Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC "hängt" sich bei jedem zweiten Start auf (https://www.trojaner-board.de/135427-pc-haengt-zweiten-start.html)

enca 23.05.2013 13:18
PC "hängt" sich bei jedem zweiten Start auf
 
Hallo,

ich habe folgendes Problem:
Seit einigen Tagen hängt sich mein PC bei jedem zweiten Neustart auf. Sobald die Windows Oberfläche erscheint, wird alles unglaublich langsam bis dann letzten endes gar nichts mehr geht.

Daraufhin habe ich Spybot gestartet und prompt einige Schädlinge gefunden, welche ich dann auch entfernen ließ. Jedoch war das Problem nicht behoben, sondern nach dem nächsten Start erneut vorhanden. Bei Spybot waren dann die gleichen Schädlinge erneut vorhanden.

Da liegt die vermutung nahe, dass da ein größerer Schädling am Werke ist...

Hier erst mal ein Screenshot von Spybot:

http://i16.photobucket.com/albums/b39/enca/Spybot.jpg

OTL:
OTL Logfile:
Code:
OTL logfile created on: 23.05.2013 12:33:43 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 53,88% Memory free
7,59 Gb Paging File | 5,31 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 27,85 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 303,18 Gb Free Space | 91,93% Space Free | Partition Type: NTFS
 
