11 11:30:03 | 000,107,232 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/10 14:58:41 | 000,000,008 | ---- | M] () -- C:\windows\System32\ctsn32.dll
[2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\windows\System32\drivers\CESG502.SYS
[2012/05/08 16:34:43 | 000,000,008 | ---- | M] () -- C:\windows\System32\tcdl2.dll
[2012/05/03 11:09:05 | 000,000,308 | ---- | M] () -- C:\windows\setup.iss
[2012/04/19 13:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/14 09:50:59 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\weckg.sys
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\tcdl2.dll
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\ctsn32.dll
[2012/05/03 11:08:34 | 000,000,308 | ---- | C] () -- C:\windows\setup.iss
[2012/04/19 13:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/01/30 21:54:11 | 000,038,428 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/01/30 21:54:06 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/11 20:01:15 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2011/08/11 20:01:15 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2011/07/05 16:46:03 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/05/25 22:22:57 | 000,038,422 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011/02/18 12:42:06 | 000,007,607 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2011/01/11 13:32:05 | 000,008,192 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 22:30:01 | 000,111,104 | ---- | C] () -- C:\windows\System32\Uharc.exe
[2011/01/03 22:30:01 | 000,008,636 | ---- | C] () -- C:\windows\System32\modifype.exe
[2010/12/29 08:43:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/12/28 19:50:41 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010/12/28 19:34:48 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/12/28 19:34:48 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010/06/24 18:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 18:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 18:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 18:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 18:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
 
========== LOP Check ==========
 
[2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon
[2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc
[2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink
[2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts
[2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy
[2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software
[2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter
[2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC
[2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda
[2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org
[2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity
[2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar
[2012/04/26 12:51:08 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/06/23 22:21:29 | 001,048,576 | -H-- | M] () -- C:\CAPTURE.AVI
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | -H-- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | -H-- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | -H-- | M] () -- C:\globdata.ini
[2012/05/13 19:51:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | -H-- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | -H-- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | -H-- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/05/13 19:51:58 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2010/12/28 19:35:33 | 000,002,119 | -H-- | M] () -- C:\RHDSetup.log
[2007/11/07 09:00:40 | 000,005,686 | -H-- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | -H-- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | -H-- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/06/22 19:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/14 03:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 03:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009/07/10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\windows\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\windows\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\windows\system32\ws2help.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-13 22:42:36
 
<          >

< End of report >
--- --- ---
[/code]



Extras:
OTL Logfile:
Code:
OTL Extras logfile created on: 5/14/2012 9:54:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\Marcus\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 235.43 Mb Available Physical Memory | 23.21% Memory free
1.99 Gb Paging File | 0.73 Gb Available in Paging File | 36.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.94 Gb Free Space | 19.92% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 13.59 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C41E75-88D4-45A6-B4F2-0E75A36617AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A3885C6-B8A6-46A9-8A49-A9C913D8D1F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1330C376-17AA-432C-8F13-75129C37C549}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17575CF3-DCBB-4B3C-9A95-0CAAFBFBA718}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18EF1DE9-896F-4C13-BBB2-2FD990AFDCBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B65B3BA-7F73-459C-998F-A94774088207}" = rport=137 | protocol=17 | dir=out | app=system |
"{230E1CA9-C97D-4E4E-86FC-3AE1C46DBCAC}" = rport=138 | protocol=17 | dir=out | app=system |
"{2573D109-4EEE-4BBD-B95E-E049E6E29A5B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2CE5D76A-BBC1-4835-B6AA-85C8465CD1ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{392CEE02-A3EE-430D-AA5E-FEC1B1AC8A20}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D2411A3-868D-47C5-90A6-9D2452A35706}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F7DF836-7684-4D97-89F6-78DC410743D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{416E336B-CA6B-4866-A9E7-F2F9463CB92A}" = rport=139 | protocol=6 | dir=out | app=system |
"{47EFD8EF-7C41-4BF0-8E35-ECA7EB990F0C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FE3A40A-D7AE-4C16-B2FE-DBE2DC482CCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53CC27A5-7396-4F92-A872-228029B1C1C5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{56764840-778A-49A1-940E-F0E22806E862}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FF7322A-5A9C-4296-A343-1E6319BC0D92}" = lport=137 | protocol=17 | dir=in | app=system |
"{6357E87C-F789-4C79-8717-DE4D2635A231}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63678C75-EF5D-40AA-91A6-7D4908264E0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6ED2F8F2-DED5-43E1-927E-B14EF954791B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{784A2AC3-DA31-4BE6-B9BC-5368B524765A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D79EC28-4392-4E85-8DC9-AAEA15026FD2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{811AD7F3-5434-437B-88D4-61508F96512D}" = rport=445 | protocol=6 | dir=out | app=system |
"{82550C39-611F-4519-8DA1-D29AA4BFB658}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88583089-283B-4E85-8649-BBDCF9E43793}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{966438D6-71B9-49C0-9CC4-F32770150E06}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B41D560-72DB-4D83-9C3B-0485D273F16E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B85B4608-D475-400A-A335-8F84A9F8A8B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF6DE93D-B6E6-4AC2-BC7B-3A37573DB46C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C8664489-5B02-42E0-AC8C-31ED06321294}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CEB565F7-7750-4A66-8714-7D5ACFD4CE49}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D21DE822-AAAE-45EE-B6BC-AA2027D4ACA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2FCAD9D-23BD-44CF-A02B-FDAC911457FF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5A7DEB9-2B0E-41CE-B198-5EC29EC83035}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7B47B63-6EE5-4AD0-8B66-036FB615B724}" = lport=138 | protocol=17 | dir=in | app=system |
"{F602AA5A-9828-4584-BB02-8948F29BFA0E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F753DDFC-EAAB-4272-8BF6-1DC4937CD540}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F9A1924E-2E2C-4B12-9C38-FE312487534B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAE8E498-C4F3-4DBC-9064-944A21A93197}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E475C57-8585-472D-BADF-FE72DC43C448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FEB2207-1BE1-49E8-843F-1C0D6CEBBFFF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{342C8B45-BD45-40A0-B166-BD3E067062AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49FEA0A5-7FAB-4C8C-98B0-CE40E3FDEFC3}" = protocol=6 | dir=out | app=system |
"{55A014B2-68E5-4B69-91AA-135CEB947963}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{55AA8E81-F9D7-4431-BB12-118C9E16BF45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A01866C-A772-478D-AAC7-C754D9D1C513}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{64477760-F130-470A-8F09-35DCDAEFB2ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{65051865-47BB-4C5E-8F2E-3485B16BAEFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F89B273-26E0-43FF-B924-D4F5761F8393}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89698982-724C-45EA-8186-3693E616C9CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B3C7334-C42A-4029-A1EA-73308CF3C6D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{939CC37C-7F7E-4824-995B-DF81210A0FC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D1B0EBC-C2CB-46E6-8576-AE5AAD58E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6F84EA7-FF24-4DC3-9087-6623280BFFC7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B082068D-34B8-4FD3-9FCD-BD517288EF4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B9F4398E-5838-4F8F-80F0-BBFE0FE9F248}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C24DD7FB-FA09-4AE0-AE1D-FF66007954F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3ACD4FA-2D1D-428C-9798-4DB4F3C97787}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C43D9277-9DBE-4639-ABF5-2206458E6D6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C45DE543-9306-4E69-8F1C-0755B96BFCA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8919642-0D80-4741-9440-E2D305A93A85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CD470C28-CA75-4C58-8E07-405C8EB9064F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D3CDA400-6707-4CA6-B383-6E9F834DBB41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA02A00A-846B-4AE9-908F-B16841D798B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC414A8B-63B8-4A39-A388-00EDB2E7682F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E73A3FAA-D35F-4948-94CE-8E7DA24C3D56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC14CFF0-4FC2-45FC-B0DE-6D2698E2600E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD0CD60E-7F14-4E38-88B2-47D316D2E37A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{03EBD576-41F9-43D6-AE24-70B656C175CE}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{162B4EC8-0394-4D12-9D1C-0E2FB1933EE6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{18CEC996-03D4-4383-BD88-6BC3EE19F6D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{275E3436-6C4B-423A-B829-40765C995B18}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{809DE0E3-9150-4FBA-A30A-A6EE75641A59}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{99702156-AF2F-4092-835F-8799A2D8862B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{B31CE671-A378-46BA-94F5-FA9F35564CC3}C:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=c:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe |
"TCP Query User{E90CA908-A45B-41FF-AA5B-754ACB383AC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{173A96C5-CF84-44D2-8A33-A3C71FAB64CC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4836255E-4AB0-4596-95DE-8EFC1342CC33}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6EC2220A-4248-4A1A-A9AA-CCD5172BFA76}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{BFC476AD-4873-40F2-B749-043C8989C2F0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{D7162B56-CCBC-4E63-97ED-E1D09AB18E87}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{D7ED3ADA-C3F9-4EE7-AA75-144629B7CDED}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{E442430F-848B-4292-AB0F-6D137D272B00}C:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=c:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe |
"UDP Query User{F95F63C0-C463-4E79-A143-467FF4A01E72}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{14757070-5AE3-434C-9880-8F571E5C0FCB}" = Anti-reCAPTCHA v3.02 JD
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53FB84B2-23CC-47BE-903F-EC1841459509}" = Program-Link FA-CP1 (Single License)
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{71F205E9-C01C-47C5-B029-8AAC14AF03F1}" = ClassPad Manager v3  (30 Day Trial)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC984DA1-8718-4557-BAB6-947718C454DF}" = PDF-XChange Viewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.94.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.14
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Mail Converter_is1" = TotalMailConverter
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/19/2012 7:40:51 AM | Computer Name = Marcus-EeePC | Source = Application Hang | ID = 1002
Description = Programm SuperOneClick.exe, Version 2.3.3.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: 1360    Startzeit: 01cd1e211c183208    Endzeit: 17    Anwendungspfad:
C:\Users\Marcus\Desktop\P970 Mod\SuperOneClickv2.3.3-ShortFuse\SuperOneClick.exe