Computer Name: xxx| User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.23 12:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.31 19:50:37 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.06.15 14:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.23 10:58:28 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.01.13 18:19:42 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.01.13 18:11:52 | 007,109,248 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.21 21:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.07.06 23:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 19:09:41 | 002,148,376 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010.10.16 20:55:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.05 19:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.03.05 19:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.03.05 19:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.15 18:51:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.31 19:50:37 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.05.20 09:46:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.15 14:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.31 19:51:07 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.08.17 10:19:09 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.08.17 10:19:09 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.04.29 11:20:20 | 000,182,912 | ---- | M] (Etron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETdrv.sys -- (usbet)
DRV:64bit: - [2010.04.28 09:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.04.16 20:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.03.18 07:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.02.27 01:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.05 14:43:20 | 000,171,328 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF05BDA.sys -- (AF05BDA)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.27 08:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.10.27 08:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.09.04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.20 20:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.21 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.03.17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = xxx://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = xxx://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = xxx://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = xxx://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = xxx://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = xxx://search.babylon.com/?affID=109727&tt=4912_6&babsrc=HP_ss&mntrId=0280c9fa00000000000000ffbca58e77
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = xxx://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = xxx://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = xxx://search.babylon.com/?q={searchTerms}&affID=109727&tt=4912_6&babsrc=SP_ss&mntrId=0280c9fa00000000000000ffbca58e77
IE - HKCU\..\SearchScopes\{3155F970-9B3E-42A3-B160-3BFCC7E60A5E}: "URL" = xxx://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = xxx://start.iplay.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E69706C61792E636F6D2F736561726368726573756C74732E617370783F6F3D6368726F6D6526713D7B7365617263685465726D737D&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{467DA644-740C-4174-B277-417C777C8B4E}: "URL" = xxx://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{4DC23A62-8D0A-4816-B3F0-F1B6D011A9F4}: "URL" = xxx://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = xxx://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741535554&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = xxx://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{9B8AE43E-E413-4740-B106-16347206B225}: "URL" = xxx://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9D74131B-069E-4B23-A3B6-72D98F8B829D}: "URL" = xxx://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B54A8AB4-D861-46A1-9BCC-D057C638DE56}: "URL" = xxx://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=43686F3E-7569-40CC-9452-50F7B306650D&apn_sauid=DB71A1F1-BB3E-4055-A2D4-4E839BCD3E5B
IE - HKCU\..\SearchScopes\{FCC17968-013D-42DA-B93A-319875F1A04D}: "URL" = xxx://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.05 17:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 19:51:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 19:51:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 19:51:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.05 17:26:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.08 19:43:58 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.05.17 22:53:33 | 000,444,830 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.2.104/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{163805D3-6748-4978-BC33-7C22BDF6E1DA}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A8A01B-E4B8-4AA0-853D-B81DF7BBDE11}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f529238-3a25-11e1-b307-20cf3024c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{0f529238-3a25-11e1-b307-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0f52923b-3a25-11e1-b307-20cf3024c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{0f52923b-3a25-11e1-b307-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0f52923e-3a25-11e1-b307-20cf3024c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{0f52923e-3a25-11e1-b307-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cbb3191e-6c5d-11e1-8df4-20cf3024c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{cbb3191e-6c5d-11e1-8df4-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df39c492-d6c1-11e0-aa72-20cf3024c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{df39c492-d6c1-11e0-aa72-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df39c496-d6c1-11e0-aa72-20cf3024c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{df39c496-d6c1-11e0-aa72-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 12:12:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.05.23 09:06:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013.05.16 21:26:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.05.06 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
[2013.05.06 18:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClearProg
[2013.05.06 17:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.05.06 17:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.06 17:41:13 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.05.06 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.06 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs
[2013.05.03 14:26:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.27 14:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2013.04.27 14:07:28 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.23 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN
[2013.04.23 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.04.23 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.04.23 17:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.23 17:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 12:21:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 12:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.05.23 12:10:55 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2013.05.23 12:09:34 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2013.05.23 11:57:24 | 003,626,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.23 11:57:24 | 001,511,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.23 11:57:24 | 001,080,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.23 11:57:24 | 000,963,776 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.23 11:57:24 | 000,005,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.23 11:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 10:58:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 09:06:09 | 000,002,939 | ---- | M] () -- C:\Users\xxx\Desktop\HiJackThis.lnk
[2013.05.23 08:25:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 08:25:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 08:18:18 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 08:17:52 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 21:06:15 | 000,000,809 | ---- | M] () -- C:\Windows\wininit.ini
[2013.05.20 09:52:18 | 000,687,616 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520095155.Avi
[2013.05.20 09:46:11 | 005,267,968 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520094504.Avi
[2013.05.20 09:44:30 | 005,190,656 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520094324.Avi
[2013.05.20 09:40:10 | 005,268,992 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093903.Avi
[2013.05.20 09:37:49 | 004,963,328 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093645.Avi
[2013.05.20 09:35:41 | 005,220,352 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093434.Avi
[2013.05.20 09:31:33 | 005,848,064 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093018.Avi
[2013.05.20 09:26:51 | 005,157,888 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092544.Avi
[2013.05.20 09:25:37 | 005,232,128 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092430.Avi
[2013.05.20 09:24:05 | 005,235,712 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092258.Avi
[2013.05.20 09:22:36 | 005,568,512 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092124.Avi
[2013.05.20 09:20:22 | 005,238,784 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520091915.Avi
[2013.05.20 09:18:53 | 005,190,144 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520091746.Avi
[2013.05.20 09:16:23 | 005,223,936 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520091516.Avi
[2013.05.20 09:10:33 | 005,203,968 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520090926.Avi
[2013.05.20 09:05:07 | 005,210,112 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520090400.Avi
[2013.05.18 12:40:22 | 010,056,192 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518123804.Avi
[2013.05.18 12:21:15 | 009,410,048 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518121903.Avi
[2013.05.18 11:34:37 | 005,140,992 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518113330.Avi
[2013.05.18 11:10:25 | 005,128,192 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518110918.Avi
[2013.05.18 11:08:33 | 005,127,168 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518110727.Avi
[2013.05.18 11:02:08 | 005,135,872 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518110100.Avi
[2013.05.18 10:45:47 | 005,136,896 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518104440.Avi
[2013.05.18 10:07:54 | 005,088,256 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518100648.Avi
[2013.05.18 09:50:06 | 005,089,280 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518094900.Avi
[2013.05.18 09:48:05 | 005,133,824 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518094657.Avi
[2013.05.18 09:41:16 | 005,135,360 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518094009.Avi
[2013.05.18 09:34:07 | 005,170,176 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518093257.Avi
[2013.05.18 09:31:20 | 005,095,936 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518093013.Avi
[2013.05.18 09:28:52 | 005,157,376 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518092745.Avi
[2013.05.18 09:19:08 | 005,091,328 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518091802.Avi
[2013.05.18 09:17:01 | 005,325,824 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518091551.Avi
[2013.05.18 08:57:26 | 005,359,104 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518085616.Avi
[2013.05.17 22:53:33 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.17 16:53:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013.05.17 13:43:47 | 000,418,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.13 18:51:05 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130517-225333.backup
[2013.05.12 15:10:21 | 000,101,067 | ---- | M] () -- C:\Users\xxx\Documents\xxx
[2013.05.07 16:29:42 | 000,002,132 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.05.07 16:29:41 | 000,001,737 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.05.06 18:03:31 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\ClearProg.lnk
[2013.05.06 17:41:18 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.27 14:07:28 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 12:10:55 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2013.05.23 12:09:34 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2013.05.23 09:06:09 | 000,002,939 | ---- | C] () -- C:\Users\xxx\Desktop\HiJackThis.lnk
[2013.05.22 21:06:15 | 000,000,809 | ---- | C] () -- C:\Windows\wininit.ini
[2013.05.20 09:51:55 | 000,687,616 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520095155.Avi
[2013.05.20 09:45:04 | 005,267,968 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520094504.Avi
[2013.05.20 09:43:24 | 005,190,656 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520094324.Avi
[2013.05.20 09:39:03 | 005,268,992 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093903.Avi
[2013.05.20 09:36:45 | 004,963,328 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093645.Avi
[2013.05.20 09:34:34 | 005,220,352 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093434.Avi
[2013.05.20 09:30:18 | 005,848,064 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093018.Avi
[2013.05.20 09:25:45 | 005,157,888 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092544.Avi
[2013.05.20 09:24:30 | 005,232,128 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092430.Avi
[2013.05.20 09:22:58 | 005,235,712 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092258.Avi
[2013.05.20 09:21:25 | 005,568,512 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092124.Avi
[2013.05.20 09:19:15 | 005,238,784 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520091915.Avi
[2013.05.20 09:17:47 | 005,190,144 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520091746.Avi
[2013.05.20 09:15:17 | 005,223,936 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520091516.Avi
[2013.05.20 09:09:27 | 005,203,968 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520090926.Avi
[2013.05.20 09:04:00 | 005,210,112 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520090400.Avi
[2013.05.18 12:38:04 | 010,056,192 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518123804.Avi
[2013.05.18 12:19:03 | 009,410,048 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518121903.Avi