Berichts-ID:
 800317cc-8a14-11e1-bc8b-20cf3052a631 
 
Error - 4/19/2012 7:42:27 AM | Computer Name = Marcus-EeePC | Source = Application Hang | ID = 1002
Description = Programm SuperOneClick.exe, Version 2.3.3.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: 128c    Startzeit: 01cd1e21473cfc71    Endzeit: 25    Anwendungspfad:
C:\Users\Marcus\Desktop\P970 Mod\SuperOneClickv2.3.3-ShortFuse\SuperOneClick.exe

Berichts-ID:
 b2024975-8a14-11e1-bc8b-20cf3052a631 
 
Error - 4/20/2012 6:03:57 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6e8042ff
ID
 des fehlerhaften Prozesses: 0xbc0  Startzeit der fehlerhaften Anwendung: 0x01cd1edcbb2bcfa7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: 246acacb-8ad0-11e1-bcd4-20cf3052a631
 
Error - 4/21/2012 4:25:14 PM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6e9f42ff
ID
 des fehlerhaften Prozesses: 0xbb0  Startzeit der fehlerhaften Anwendung: 0x01cd1ffca777c598
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: 19777476-8bf0-11e1-bc36-20cf3052a631
 
Error - 4/24/2012 7:30:20 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x720042ff
ID
 des fehlerhaften Prozesses: 0x910  Startzeit der fehlerhaften Anwendung: 0x01cd220d67e40653
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: df3c408b-8e00-11e1-bc70-20cf3052a631
 
Error - 5/3/2012 4:42:22 AM | Computer Name = Marcus-EeePC | Source = RpcNs | ID = 2
Description =
 
Error - 5/3/2012 4:42:22 AM | Computer Name = Marcus-EeePC | Source = RpcNs | ID = 2
Description =
 
Error - 5/3/2012 4:53:15 AM | Computer Name = Marcus-EeePC | Source = VSS | ID = 8194
Description =
 
Error - 5/3/2012 5:08:27 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
 16.0.0.400, Zeitstempel: 0x4ab84bb7  Name des fehlerhaften Moduls: ISSetup.dll, Version:
 16.0.0.400, Zeitstempel: 0x4ab84b70  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a7a6f
ID
 des fehlerhaften Prozesses: 0x1510  Startzeit der fehlerhaften Anwendung: 0x01cd290c4176ea8d
Pfad
 der fehlerhaften Anwendung: C:\Users\Marcus\AppData\Local\Temp\WZSE0.TMP\setup.exe
Pfad
 des fehlerhaften Moduls: C:\Users\Marcus\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll
Berichtskennung:
 8af027a9-94ff-11e1-9883-20cf3052a631
 
Error - 5/6/2012 4:59:51 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x703442ff
ID
 des fehlerhaften Prozesses: 0xbec  Startzeit der fehlerhaften Anwendung: 0x01cd2b6663e983c8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: d68f7761-9759-11e1-bc2b-20cf3052a631
 
[ System Events ]
Error - 3/11/2012 11:17:36 AM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" ist
vom Dienst "Windows Mobile-basierte Geräteverbindungen" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:  %%1053
 
Error - 3/11/2012 12:50:06 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Mobile-basierte Geräteverbindungen erreicht.
 
Error - 3/11/2012 12:50:08 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10005
Description =
 
Error - 3/11/2012 12:50:08 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Mobile-basierte Geräteverbindungen" wurde aufgrund
 folgenden Fehlers nicht gestartet:  %%1053
 
Error - 3/11/2012 4:11:44 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010
Description =
 
Error - 3/11/2012 6:24:18 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010
Description =
 
Error - 3/11/2012 6:38:30 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 3/11/2012 6:38:34 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010
Description =
 
Error - 3/14/2012 11:47:27 AM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 3/20/2012 4:34:11 AM | Computer Name = Marcus-EeePC | Source = WMPNetworkSvc | ID = 866300
Description =
 
 
< End of report >
--- --- ---
[/code]

cosinus 14.05.2012 11:03
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

donniedarko 14.05.2012 18:17
So also nun die Logs.

Malwarebytes Kompletttest:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: MARCUS-EEEPC [Administrator]

Schutz: Aktiviert

14.05.2012 12:07:39
mbam-log-2012-05-14 (13-50-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351092
Laufzeit: 1 Stunde(n), 15 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\4Sync_1.0.2.exe (PUP.BundleInstaller.4S) -> Keine Aktion durchgeführt.
D:\Firefox\SoftonicDownloader_fuer_opera-mini.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)


Quarantäne wurde gelöscht!


Eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d7d4d7fa07d1ad468a3591802b8520e9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 04:50:06
# local_time=2012-05-14 06:50:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 685 685 0 0
# compatibility_mode=5893 16776573 100 94 1608 88629201 0 0
# compatibility_mode=8192 67108863 100 0 561 561 0 0
# scanned=164114
# found=11
# cleaned=0
# scan_time=16198
C:\$Recycle.Bin\S-1-5-21-1144298715-4213825143-681980742-1000\$R3LXFZF\psneuter        Android/Exploit.Lotoor.AK trojan (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Marcus\Desktop\Documents\P970 Mod\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter        Android/Exploit.Lotoor.AK trojan (unable to clean)        00000000000000000000000000000000        I
D:\Externe\Fotos\SAVE\Firefox\coretemp_1236.exe        a variant of Win32/InstallIQ application (unable to clean)        00000000000000000000000000000000        I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader18679.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_mario-kart-360.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_pontifex.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_snow-transformation-pack(2).exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_snow-transformation-pack.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\Firefox\Setup_FreeFlvConverter.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
D:\Firefox\YouTubeDownloaderSetup33.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

cosinus 14.05.2012 18:35
Zitat:
C:\$Recycle.Bin\S-1-5-21-1144298715-4213825143-681980742-1000\$R3LXFZF\psneuter Android/Exploit.Lotoor.AK
Wieso spielst du mit riskantem Zeug rum?

Zitat:
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

donniedarko 14.05.2012 18:38
Also das erste scheint vom Flashen meines smartphones zu sein.
Das zweite ist ein Ordner mit Datein vom Laptop meiner Freundin, die Datein haben wir rüber kopiert bevor wir ihr System neu aufgesetzt haben.

Ist mein System nun sauber?

cosinus 14.05.2012 19:04
Wir haben gerade die ersten Logs erstellt, so schnell geht das nicht eine Aussage zu treffen!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

donniedarko 14.05.2012 19:07
Ich hab weder Systemeinschränkungen noch fehlt etwas im Startmenü.
Schon mal vielen Dank.

cosinus 14.05.2012 19:07
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

donniedarko 14.05.2012 20:18
so hier nun die log von otl

OTL Logfile:
Code:
OTL logfile created on: 5/14/2012 8:36:56 PM - Run 2
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\Marcus\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 294.05 Mb Available Physical Memory | 28.99% Memory free
1.99 Gb Paging File | 0.91 Gb Available in Paging File | 45.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.20 Gb Free Space | 19.00% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 13.50 Gb Free Space | 24.99% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2012/05/03 10:36:58 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGJE.EXE
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/04/23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2006/11/30 16:03:48 | 000,434,688 | ---- | M] () -- C:\Program Files\TotalMailConverter\axTotalConverter.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 11:40:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj9uwzjx)
DRV - [2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/10 18:02:47 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/10 09:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com/ [binary data]
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes,DefaultScope = {CFB29CFD-38CD-45DA-8D09-B824417EEEB1}
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes\{CFB29CFD-38CD-45DA-8D09-B824417EEEB1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efdfc26e-9f38-4e3f-82b4-2e96e8d1c438&apn_ptnrs=%5EABT&apn_sauid=4914482C-0EF4-4785-B7C7-AE168E5500AC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 16:42:08 | 000,000,000 | ---D | M]
 