[2013.05.18 11:33:30 | 005,140,992 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518113330.Avi
[2013.05.18 11:09:18 | 005,128,192 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518110918.Avi
[2013.05.18 11:07:27 | 005,127,168 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518110727.Avi
[2013.05.18 11:01:00 | 005,135,872 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518110100.Avi
[2013.05.18 10:44:40 | 005,136,896 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518104440.Avi
[2013.05.18 10:06:48 | 005,088,256 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518100648.Avi
[2013.05.18 09:49:00 | 005,089,280 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518094900.Avi
[2013.05.18 09:46:58 | 005,133,824 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518094657.Avi
[2013.05.18 09:40:09 | 005,135,360 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518094009.Avi
[2013.05.18 09:32:57 | 005,170,176 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518093257.Avi
[2013.05.18 09:30:14 | 005,095,936 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518093013.Avi
[2013.05.18 09:27:45 | 005,157,376 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518092745.Avi
[2013.05.18 09:18:02 | 005,091,328 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518091802.Avi
[2013.05.18 09:15:51 | 005,325,824 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518091551.Avi
[2013.05.18 08:56:16 | 005,359,104 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518085616.Avi
[2013.05.06 18:03:31 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\ClearProg.lnk
[2013.05.06 17:41:18 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.06 17:41:18 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.11.23 20:18:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.10.05 09:12:33 | 000,005,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.29 20:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.06.29 16:42:07 | 000,000,994 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.21 17:55:08 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2011.06.11 15:41:01 | 000,010,231 | ---- | C] () -- C:\Users\xxx\xxx
[2010.07.23 10:26:40 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.11 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon
[2010.11.27 23:13:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Asus WebStorage
[2012.12.08 19:44:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon
[2012.02.17 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\xxx
[2012.04.03 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Engelmann Media
[2012.01.20 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mount&Blade
[2012.12.08 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OCS
[2012.12.08 19:43:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2011.05.14 19:34:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ProtectDisc
[2011.09.30 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TerraTec
[2011.06.29 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2011.06.29 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ts3overlay
[2011.07.01 15:43:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tunngle
[2012.11.19 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extras:
OTL Logfile:
Code:
OTL Extras logfile created on: 23.05.2013 12:33:43 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 53,88% Memory free
7,59 Gb Paging File | 5,31 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 27,85 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 303,18 Gb Free Space | 91,93% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D0FC38-F516-4D25-9402-E48A399B1D5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11B22F6B-790F-40C3-B9D0-FD5C0D6D71A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{153E73BC-F086-4BAE-8B55-202961E3D409}" = rport=138 | protocol=17 | dir=out | app=system |
"{21150084-2D5F-4263-AE60-D594FFE6D1F8}" = lport=138 | protocol=17 | dir=in | app=system |
"{24151A21-345F-4DC3-8A8D-51E578FCF876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36EF1B52-8493-4578-8E10-CA8969B10362}" = lport=139 | protocol=6 | dir=in | app=system |
"{394668A8-05A1-45B3-ACF9-DEB31F0A8605}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4651B61B-0481-4DBC-8E6E-20E7308F39B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49C3DFE2-56F3-4420-AF55-C692E05CC276}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{503DA5EF-FF5D-4945-8622-5BF1083010C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C16CCE0-050A-4165-9D0C-EA5A97EC1796}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{635919B7-0001-4C04-BFE5-21C9B47D1C4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67E71F9C-BE0E-4D3E-854C-62D100EFB12B}" = rport=137 | protocol=17 | dir=out | app=system |
"{7223F021-0D1E-4502-888F-F72C18AC554B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72A81A22-9367-4564-9737-E7D765B28218}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{83FD5066-AF65-4EEC-8058-F85C9EACB509}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{849D143F-12BB-4C95-8A61-A704BF721E1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EAA4C45-D416-4600-A7C9-E5C3BB8B3ED5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBD51A93-406C-4422-BF46-D2DFC32417B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF66A77B-00C9-4823-9BC0-39DACC87F5EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF6E2B4C-E617-4C97-B1F5-743BB678282E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D841D261-F4F4-481D-809A-E120E558CDDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E34EA894-B4A3-41D1-B99C-6C78F305C6E8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E67B7FA4-02CA-41DA-A00D-3BCA080E0259}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8162B2C-FC58-4131-8EEA-E3C9B51353CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB8A2FE5-C3AD-47C8-9255-C21AA6C05286}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003BFBF1-C65F-4CE4-815A-F2A3F9C870C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0066CE7D-4936-42E1-AC7D-0F504059DF4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02C84413-8FB3-4817-B320-79484A0F9A24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{03131940-7A30-42D0-93D0-42AD87D19466}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0A17C5EA-59B9-432F-A2B1-1EC1E9B0FF38}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{0DC8669F-4E65-4536-8082-5B14BCA714CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10B9065E-AA98-4B98-A66D-C629B957E90F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{12A35CAB-A36F-4DAA-8BCD-A669361E66A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{203861C0-32B0-4926-AFC8-D83780714CD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21E1182F-7CB4-463A-9D7D-71AAC95C7121}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24B4CE9E-EC3C-4191-9446-4F8065D65DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{251A60CC-6FC1-4E38-94BC-A2F11BB96610}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{28C0C0A8-86D7-4CE4-B5B6-DA8A25236991}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{28D7F5BE-D6B8-401A-B414-5BCDC4D71897}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{317E8863-8FE4-4462-B341-D6430B327961}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3372C2AB-ED50-4E7A-B6D3-32F2D4EB1E7B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{354FB9E5-7AE8-48A9-A57D-5C67AB3B9E03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{390F2A6B-5AC6-457A-B363-7B2B20AB4AED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{39E4450B-7B04-4470-994C-FF856ADE61CD}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{3AB3F615-767D-4731-A75A-DBBDD016F594}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{3CAFC1EC-7990-44B9-8246-FA7C6C277FAF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{3E02FDE2-688A-448D-8AEF-EB97C08E593D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{3E9BF2FF-8557-4B9D-B62B-D4ED469943BD}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{3FAA9E0E-7234-4067-8401-246FC5DA9B15}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{40104FFA-22B2-44DD-9490-6201B669BB55}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\iamalive_launcher.exe |