[2011/01/03 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/05/02 20:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions
[2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 18:34:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/15 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/30 18:34:26 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011/08/23 21:08:26 | 000,025,939 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2012/05/06 11:40:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/03 23:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/12/21 11:14:26 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/06 21:43:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 21:43:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/06 21:43:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/10/06 21:43:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 21:43:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 21:43:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000..\Run: [EPSON BX305 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A020C8-05B7-4AAD-B2AC-EB300F9D73D4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60F15E-2C5D-436D-80C2-6B3D7392C60A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: B2C_AGENT - hkey= - key= - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
MsConfig - StartUpReg: LG LinkAir - hkey= - key= -  File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 14:17:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Avira
[2012/05/14 14:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/14 14:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/14 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/05/14 14:09:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Marcus\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 14:09:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/05/14 14:09:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/14 14:09:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/14 14:09:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/05/14 14:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/14 14:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/14 01:01:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:56:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2012/05/14 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 00:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 00:56:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/14 00:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 00:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/14 00:34:39 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/05/14 00:11:19 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/05/14 00:08:16 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/05/08 16:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO
[2012/05/08 16:32:14 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2012/05/06 11:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012/05/03 11:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/05/03 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/05/03 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/05/03 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012/05/03 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/04/21 13:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/19 13:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 20:30:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 20:29:01 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:15:44 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 14:15:44 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 14:11:17 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/14 14:09:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Marcus\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 14:07:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/14 14:07:11 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:04:17 | 000,002,413 | ---- | M] () -- C:\windows\System32\lgAxconfig.ini
[2012/05/11 12:18:24 | 000,440,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/11 11:30:03 | 000,657,676 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/11 11:30:03 | 000,618,912 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/11 11:30:03 | 000,131,016 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/11 11:30:03 | 000,107,232 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/10 14:58:41 | 000,000,008 | ---- | M] () -- C:\windows\System32\ctsn32.dll
[2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\windows\System32\drivers\CESG502.SYS
[2012/05/08 16:34:43 | 000,000,008 | ---- | M] () -- C:\windows\System32\tcdl2.dll
[2012/05/03 11:09:05 | 000,000,308 | ---- | M] () -- C:\windows\setup.iss
[2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/04/19 13:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/14 14:11:17 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\tcdl2.dll
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\ctsn32.dll
[2012/05/03 11:08:34 | 000,000,308 | ---- | C] () -- C:\windows\setup.iss
[2012/04/19 13:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/01/30 21:54:11 | 000,038,428 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/01/30 21:54:06 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/11 20:01:15 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2011/08/11 20:01:15 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2011/07/05 16:46:03 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/05/25 22:22:57 | 000,038,422 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011/02/18 12:42:06 | 000,007,607 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2011/01/11 13:32:05 | 000,008,192 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 22:30:01 | 000,111,104 | ---- | C] () -- C:\windows\System32\Uharc.exe
[2011/01/03 22:30:01 | 000,008,636 | ---- | C] () -- C:\windows\System32\modifype.exe
[2010/12/29 08:43:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/12/28 19:50:41 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010/12/28 19:34:48 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/12/28 19:34:48 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010/06/24 18:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 18:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 18:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 18:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 18:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
 
========== LOP Check ==========
 
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon
[2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc
[2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink
[2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts
[2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy
[2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software
[2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter
[2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC
[2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda
[2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org
[2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity
[2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar
[2012/04/26 12:51:08 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/06/24 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Adobe
[2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon
[2012/05/14 14:17:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Avira
[2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc
[2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink
[2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts
[2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy
[2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software
[2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter
[2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Identities
[2010/06/24 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\InstallShield
[2010/06/24 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Macromedia
[2012/05/14 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2011/10/23 22:56:22 | 000,000,000 | --SD | M] -- C:\Users\Marcus\AppData\Roaming\Microsoft
[2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda
[2011/01/03 22:04:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Mozilla
[2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org
[2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity
[2011/07/21 19:24:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\vlc
[2012/02/29 12:13:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Winamp
[2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar
[2011/01/03 22:25:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/05/08 16:47:13 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\ARPPRODUCTICON.exe
[2012/05/08 16:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut1_71F205E9C01C47C5B0298AAC14AF03F1.exe
[2012/05/08 16:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut2_71F205E9C01C47C5B0298AAC14AF03F1.exe
[2010/12/30 21:01:44 | 000,119,808 | R--- | M] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | -H-- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/01/10 18:02:47 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

cosinus 15.05.2012 08:50
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efdfc26e-9f38-4e3f-82b4-2e96e8d1c438&apn_ptnrs=%5EABT&apn_sauid=4914482C-0EF4-4785-B7C7-AE168E5500AC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
[2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a
:Files
C:\Program Files\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

donniedarko 15.05.2012 13:23
Hier das LOG von Fix.

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: ffxtlbr@Facemoods.com:1.2.1 removed from extensions.enabledItems
Prefs.js: dealio@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efdfc26e-9f38-4e3f-82b4-2e96e8d1c438&apn_ptnrs=%5EABT&apn_sauid=4914482C-0EF4-4785-B7C7-AE168E5500AC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1144298715-4213825143-681980742-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ not found.
File F:\setup.exe -a not found.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
->Flash cache emptied: 56823 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marcus
->Temp folder emptied: 631788799 bytes
->Temporary Internet Files folder emptied: 21096874 bytes
->Java cache emptied: 908743 bytes
->FireFox cache emptied: 264389899 bytes
->Flash cache emptied: 87208 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 292044110 bytes
RecycleBin emptied: 4998580583 bytes
 
Total Files Cleaned = 5,922.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Marcus
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05152012_140359

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\windows\temp\HS.log moved successfully.

Registry entries deleted on Reboot...

cosinus 15.05.2012 14:01
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

donniedarko 15.05.2012 15:10
Das Log von TDSKiller

Code:
15:54:34.0119 1020        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
15:54:34.0696 1020        ============================================================
15:54:34.0696 1020        Current date / time: 2012/05/15 15:54:34.0696
15:54:34.0696 1020        SystemInfo:
15:54:34.0696 1020       
15:54:34.0696 1020        OS Version: 6.1.7600 ServicePack: 0.0
15:54:34.0696 1020        Product type: Workstation
15:54:34.0696 1020        ComputerName: MARCUS-EEEPC
15:54:34.0696 1020        UserName: Marcus
15:54:34.0696 1020        Windows directory: C:\windows
15:54:34.0696 1020        System windows directory: C:\windows
15:54:34.0696 1020        Processor architecture: Intel x86
15:54:34.0696 1020        Number of processors: 2
15:54:34.0696 1020        Page size: 0x1000
15:54:34.0696 1020        Boot type: Normal boot
15:54:34.0696 1020        ============================================================
15:54:36.0084 1020        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:54:36.0100 1020        ============================================================
15:54:36.0100 1020        \Device\Harddisk0\DR0:
15:54:36.0100 1020        MBR partitions:
15:54:36.0100 1020        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000800
15:54:36.0100 1020        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBE01000, BlocksNum 0x6C0E800
15:54:36.0100 1020        ============================================================
15:54:36.0147 1020        C: <-> \Device\Harddisk0\DR0\Partition0
15:54:36.0209 1020        D: <-> \Device\Harddisk0\DR0\Partition1
15:54:36.0271 1020        ============================================================
15:54:36.0271 1020        Initialize success
15:54:36.0271 1020        ============================================================
15:54:44.0071 6080        ============================================================
15:54:44.0071 6080        Scan started
15:54:44.0071 6080        Mode: Manual; SigCheck; TDLFS;
15:54:44.0071 6080        ============================================================
15:54:45.0959 6080        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
15:54:46.0240 6080        1394ohci - ok
15:54:46.0302 6080        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
15:54:46.0333 6080        ACPI - ok
15:54:46.0411 6080        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
15:54:46.0552 6080        AcpiPmi - ok
15:54:46.0614 6080        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:54:46.0677 6080        adp94xx - ok
15:54:46.0723 6080        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:54:46.0786 6080        adpahci - ok
15:54:46.0817 6080        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:54:46.0864 6080        adpu320 - ok
15:54:46.0895 6080        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:54:47.0035 6080        AeLookupSvc - ok
15:54:47.0129 6080        AFD            (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
15:54:47.0254 6080        AFD - ok
15:54:47.0285 6080        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
15:54:47.0332 6080        agp440 - ok
15:54:47.0363 6080        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:54:47.0394 6080        aic78xx - ok
15:54:47.0441 6080        ALG            (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:54:47.0519 6080        ALG - ok
15:54:47.0550 6080        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
15:54:47.0581 6080        aliide - ok
15:54:47.0613 6080        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
15:54:47.0644 6080        amdagp - ok
15:54:47.0659 6080        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
15:54:47.0691 6080        amdide - ok
15:54:47.0737 6080        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:54:47.0800 6080        AmdK8 - ok
15:54:47.0847 6080        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:54:47.0893 6080        AmdPPM - ok
15:54:47.0940 6080        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
15:54:47.0987 6080        amdsata - ok
15:54:48.0018 6080        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:54:48.0065 6080        amdsbs - ok
15:54:48.0081 6080        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
15:54:48.0127 6080        amdxata - ok
15:54:48.0159 6080        Andbus          (3e59df4984fbd6800d6621480b38a34e) C:\windows\system32\DRIVERS\lgandbus.sys
15:54:48.0283 6080        Andbus - ok
15:54:48.0315 6080        AndDiag        (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\windows\system32\DRIVERS\lganddiag.sys
15:54:48.0377 6080        AndDiag - ok
15:54:48.0424 6080        AndGps          (1d2c90e25483363d54b652898bbc8f2a) C:\windows\system32\DRIVERS\lgandgps.sys
15:54:48.0471 6080        AndGps - ok
15:54:48.0502 6080        ANDModem        (b1b06a95da2cac7fa19832c60c348c85) C:\windows\system32\DRIVERS\lgandmodem.sys
15:54:48.0580 6080        ANDModem - ok
15:54:48.0642 6080        androidusb      (54a40a58ff71936026f2e49ecfd487b8) C:\windows\system32\Drivers\lgandadb.sys
15:54:48.0736 6080        androidusb - ok
15:54:48.0923 6080        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:48.0954 6080        AntiVirSchedulerService - ok
15:54:49.0032 6080        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:49.0063 6080        AntiVirService - ok
15:54:49.0126 6080        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:54:49.0173 6080        AntiVirWebService - ok
15:54:49.0251 6080        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
15:54:49.0407 6080        AppID - ok
15:54:49.0438 6080        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:54:49.0672 6080        AppIDSvc - ok
15:54:49.0703 6080        Appinfo        (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
15:54:49.0797 6080        Appinfo - ok
15:54:49.0859 6080        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
15:54:49.0921 6080        AppMgmt - ok
15:54:49.0968 6080        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:54:49.0999 6080        arc - ok
15:54:50.0031 6080        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:54:50.0062 6080        arcsas - ok
15:54:50.0124 6080        AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
15:54:50.0202 6080        AsUpIO - ok
15:54:50.0233 6080        AsusService    (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
15:54:50.0265 6080        AsusService ( UnsignedFile.Multi.Generic ) - warning
15:54:50.0265 6080        AsusService - detected UnsignedFile.Multi.Generic (1)
15:54:50.0327 6080        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:54:50.0483 6080        AsyncMac - ok
15:54:50.0530 6080        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
15:54:50.0561 6080        atapi - ok
15:54:50.0670 6080        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
15:54:50.0826 6080        athr - ok
15:54:50.0982 6080        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
15:54:51.0091 6080        AudioEndpointBuilder - ok
15:54:51.0123 6080        Audiosrv        (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
15:54:51.0201 6080        Audiosrv - ok
15:54:51.0294 6080        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
15:54:51.0341 6080        avgntflt - ok
15:54:51.0388 6080        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
15:54:51.0435 6080        avipbb - ok
15:54:51.0466 6080        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
15:54:51.0497 6080        avkmgr - ok
15:54:51.0544 6080        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
15:54:51.0669 6080        AxInstSV - ok
15:54:51.0715 6080        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:54:51.0840 6080        b06bdrv - ok
15:54:51.0887 6080        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:54:51.0949 6080        b57nd60x - ok
15:54:52.0043 6080        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:54:52.0137 6080        BDESVC - ok
15:54:52.0168 6080        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:54:52.0261 6080        Beep - ok
15:54:52.0324 6080        BFE            (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
15:54:52.0433 6080        BFE - ok
15:54:52.0511 6080        BITS            (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll
15:54:52.0636 6080        BITS - ok
15:54:52.0683 6080        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:54:52.0745 6080        blbdrive - ok
15:54:52.0776 6080        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
15:54:52.0823 6080        bowser - ok
15:54:52.0854 6080        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:54:52.0901 6080        BrFiltLo - ok
15:54:52.0932 6080        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:54:52.0995 6080        BrFiltUp - ok
15:54:53.0041 6080        Browser        (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
15:54:53.0119 6080        Browser - ok
15:54:53.0151 6080        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:54:53.0275 6080        Brserid - ok
15:54:53.0322 6080        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:54:53.0385 6080        BrSerWdm - ok
15:54:53.0431 6080        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:54:53.0494 6080        BrUsbMdm - ok
15:54:53.0541 6080        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:54:53.0587 6080        BrUsbSer - ok
15:54:53.0650 6080        BTCFilterService (4813df77ede536a52e3737971f910baa) C:\windows\system32\DRIVERS\motfilt.sys
15:54:53.0759 6080        BTCFilterService - ok
15:54:53.0806 6080        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:54:53.0915 6080        BthEnum - ok
15:54:53.0931 6080        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:54:53.0993 6080        BTHMODEM - ok
15:54:54.0040 6080        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:54:54.0102 6080        BthPan - ok
15:54:54.0180 6080        BTHPORT        (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
15:54:54.0258 6080        BTHPORT - ok
15:54:54.0305 6080        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:54:54.0399 6080        bthserv - ok
15:54:54.0445 6080        BTHUSB          (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
15:54:54.0492 6080        BTHUSB - ok
15:54:54.0523 6080        btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
15:54:54.0555 6080        btusbflt - ok
15:54:54.0586 6080        btwaudio - ok
15:54:54.0617 6080        btwavdt - ok
15:54:54.0633 6080        btwl2cap - ok
15:54:54.0648 6080        btwrchid - ok
15:54:54.0695 6080        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:54:54.0789 6080        cdfs - ok
15:54:54.0835 6080        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
15:54:54.0898 6080        cdrom - ok
15:54:54.0945 6080        CertPropSvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
15:54:55.0038 6080        CertPropSvc - ok
15:54:55.0069 6080        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:54:55.0132 6080        circlass - ok
15:54:55.0194 6080        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:54:55.0257 6080        CLFS - ok
15:54:55.0350 6080        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:55.0397 6080        clr_optimization_v2.0.50727_32 - ok
15:54:55.0475 6080        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:55.0522 6080        clr_optimization_v4.0.30319_32 - ok
15:54:55.0537 6080        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:54:55.0600 6080        CmBatt - ok
15:54:55.0615 6080        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
15:54:55.0662 6080        cmdide - ok
15:54:55.0725 6080        CNG            (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
15:54:55.0849 6080        CNG - ok
15:54:55.0881 6080        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:54:55.0912 6080        Compbatt - ok
15:54:55.0943 6080        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
15:54:55.0974 6080        CompositeBus - ok
15:54:56.0005 6080        COMSysApp - ok
15:54:56.0037 6080        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:54:56.0068 6080        crcdisk - ok
15:54:56.0130 6080        CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
15:54:56.0239 6080        CryptSvc - ok
15:54:56.0302 6080        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
15:54:56.0380 6080        CSC - ok
15:54:56.0442 6080        CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\windows\System32\cscsvc.dll
15:54:56.0536 6080        CscService - ok
15:54:56.0598 6080        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
15:54:56.0723 6080        DcomLaunch - ok
15:54:56.0785 6080        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:54:56.0895 6080        defragsvc - ok
15:54:56.0973 6080        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
15:54:57.0066 6080        DfsC - ok
15:54:57.0129 6080        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
15:54:57.0238 6080        Dhcp - ok
15:54:57.0269 6080        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:54:57.0363 6080        discache - ok
15:54:57.0409 6080        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:54:57.0441 6080        Disk - ok
15:54:57.0487 6080        Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
15:54:57.0565 6080        Dnscache - ok
15:54:57.0628 6080        dot3svc        (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
15:54:57.0753 6080        dot3svc - ok
15:54:57.0784 6080        DPS            (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
15:54:57.0877 6080        DPS - ok
15:54:57.0924 6080        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:54:57.0971 6080        drmkaud - ok
15:54:58.0049 6080        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
15:54:58.0143 6080        DXGKrnl - ok
15:54:58.0189 6080        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:54:58.0283 6080        EapHost - ok
15:54:58.0486 6080        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:54:58.0673 6080        ebdrv - ok
15:54:58.0782 6080        EFS            (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
15:54:58.0891 6080        EFS - ok
15:54:59.0001 6080        ehRecvr        (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
15:54:59.0110 6080        ehRecvr - ok
15:54:59.0157 6080        ehSched        (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:54:59.0250 6080        ehSched - ok
15:54:59.0344 6080        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:54:59.0422 6080        elxstor - ok