"{4187F6F8-1534-4807-95F5-F2450463918B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43A3062C-5D58-4886-8961-402092DCAABE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{498294DC-40D8-492C-B0D0-B4687EDC8CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\src\system\iamalive_game.exe |
"{4C559ECC-6B28-4E32-9EB5-5AF962470412}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{4DC673F1-E31D-4AF8-A00E-937BE9257AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{4FFAFB29-F286-4164-B728-BDBA3D954A4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51CA2534-FA76-431A-942A-6A63FF8DF1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{567F4B15-D058-4473-9664-5F207186CBC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56D8CA98-0EC9-48DE-AF9B-E15BD37CB796}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{5D4240C4-BB1A-4814-9DC6-096FBDBEBB06}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{5EAB8425-495A-447B-9583-2C2117D0432F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{692FB3A7-0075-4C2B-A47F-A410A64548CD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{69608033-816B-4917-A5A1-4B190D03247D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\iamalive_launcher.exe |
"{73710C3A-3ABE-4080-9C61-A52CA14AD0D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{79634D19-3D88-4145-AAF6-4777518FDE6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7E849A5B-FCB1-43D7-8EF6-61C3B49B6180}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FA31A9D-647C-4AFF-8CE7-1EBBE5007A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\memoir '44 online\memoir'44 online.exe |
"{80620736-4BA3-4CDB-910C-7029B63B55AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80E79A21-2209-4757-B3EE-8A0D89DC7E9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{811B638D-3805-4544-A337-AC1660F4BD63}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{82F9966C-92C8-4733-8C22-015EDF0DA50F}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{8B996DC3-847F-4F3C-8D25-FB0A4D7EDE89}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{8C7A8567-612A-4DDD-9533-0BE52FEF8151}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8CD9341A-6955-4251-9F27-07804B508F04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{95358B8F-4120-487B-A4A9-D807C359D193}" = protocol=6 | dir=out | app=system |
"{9569DA8E-AAC1-4350-970E-8328E21ACA81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\memoir '44 online\memoir'44 online.exe |
"{96376737-66AE-499F-9879-9609D8C1F2BA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{97A7D4A9-5873-48AA-98DA-C59D7DE92F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E985084-2620-4247-9EBB-294C31042FED}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{A2E4650F-CCBD-44A4-A844-46070C6112A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6E3AC2A-126F-431C-B4D8-5CBC56119007}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{A6E97BC9-8428-40BA-AAA7-BE659CA27A16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A86F50CF-A294-4886-BA2C-37E8082DED54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABF50765-9DAF-4B16-A0AE-40B98739F62C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{ACD32809-B328-4A4C-B54A-BB2E05F8078C}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{B01CF3D4-8C3F-4396-998A-73053CD48B4E}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{B53EFE69-DD38-4F72-8865-595826EDDC66}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{B710423F-D73F-46B7-91DC-CAD97593D2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{B8355FEC-2013-46E7-BBE4-C31902C4F08F}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C7BEC6EB-F2AC-486F-AE0A-1C67EFDD8589}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C80B704A-026F-4D19-B1C9-0F0AC7079F4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CA5F54C5-1C6C-417B-8A62-601CA6716D5B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CF074FCE-C5BB-406B-820C-CFAD334BC28F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D34593DC-3ED1-4790-8B91-71D9EEC82EDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D4C8B0E0-E8C9-49E4-AFC7-38BE932E02C3}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{D732D261-E8FC-4E3A-B76E-6134D28A2015}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\src\system\iamalive_game.exe |
"{E0F52677-208A-4F69-986C-914B0A512172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E2FB3FA2-8E96-4694-9C19-C643EAE5599F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E5617384-A196-474E-B07D-0BD800CE7350}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE4D1DFB-F732-4F16-A20B-6EFB2F22F9F7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{F0D263BA-22AF-4F9F-BCF6-6D63B46DE15B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F28C7EC7-BBCF-4925-BCD5-DF77A3E5846C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{F4A80621-7C25-4610-AD6A-2BF46B5553C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{F57DB5DB-E2DC-4181-8581-C2F0EF3DA518}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FB843A9B-56A4-4B97-BBFA-772AE5386E84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"DesktopIconAmazon" = Desktop Icon für Amazon
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A2606DD-5E86-4ADA-954B-D98012A174E0}" = ocxinstall
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4415769-1588-4AD6-9624-B2E69DB78D1A}" = Preispilot
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED1674F5-5165-49BF-B546-AE5343111540}" = WebCam
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"Cinergy T USB XE" = Cinergy T USB XE V6.11.23.01
"ClearProg" = ClearProg 1.6.0 Final
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular-Upgrade
"Google Chrome" = Google Chrome
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IP Camera" = IP Camera
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mobile Partner" = Mobile Partner
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Samsung ML-1510_700 Series" = Samsung ML-1510_700 Series
"Steam App 108210" = Memoir '44 Online
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2013 14:36:11 | Computer Name = xxx | Source = SecurityCenter | ID = 4
Description = Es konnten keine Instanzen von FirewallProduct aus der WMI geladen
 werden.
 