15:54:59.0515 6080        EPSON_EB_RPCV4_04 (b92f2b3247f0a99490c1298a1d3d7b4c) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
15:54:59.0562 6080        EPSON_EB_RPCV4_04 - ok
15:54:59.0609 6080        EPSON_PM_RPCV4_04 (651336b99c75fb54e4b5971cf458f9bd) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
15:54:59.0640 6080        EPSON_PM_RPCV4_04 - ok
15:54:59.0656 6080        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
15:54:59.0718 6080        ErrDev - ok
15:54:59.0812 6080        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:54:59.0921 6080        EventSystem - ok
15:54:59.0968 6080        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:55:00.0046 6080        exfat - ok
15:55:00.0093 6080        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:55:00.0186 6080        fastfat - ok
15:55:00.0264 6080        Fax            (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
15:55:00.0389 6080        Fax - ok
15:55:00.0420 6080        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:55:00.0483 6080        fdc - ok
15:55:00.0514 6080        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:55:00.0607 6080        fdPHost - ok
15:55:00.0639 6080        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:55:00.0732 6080        FDResPub - ok
15:55:00.0748 6080        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:55:00.0795 6080        FileInfo - ok
15:55:00.0826 6080        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:55:00.0904 6080        Filetrace - ok
15:55:00.0935 6080        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:55:00.0982 6080        flpydisk - ok
15:55:01.0029 6080        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:55:01.0076 6080        FltMgr - ok
15:55:01.0154 6080        FontCache      (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
15:55:01.0278 6080        FontCache - ok
15:55:01.0372 6080        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:55:01.0403 6080        FontCache3.0.0.0 - ok
15:55:01.0419 6080        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:55:01.0450 6080        FsDepends - ok
15:55:01.0512 6080        fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
15:55:01.0528 6080        fssfltr - ok
15:55:01.0668 6080        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:55:01.0746 6080        fsssvc - ok
15:55:01.0793 6080        Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
15:55:01.0824 6080        Fs_Rec - ok
15:55:01.0871 6080        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
15:55:01.0918 6080        fvevol - ok
15:55:01.0965 6080        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:55:01.0996 6080        gagp30kx - ok
15:55:02.0058 6080        gpsvc          (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
15:55:02.0152 6080        gpsvc - ok
15:55:02.0261 6080        gupdate        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:02.0292 6080        gupdate - ok
15:55:02.0292 6080        gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:02.0324 6080        gupdatem - ok
15:55:02.0370 6080        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:55:02.0433 6080        hcw85cir - ok
15:55:02.0480 6080        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
15:55:02.0558 6080        HdAudAddService - ok
15:55:02.0589 6080        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
15:55:02.0667 6080        HDAudBus - ok
15:55:02.0698 6080        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:55:02.0745 6080        HidBatt - ok
15:55:02.0760 6080        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:55:02.0807 6080        HidBth - ok
15:55:02.0823 6080        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:55:02.0885 6080        HidIr - ok
15:55:02.0932 6080        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:55:03.0057 6080        hidserv - ok
15:55:03.0088 6080        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
15:55:03.0150 6080        HidUsb - ok
15:55:03.0197 6080        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
15:55:03.0275 6080        hkmsvc - ok
15:55:03.0322 6080        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
15:55:03.0384 6080        HomeGroupListener - ok
15:55:03.0431 6080        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
15:55:03.0509 6080        HomeGroupProvider - ok
15:55:03.0556 6080        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
15:55:03.0587 6080        HpSAMD - ok
15:55:03.0650 6080        htcnprot        (339adefad60353f960e3ca67ce468c24) C:\windows\system32\DRIVERS\htcnprot.sys
15:55:03.0728 6080        htcnprot - ok
15:55:03.0774 6080        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
15:55:03.0899 6080        HTTP - ok
15:55:03.0930 6080        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
15:55:03.0962 6080        hwpolicy - ok
15:55:03.0993 6080        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
15:55:04.0040 6080        i8042prt - ok
15:55:04.0149 6080        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:55:04.0196 6080        IAANTMON - ok
15:55:04.0258 6080        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
15:55:04.0289 6080        iaStor - ok
15:55:04.0336 6080        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
15:55:04.0398 6080        iaStorV - ok
15:55:04.0523 6080        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:55:04.0554 6080        IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:55:04.0554 6080        IDriverT - detected UnsignedFile.Multi.Generic (1)
15:55:04.0679 6080        idsvc          (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:55:04.0773 6080        idsvc - ok
15:55:05.0163 6080        igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
15:55:05.0428 6080        igfx - ok
15:55:05.0584 6080        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:55:05.0615 6080        iirsp - ok
15:55:05.0756 6080        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
15:55:05.0880 6080        IKEEXT - ok
15:55:06.0099 6080        IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys
15:55:06.0317 6080        IntcAzAudAddService - ok
15:55:06.0442 6080        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
15:55:06.0473 6080        intelide - ok
15:55:06.0504 6080        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:55:06.0567 6080        intelppm - ok
15:55:06.0598 6080        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:55:06.0692 6080        IPBusEnum - ok
15:55:06.0723 6080        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:55:06.0816 6080        IpFilterDriver - ok
15:55:06.0879 6080        iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
15:55:07.0004 6080        iphlpsvc - ok
15:55:07.0019 6080        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:55:07.0082 6080        IPMIDRV - ok
15:55:07.0113 6080        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:55:07.0206 6080        IPNAT - ok
15:55:07.0253 6080        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:55:07.0300 6080        IRENUM - ok
15:55:07.0347 6080        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
15:55:07.0378 6080        isapnp - ok
15:55:07.0409 6080        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
15:55:07.0472 6080        iScsiPrt - ok
15:55:07.0518 6080        ivusb          (37412294ea4b70ed8b4a9338ebaeecaa) C:\windows\system32\DRIVERS\ivusb.sys
15:55:07.0550 6080        ivusb - ok
15:55:07.0581 6080        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
15:55:07.0612 6080        kbdclass - ok
15:55:07.0643 6080        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
15:55:07.0706 6080        kbdhid - ok
15:55:07.0737 6080        kbfiltr        (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
15:55:07.0768 6080        kbfiltr - ok
15:55:07.0799 6080        KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:07.0846 6080        KeyIso - ok
15:55:07.0877 6080        KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
15:55:07.0908 6080        KSecDD - ok
15:55:07.0940 6080        KSecPkg        (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
15:55:07.0986 6080        KSecPkg - ok
15:55:08.0018 6080        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:55:08.0127 6080        KtmRm - ok
15:55:08.0174 6080        L1C            (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\windows\system32\DRIVERS\L1C62x86.sys
15:55:08.0236 6080        L1C - ok
15:55:08.0283 6080        LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
15:55:08.0408 6080        LanmanServer - ok
15:55:08.0439 6080        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
15:55:08.0548 6080        LanmanWorkstation - ok
15:55:08.0579 6080        LgBttPort - ok
15:55:08.0595 6080        lgbusenum - ok
15:55:08.0610 6080        LGVMODEM - ok
15:55:08.0657 6080        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:55:08.0735 6080        lltdio - ok
15:55:08.0782 6080        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:55:08.0876 6080        lltdsvc - ok
15:55:08.0907 6080        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:55:09.0000 6080        lmhosts - ok
15:55:09.0063 6080        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:55:09.0094 6080        LSI_FC - ok
15:55:09.0125 6080        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:55:09.0156 6080        LSI_SAS - ok
15:55:09.0188 6080        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:55:09.0250 6080        LSI_SAS2 - ok
15:55:09.0266 6080        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:55:09.0312 6080        LSI_SCSI - ok
15:55:09.0344 6080        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:55:09.0437 6080        luafv - ok
15:55:09.0500 6080        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
15:55:09.0531 6080        MBAMProtector - ok
15:55:09.0671 6080        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:55:09.0749 6080        MBAMService - ok
15:55:09.0796 6080        Mcx2Svc        (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
15:55:09.0858 6080        Mcx2Svc - ok
15:55:09.0890 6080        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:55:09.0921 6080        megasas - ok
15:55:09.0968 6080        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:55:10.0014 6080        MegaSR - ok
15:55:10.0092 6080        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:55:10.0124 6080        Microsoft Office Groove Audit Service - ok
15:55:10.0155 6080        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:55:10.0248 6080        MMCSS - ok
15:55:10.0280 6080        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:55:10.0373 6080        Modem - ok
15:55:10.0420 6080        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:55:10.0467 6080        monitor - ok
15:55:10.0514 6080        motccgp        (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\windows\system32\DRIVERS\motccgp.sys
15:55:10.0607 6080        motccgp - ok
15:55:10.0638 6080        motccgpfl      (b812da6605caf02641312f1f65c75419) C:\windows\system32\DRIVERS\motccgpfl.sys
15:55:10.0685 6080        motccgpfl - ok
15:55:10.0748 6080        motmodem        (c3b0fd4f463e90b3917ff6ccea853bb6) C:\windows\system32\DRIVERS\motmodem.sys
15:55:10.0794 6080        motmodem - ok
15:55:10.0857 6080        MotoHelper      (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
15:55:10.0888 6080        MotoHelper - ok
15:55:10.0919 6080        MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\windows\system32\DRIVERS\motswch.sys
15:55:10.0997 6080        MotoSwitchService - ok
15:55:11.0028 6080        Motousbnet      (ddc489d40b49f443787e7ffa75373522) C:\windows\system32\DRIVERS\Motousbnet.sys
15:55:11.0106 6080        Motousbnet - ok
15:55:11.0138 6080        motusbdevice    (2136cca3d1bf7c0248e5366b1a6c24e3) C:\windows\system32\DRIVERS\motusbdevice.sys
15:55:11.0262 6080        motusbdevice - ok
15:55:11.0294 6080        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:55:11.0325 6080        mouclass - ok
15:55:11.0372 6080        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:55:11.0418 6080        mouhid - ok
15:55:11.0465 6080        mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
15:55:11.0512 6080        mountmgr - ok
15:55:11.0590 6080        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:55:11.0637 6080        MozillaMaintenance - ok
15:55:11.0668 6080        mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
15:55:11.0715 6080        mpio - ok
15:55:11.0730 6080        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:55:11.0808 6080        mpsdrv - ok
15:55:11.0886 6080        MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
15:55:12.0011 6080        MpsSvc - ok
15:55:12.0042 6080        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
15:55:12.0105 6080        MRxDAV - ok
15:55:12.0136 6080        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
15:55:12.0214 6080        mrxsmb - ok
15:55:12.0245 6080        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:55:12.0308 6080        mrxsmb10 - ok
15:55:12.0339 6080        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:55:12.0386 6080        mrxsmb20 - ok
15:55:12.0432 6080        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
15:55:12.0464 6080        msahci - ok
15:55:12.0495 6080        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
15:55:12.0526 6080        msdsm - ok
15:55:12.0573 6080        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:55:12.0620 6080        MSDTC - ok
15:55:12.0666 6080        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:55:12.0760 6080        Msfs - ok
15:55:12.0776 6080        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:55:12.0869 6080        mshidkmdf - ok
15:55:12.0900 6080        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
15:55:12.0932 6080        msisadrv - ok
15:55:12.0978 6080        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:55:13.0072 6080        MSiSCSI - ok
15:55:13.0088 6080        msiserver - ok
15:55:13.0150 6080        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:55:13.0244 6080        MSKSSRV - ok
15:55:13.0275 6080        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:55:13.0337 6080        MSPCLOCK - ok
15:55:13.0368 6080        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:55:13.0462 6080        MSPQM - ok
15:55:13.0493 6080        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:55:13.0540 6080        MsRPC - ok
15:55:13.0587 6080        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
15:55:13.0618 6080        mssmbios - ok
15:55:13.0634 6080        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:55:13.0712 6080        MSTEE - ok
15:55:13.0727 6080        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:55:13.0790 6080        MTConfig - ok
15:55:13.0821 6080        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:55:13.0852 6080        Mup - ok
15:55:13.0914 6080        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
15:55:14.0024 6080        napagent - ok
15:55:14.0086 6080        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:55:14.0180 6080        NativeWifiP - ok
15:55:14.0242 6080        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
15:55:14.0320 6080        NDIS - ok
15:55:14.0351 6080        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:55:14.0429 6080        NdisCap - ok
15:55:14.0460 6080        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:55:14.0538 6080        NdisTapi - ok
15:55:14.0570 6080        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
15:55:14.0663 6080        Ndisuio - ok
15:55:14.0710 6080        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
15:55:14.0788 6080        NdisWan - ok
15:55:14.0819 6080        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
15:55:14.0913 6080        NDProxy - ok
15:55:14.0991 6080        Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
15:55:15.0038 6080        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:55:15.0038 6080        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:55:15.0100 6080        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:55:15.0178 6080        NetBIOS - ok
15:55:15.0225 6080        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
15:55:15.0318 6080        NetBT - ok
15:55:15.0365 6080        Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:15.0412 6080        Netlogon - ok
15:55:15.0474 6080        Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:55:15.0584 6080        Netman - ok
15:55:15.0646 6080        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:55:15.0755 6080        netprofm - ok
15:55:15.0849 6080        NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:15.0880 6080        NetTcpPortSharing - ok
15:55:15.0942 6080        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:55:15.0974 6080        nfrd960 - ok
15:55:16.0036 6080        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
15:55:16.0161 6080        NlaSvc - ok
15:55:16.0208 6080        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:55:16.0270 6080        Npfs - ok
15:55:16.0301 6080        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:55:16.0379 6080        nsi - ok
15:55:16.0395 6080        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:55:16.0488 6080        nsiproxy - ok
15:55:16.0613 6080        Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
15:55:16.0722 6080        Ntfs - ok
15:55:16.0863 6080        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:55:16.0941 6080        Null - ok
15:55:17.0003 6080        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
15:55:17.0034 6080        nvraid - ok
15:55:17.0066 6080        nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
15:55:17.0097 6080        nvstor - ok
15:55:17.0128 6080        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
15:55:17.0159 6080        nv_agp - ok
15:55:17.0315 6080        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:55:17.0362 6080        odserv - ok
15:55:17.0409 6080        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
15:55:17.0440 6080        ohci1394 - ok
15:55:17.0487 6080        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:55:17.0518 6080        ose - ok
15:55:17.0596 6080        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:55:17.0705 6080        p2pimsvc - ok
15:55:17.0752 6080        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:55:17.0830 6080        p2psvc - ok
15:55:17.0877 6080        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:55:17.0924 6080        Parport - ok
15:55:17.0970 6080        partmgr        (66d3415c159741ade7038a277efff99f) C:\windows\system32\drivers\partmgr.sys
15:55:18.0002 6080        partmgr - ok
15:55:18.0033 6080        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:55:18.0095 6080        Parvdm - ok
15:55:18.0189 6080        PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
15:55:18.0220 6080        PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:55:18.0220 6080        PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:55:18.0267 6080        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:55:18.0345 6080        PcaSvc - ok
15:55:18.0376 6080        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
15:55:18.0407 6080        pci - ok
15:55:18.0438 6080        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
15:55:18.0470 6080        pciide - ok
15:55:18.0532 6080        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:55:18.0579 6080        pcmcia - ok
15:55:18.0626 6080        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:55:18.0672 6080        pcw - ok
15:55:18.0735 6080        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:55:18.0860 6080        PEAUTH - ok
15:55:19.0109 6080        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
15:55:19.0265 6080        PeerDistSvc - ok
15:55:19.0484 6080        pla            (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
15:55:19.0655 6080        pla - ok
15:55:19.0796 6080        PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
15:55:19.0889 6080        PlugPlay - ok
15:55:19.0936 6080        Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
15:55:19.0952 6080        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:55:19.0952 6080        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:55:19.0983 6080        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:55:20.0030 6080        PNRPAutoReg - ok
15:55:20.0076 6080        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:55:20.0139 6080        PNRPsvc - ok
15:55:20.0201 6080        Point32        (420336f91eb745811cf130c80ede0653) C:\windows\system32\DRIVERS\point32.sys
15:55:20.0232 6080        Point32 - ok
15:55:20.0279 6080        PolicyAgent    (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
15:55:20.0388 6080        PolicyAgent - ok
15:55:20.0451 6080        Power          (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
15:55:20.0529 6080        Power - ok
15:55:20.0576 6080        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:55:20.0669 6080        PptpMiniport - ok
15:55:20.0716 6080        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:55:20.0763 6080        Processor - ok
15:55:20.0825 6080        ProfSvc        (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
15:55:20.0919 6080        ProfSvc - ok
15:55:20.0966 6080        ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:21.0012 6080        ProtectedStorage - ok
15:55:21.0059 6080        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:55:21.0153 6080        Psched - ok
15:55:21.0215 6080        PVUSB          (5039a4f67f781e03b79a4fd0cae27fc8) C:\windows\system32\DRIVERS\CESG502.sys
15:55:21.0278 6080        PVUSB - ok
15:55:21.0371 6080        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:55:21.0480 6080        ql2300 - ok
15:55:21.0621 6080        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:55:21.0652 6080        ql40xx - ok
15:55:21.0714 6080        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:55:21.0808 6080        QWAVE - ok
15:55:21.0870 6080        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:55:21.0948 6080        QWAVEdrv - ok
15:55:22.0011 6080        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
15:55:22.0042 6080        RapiMgr - ok
15:55:22.0073 6080        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:55:22.0167 6080        RasAcd - ok
15:55:22.0198 6080        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:55:22.0276 6080        RasAgileVpn - ok
15:55:22.0307 6080        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:55:22.0385 6080        RasAuto - ok
15:55:22.0416 6080        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:55:22.0510 6080        Rasl2tp - ok
15:55:22.0588 6080        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
15:55:22.0728 6080        RasMan - ok
15:55:22.0775 6080        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:55:22.0869 6080        RasPppoe - ok
15:55:22.0900 6080        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:55:22.0994 6080        RasSstp - ok
15:55:23.0025 6080        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
15:55:23.0134 6080        rdbss - ok
15:55:23.0165 6080        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:55:23.0228 6080        rdpbus - ok
15:55:23.0259 6080        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
15:55:23.0337 6080        RDPCDD - ok
15:55:23.0384 6080        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
15:55:23.0477 6080        RDPDR - ok
15:55:23.0508 6080        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:55:23.0618 6080        RDPENCDD - ok
15:55:23.0664 6080        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:55:23.0758 6080        RDPREFMP - ok
15:55:23.0805 6080        RDPWD          (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
15:55:23.0867 6080        RDPWD - ok
15:55:23.0914 6080        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
15:55:23.0961 6080        rdyboost - ok
15:55:24.0023 6080        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:55:24.0148 6080        RemoteAccess - ok
15:55:24.0195 6080        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:55:24.0273 6080        RemoteRegistry - ok
15:55:24.0320 6080        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
15:55:24.0382 6080        RFCOMM - ok
15:55:24.0413 6080        RimUsb - ok
15:55:24.0444 6080        RimVSerPort    (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
15:55:24.0491 6080        RimVSerPort - ok
15:55:24.0538 6080        ROOTMODEM      (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
15:55:24.0632 6080        ROOTMODEM - ok
15:55:24.0678 6080        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:55:24.0772 6080        RpcEptMapper - ok
15:55:24.0803 6080        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:55:24.0866 6080        RpcLocator - ok
15:55:24.0912 6080        RpcSs          (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
15:55:25.0006 6080        RpcSs - ok
15:55:25.0037 6080        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:55:25.0131 6080        rspndr - ok
15:55:25.0162 6080        SamSs          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:25.0224 6080        SamSs - ok
15:55:25.0287 6080        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
15:55:25.0318 6080        sbp2port - ok
15:55:25.0365 6080        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:55:25.0443 6080        SCardSvr - ok
15:55:25.0474 6080        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
15:55:25.0536 6080        scfilter - ok
15:55:25.0614 6080        Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
15:55:25.0724 6080        Schedule - ok
15:55:25.0755 6080        SCPolicySvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
15:55:25.0833 6080        SCPolicySvc - ok
15:55:25.0880 6080        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
15:55:25.0989 6080        SDRSVC - ok
15:55:26.0036 6080        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:55:26.0129 6080        secdrv - ok
15:55:26.0192 6080        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:55:26.0270 6080        seclogon - ok
15:55:26.0301 6080        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
15:55:26.0379 6080        SENS - ok
15:55:26.0426 6080        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
15:55:26.0519 6080        SensrSvc - ok
15:55:26.0550 6080        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:55:26.0582 6080        Serenum - ok
15:55:26.0628 6080        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:55:26.0675 6080        Serial - ok
15:55:26.0691 6080        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:55:26.0769 6080        sermouse - ok
15:55:26.0847 6080        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
15:55:26.0940 6080        SessionEnv - ok
15:55:26.0972 6080        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
15:55:27.0034 6080        sffdisk - ok
15:55:27.0081 6080        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:55:27.0112 6080        sffp_mmc - ok
15:55:27.0143 6080        sffp_sd        (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
15:55:27.0190 6080        sffp_sd - ok
15:55:27.0237 6080        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:55:27.0284 6080        sfloppy - ok
15:55:27.0346 6080        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:55:27.0455 6080        SharedAccess - ok
15:55:27.0518 6080        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
15:55:27.0596 6080        ShellHWDetection - ok
15:55:27.0627 6080        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
15:55:27.0658 6080        sisagp - ok
15:55:27.0705 6080        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:55:27.0736 6080        SiSRaid2 - ok
15:55:27.0767 6080        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:55:27.0798 6080        SiSRaid4 - ok
15:55:27.0830 6080        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:55:27.0908 6080        Smb - ok
15:55:27.0970 6080        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:55:28.0032 6080        SNMPTRAP - ok
15:55:28.0064 6080        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:55:28.0095 6080        spldr - ok
15:55:28.0157 6080        Spooler        (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
15:55:28.0251 6080        Spooler - ok
15:55:28.0469 6080        sppsvc          (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
15:55:28.0672 6080        sppsvc - ok
15:55:28.0828 6080        sppuinotify    (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
15:55:28.0937 6080        sppuinotify - ok
15:55:29.0046 6080        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\windows\system32\Drivers\sptd.sys
15:55:29.0046 6080        Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
15:55:29.0046 6080        sptd ( LockedFile.Multi.Generic ) - warning
15:55:29.0046 6080        sptd - detected LockedFile.Multi.Generic (1)
15:55:29.0093 6080        srv            (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
15:55:29.0187 6080        srv - ok
15:55:29.0234 6080        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
15:55:29.0296 6080        srv2 - ok
15:55:29.0327 6080        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
15:55:29.0390 6080        srvnet - ok
15:55:29.0436 6080        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:55:29.0546 6080        SSDPSRV - ok
15:55:29.0608 6080        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:55:29.0639 6080        ssmdrv - ok
15:55:29.0670 6080        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:55:29.0748 6080        SstpSvc - ok
15:55:29.0780 6080        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:55:29.0826 6080        stexstor - ok
15:55:29.0873 6080        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
15:55:29.0998 6080        StiSvc - ok
15:55:30.0029 6080        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
15:55:30.0076 6080        swenum - ok
15:55:30.0123 6080        swprv          (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:55:30.0248 6080        swprv - ok
15:55:30.0310 6080        SynTP          (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
15:55:30.0372 6080        SynTP - ok
15:55:30.0466 6080        SysMain        (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
15:55:30.0575 6080        SysMain - ok
15:55:30.0622 6080        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
15:55:30.0684 6080        TabletInputService - ok
15:55:30.0731 6080        TapiSrv        (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
15:55:30.0840 6080        TapiSrv - ok
15:55:30.0872 6080        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:55:30.0950 6080        TBS - ok
15:55:31.0090 6080        Tcpip          (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\drivers\tcpip.sys
15:55:31.0199 6080        Tcpip - ok
15:55:31.0402 6080        TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\DRIVERS\tcpip.sys
15:55:31.0480 6080        TCPIP6 - ok
15:55:31.0574 6080        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
15:55:31.0652 6080        tcpipreg - ok
15:55:31.0683 6080        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
15:55:31.0745 6080        TDPIPE - ok
15:55:31.0792 6080        TDTCP          (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
15:55:31.0854 6080        TDTCP - ok
15:55:31.0886 6080        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
15:55:31.0979 6080        tdx - ok
15:55:32.0010 6080        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
15:55:32.0042 6080        TermDD - ok
15:55:32.0104 6080        TermService    (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
15:55:32.0229 6080        TermService - ok
15:55:32.0276 6080        Themes          (59cfda4eacb3788f8b17f87b49b0ac0e) C:\windows\system32\themeservice.dll
15:55:32.0322 6080        Themes ( UnsignedFile.Multi.Generic ) - warning
15:55:32.0322 6080        Themes - detected UnsignedFile.Multi.Generic (1)
15:55:32.0354 6080        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:55:32.0432 6080        THREADORDER - ok
15:55:32.0478 6080        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:55:32.0572 6080        TrkWks - ok
15:55:32.0650 6080        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
15:55:32.0681 6080        TrustedInstaller - ok
15:55:32.0728 6080        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
15:55:32.0822 6080        tssecsrv - ok
15:55:32.0868 6080        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
15:55:32.0946 6080        tunnel - ok
15:55:32.0962 6080        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:55:32.0993 6080        uagp35 - ok
15:55:33.0024 6080        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
15:55:33.0134 6080        udfs - ok
15:55:33.0196 6080        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:55:33.0274 6080        UI0Detect - ok
15:55:33.0305 6080        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
15:55:33.0336 6080        uliagpkx - ok
15:55:33.0383 6080        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
15:55:33.0446 6080        umbus - ok
15:55:33.0477 6080        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:55:33.0508 6080        UmPass - ok
15:55:33.0555 6080        UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\windows\System32\umrdp.dll
15:55:33.0648 6080        UmRdpService - ok
15:55:33.0711 6080        upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:55:33.0851 6080        upnphost - ok
15:55:33.0882 6080        usbbus - ok
15:55:33.0960 6080        usbccgp        (5c233aefb566ee78c1efbc0493fb066a) C:\windows\system32\DRIVERS\usbccgp.sys
15:55:34.0038 6080        usbccgp - ok
15:55:34.0070 6080        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
15:55:34.0132 6080        usbcir - ok
15:55:34.0163 6080        UsbDiag - ok
15:55:34.0210 6080        usbehci        (5b71019a6aca0116fd21b368f19c0b91) C:\windows\system32\drivers\usbehci.sys
15:55:34.0272 6080        usbehci - ok
15:55:34.0319 6080        usbhub          (5823d3965c2a4f6f785ed1a3b403f3b8) C:\windows\system32\DRIVERS\usbhub.sys
15:55:34.0397 6080        usbhub - ok
15:55:34.0428 6080        USBModem - ok
15:55:34.0460 6080        usbohci        (e753ed6c49da13967ebabf9ea616454a) C:\windows\system32\drivers\usbohci.sys
15:55:34.0506 6080        usbohci - ok
15:55:34.0553 6080        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:55:34.0584 6080        usbprint - ok
15:55:34.0631 6080        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:55:34.0694 6080        usbscan - ok
15:55:34.0740 6080        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:55:34.0834 6080        USBSTOR - ok
15:55:34.0865 6080        usbuhci        (6a30928a469ce802600e1ea8c0f2f53f) C:\windows\system32\drivers\usbuhci.sys
15:55:34.0928 6080        usbuhci - ok
15:55:34.0974 6080        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
15:55:35.0068 6080        usbvideo - ok
15:55:35.0099 6080        usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
15:55:35.0146 6080        usb_rndisx - ok
15:55:35.0193 6080        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:55:35.0271 6080        UxSms - ok
15:55:35.0318 6080        VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:35.0364 6080        VaultSvc - ok
15:55:35.0411 6080        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
15:55:35.0442 6080        vdrvroot - ok
15:55:35.0505 6080        vds            (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
15:55:35.0598 6080        vds - ok
15:55:35.0630 6080        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:55:35.0676 6080        vga - ok
15:55:35.0708 6080        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:55:35.0801 6080        VgaSave - ok
15:55:35.0848 6080        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
15:55:35.0895 6080        vhdmp - ok
15:55:35.0910 6080        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
15:55:35.0942 6080        viaagp - ok
15:55:35.0973 6080        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:55:36.0020 6080        ViaC7 - ok
15:55:36.0066 6080        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
15:55:36.0098 6080        viaide - ok
15:55:36.0129 6080        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
15:55:36.0160 6080        volmgr - ok
15:55:36.0207 6080        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:55:36.0254 6080        volmgrx - ok
15:55:36.0300 6080        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
15:55:36.0347 6080        volsnap - ok
15:55:36.0378 6080        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:55:36.0425 6080        vsmraid - ok
15:55:36.0519 6080        VSS            (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
15:55:36.0612 6080        VSS - ok
15:55:36.0659 6080        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:55:36.0690 6080        vwifibus - ok
15:55:36.0737 6080        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:55:36.0800 6080        vwififlt - ok
15:55:36.0846 6080        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
15:55:36.0909 6080        vwifimp - ok
15:55:36.0956 6080        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:55:37.0065 6080        W32Time - ok
15:55:37.0143 6080        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:55:37.0174 6080        WacomPen - ok
15:55:37.0221 6080        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:55:37.0299 6080        WANARP - ok
15:55:37.0314 6080        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:55:37.0408 6080        Wanarpv6 - ok
15:55:37.0502 6080        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
15:55:37.0658 6080        wbengine - ok
15:55:37.0689 6080        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:55:37.0782 6080        WbioSrvc - ok
15:55:37.0860 6080        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
15:55:37.0923 6080        WcesComm - ok
15:55:38.0048 6080        wcncsvc        (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
15:55:38.0094 6080        wcncsvc - ok
15:55:38.0126 6080        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:55:38.0204 6080        WcsPlugInService - ok
15:55:38.0266 6080        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:55:38.0297 6080        Wd - ok
15:55:38.0360 6080        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:55:38.0422 6080        Wdf01000 - ok
15:55:38.0469 6080        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:55:38.0516 6080        WdiServiceHost - ok
15:55:38.0531 6080        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:55:38.0578 6080        WdiSystemHost - ok
15:55:38.0625 6080        WebClient      (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
15:55:38.0718 6080        WebClient - ok
15:55:38.0765 6080        Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:55:38.0874 6080        Wecsvc - ok
15:55:38.0906 6080        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:55:38.0999 6080        wercplsupport - ok
15:55:39.0046 6080        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:55:39.0124 6080        WerSvc - ok
15:55:39.0171 6080        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:55:39.0264 6080        WfpLwf - ok
15:55:39.0296 6080        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:55:39.0327 6080        WIMMount - ok
15:55:39.0452 6080        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:55:39.0561 6080        WinDefend - ok
15:55:39.0576 6080        WinHttpAutoProxySvc - ok
15:55:39.0639 6080        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:55:39.0748 6080        Winmgmt - ok
15:55:39.0842 6080        WinRM          (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
15:55:39.0998 6080        WinRM - ok
15:55:40.0091 6080        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
15:55:40.0138 6080        WinUsb - ok
15:55:40.0216 6080        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:55:40.0310 6080        Wlansvc - ok
15:55:40.0356 6080        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
15:55:40.0419 6080        WmiAcpi - ok
15:55:40.0497 6080        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:55:40.0544 6080        wmiApSrv - ok
15:55:40.0700 6080        WMPNetworkSvc  (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:55:40.0840 6080        WMPNetworkSvc - ok
15:55:40.0949 6080        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:55:41.0043 6080        WPCSvc - ok
15:55:41.0074 6080        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
15:55:41.0168 6080        WPDBusEnum - ok
15:55:41.0230 6080        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:55:41.0324 6080        ws2ifsl - ok
15:55:41.0370 6080        wscsvc          (a661a76333057b383a06e65f0073222f) C:\windows\System32\wscsvc.dll
15:55:41.0433 6080        wscsvc - ok
15:55:41.0448 6080        WSearch - ok
15:55:41.0589 6080        wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
15:55:41.0776 6080        wuauserv - ok
15:55:41.0932 6080        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
15:55:42.0010 6080        WudfPf - ok
15:55:42.0057 6080        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
15:55:42.0135 6080        WUDFRd - ok
15:55:42.0182 6080        wudfsvc        (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
15:55:42.0260 6080        wudfsvc - ok
15:55:42.0306 6080        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:55:42.0384 6080        WwanSvc - ok
15:55:42.0525 6080        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:55:42.0665 6080        \Device\Harddisk0\DR0 - ok
15:55:42.0681 6080        Boot (0x1200)  (664580346b7383c65e6b836f38578610) \Device\Harddisk0\DR0\Partition0
15:55:42.0681 6080        \Device\Harddisk0\DR0\Partition0 - ok
15:55:42.0759 6080        Boot (0x1200)  (512744c0235b96621820344228fa735e) \Device\Harddisk0\DR0\Partition1
15:55:42.0774 6080        \Device\Harddisk0\DR0\Partition1 - ok
15:55:42.0774 6080        ============================================================
15:55:42.0774 6080        Scan finished
15:55:42.0774 6080        ============================================================
15:55:42.0837 5276        Detected object count: 7
15:55:42.0837 5276        Actual detected object count: 7
16:08:07.0410 5276        AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0410 5276        AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:07.0410 5276        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0410 5276        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:07.0410 5276        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0410 5276        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:07.0426 5276        PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0426 5276        PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:07.0426 5276        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0426 5276        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:07.0442 5276        sptd ( LockedFile.Multi.Generic ) - skipped by user
16:08:07.0442 5276        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:08:07.0442 5276        Themes ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0442 5276        Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 15.05.2012 19:39
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

donniedarko 15.05.2012 21:45
So ComboFix ist auch durch.
[code]
Combofix Logfile:
Code:
ComboFix 12-05-15.04 - Marcus 15.05.2012  22:18:47.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.1014.399 [GMT 2:00]
ausgeführt von:: c:\users\Marcus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\windows\system32\ctsn32.dll
c:\windows\system32\service
c:\windows\system32\service\30122010_TIS17_PcDce.log
c:\windows\system32\tcdl2.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-15 bis 2012-05-15  ))))))))))))))))))))))))))))))
.
.
2012-05-15 20:35 . 2012-05-15 20:35        --------        d-----w-        c:\users\Marcus\AppData\Local\temp
2012-05-15 20:35 . 2012-05-15 20:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-15 12:03 . 2012-05-15 12:03        --------        d-----w-        C:\_OTL
2012-05-15 11:26 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C93A629D-C3EC-4D5B-BE9B-328E8B0951C0}\mpengine.dll
2012-05-14 12:17 . 2012-05-14 12:17        --------        d-----w-        c:\users\Marcus\AppData\Roaming\Avira
2012-05-14 12:10 . 2012-05-14 12:10        --------        d-----w-        c:\program files\ESET
2012-05-14 12:10 . 2012-05-14 12:10        --------        d-----w-        c:\users\Default\AppData\Local\AskToolbar
2012-05-14 12:09 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 12:09 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 12:09 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-05-14 12:08 . 2012-05-14 12:11        --------        d-----w-        c:\programdata\Avira
2012-05-14 12:08 . 2012-05-14 12:08        --------        d-----w-        c:\program files\Avira
2012-05-13 22:56 . 2012-05-13 22:56        --------        d-----w-        c:\users\Marcus\AppData\Roaming\Malwarebytes
2012-05-13 22:56 . 2012-05-13 22:56        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-13 22:56 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-13 22:56 . 2012-05-13 22:56        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-13 22:11 . 2012-05-13 22:11        --------        d-----w-        c:\windows\system32\SPReview
2012-05-13 22:08 . 2012-05-13 22:08        --------        d-----w-        c:\windows\system32\EventProviders
2012-05-08 14:47 . 2012-05-08 14:47        45056        ----a-r-        c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut2_71F205E9C01C47C5B0298AAC14AF03F1.exe
2012-05-08 14:47 . 2012-05-08 14:47        45056        ----a-r-        c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut1_71F205E9C01C47C5B0298AAC14AF03F1.exe
2012-05-08 14:47 . 2012-05-08 14:47        45056        ----a-r-        c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\ARPPRODUCTICON.exe
2012-05-08 14:47 . 2012-05-08 14:56        --------        d-----w-        c:\program files\CASIO
2012-05-08 14:32 . 2012-05-08 14:32        --------        d-----w-        c:\windows\Downloaded Installations
2012-05-06 09:40 . 2012-05-06 09:40        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-06 09:40 . 2012-05-06 09:40        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 09:40 . 2012-05-06 09:40        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-03 09:10 . 2012-05-03 09:10        --------        d-----w-        c:\programdata\UDL
2012-05-03 09:03 . 2012-05-03 09:09        --------        d-----w-        c:\program files\Epson Software
2012-05-03 09:01 . 2012-05-03 09:04        --------        d-----w-        c:\users\Marcus\AppData\Roaming\EPSON
2012-05-03 08:56 . 2002-07-25 15:06        282624        ----a-w-        c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2012-05-03 08:43 . 2012-05-03 08:36        8192        ----a-w-        c:\windows\system32\E_DCINST.DLL
2012-05-03 08:43 . 2012-05-03 08:36        63488        ----a-w-        c:\windows\system32\E_FD4BGJE.DLL
2012-05-03 08:40 . 2011-08-09 22:00        341504        ----a-w-        c:\windows\system32\esw2ud.dll
2012-05-03 08:40 . 2009-10-15 22:00        132560        ----a-w-        c:\windows\system32\esdevapp.exe
2012-05-03 08:40 . 2009-10-15 22:00        12800        ----a-w-        c:\windows\system32\escdev.dll
2012-05-03 08:40 . 2012-05-03 08:54        --------        d-----w-        c:\program files\epson
2012-04-19 11:07 . 2010-12-07 12:23        25088        ----a-w-        c:\windows\system32\drivers\lgandmodem.sys
2012-04-19 11:07 . 2010-12-07 12:23        20736        ----a-w-        c:\windows\system32\drivers\lganddiag.sys
2012-04-19 11:07 . 2010-12-07 12:23        20096        ----a-w-        c:\windows\system32\drivers\lgandgps.sys
2012-04-19 11:07 . 2010-12-07 12:22        14336        ----a-w-        c:\windows\system32\drivers\lgandbus.sys
2012-04-19 11:07 . 2010-08-02 14:19        25728        ----a-w-        c:\windows\system32\drivers\lgandadb.sys
2012-04-19 11:07 . 2012-04-19 11:07        --------        d-----w-        c:\program files\LG Electronics
2012-04-19 08:38 . 2011-07-18 04:01        1419232        ----a-w-        c:\windows\system32\wdfcoinstaller01005.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 14:45 . 2007-03-13 07:27        40672        ----a-w-        c:\windows\system32\drivers\CESG502.SYS
2012-03-04 18:24 . 2012-03-04 18:24        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-03-04 18:24 . 2012-03-04 18:24        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-03-04 18:24 . 2012-03-04 18:24        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-03-04 18:24 . 2012-03-04 18:24        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-03-04 18:24 . 2012-03-04 18:24        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-03-04 18:24 . 2012-03-04 18:24        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-03-04 18:24 . 2012-03-04 18:24        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-03-04 18:24 . 2012-03-04 18:24        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-03-04 18:24 . 2012-03-04 18:24        367104        ----a-w-        c:\windows\system32\html.iec
2012-03-04 18:24 . 2012-03-04 18:24        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-03-04 18:24 . 2012-03-04 18:24        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-03-04 18:24 . 2012-03-04 18:24        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-03-04 18:24 . 2012-03-04 18:24        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-03-04 18:24 . 2012-03-04 18:24        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-03-04 18:24 . 2012-03-04 18:24        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-03-04 18:24 . 2012-03-04 18:24        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-03-04 18:24 . 2012-03-04 18:24        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-03-01 05:53 . 2012-04-12 08:19        19312        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-12 08:19        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-12 08:19        158720        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 08:19        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 08:31        1799168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 08:31        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 08:31        1127424        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 08:31        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-23 08:18 . 2011-01-11 05:46        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-06 09:40 . 2011-03-25 10:41        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-12-28 2429]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53        404568        ----a-w-        c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21        648072        ----a-w-        c:\windows\WindowsMobile\wmdc.exe
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]
R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2012-05-08 40672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-10 721904]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2012-05-03 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2012-05-03 121856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 65204987
*Deregistered* - 65204987
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 18:24]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 18:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
IE: Free YouTube to MP3 Converter - c:\users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\dx2z6zwq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
MSConfigStartUp-LG LinkAir - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-UnityWebPlayer - c:\users\Marcus\AppData\Local\Unity\WebPlayer\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-15  22:42:32
ComboFix-quarantined-files.txt  2012-05-15 20:42
.
Vor Suchlauf: 9 Verzeichnis(se), 18.397.224.960 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 18.293.604.352 Bytes frei
.
- - End Of File - - EBFA34042783364B2F129AB5E299AB6F
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129