Error - 20.05.2013 14:36:11 | Computer Name = xxx | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntivirusProduct aus der WMI geladen
 werden.
 
Error - 20.05.2013 14:36:11 | Computer Name = xxx | Source = SecurityCenter | ID = 6
Description = Es konnten keine Instanzen von AntiSpywareProduct aus der WMI geladen
 werden.
 
Error - 23.05.2013 05:47:27 | Computer Name = xxx | Source = Application Error | ID = 1000
Error - 23.05.2013 05:47:47 | Computer Name = xxx | Source = Application Error
| ID = 1000
 
Error - 23.05.2013 05:47:58 | Computer Name = xxx | Source = Application Error | ID = 1000
Error - 23.05.2013 05:49:55 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
 | ID = 3012
 
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:49:55 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
 | ID = 3012
 
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:49:55 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
 | ID = 3011
 
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 23.05.2013 05:57:21 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
 | ID = 3012
 
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:57:21 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
 | ID = 3012
 
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:57:21 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
 | ID = 3011
 
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error encountered while reading event logs.
 
< End of report >
--- --- ---

Gmer:
http://i16.photobucket.com/albums/b3...er_2119163.jpg

cosinus 23.05.2013 13:23
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

enca 23.05.2013 13:36
Sorry wegen Code, habs gleich angepasst.

Alte Logs... das einzige was ich noch habe ist das was Kasparsky gefunden hat:

http://i16.photobucket.com/albums/b39/enca/Kasp.jpg

cosinus 23.05.2013 13:38
Geht das auch in Textform? Screenshots sind wirklich sehr suboptimal :nixda:

enca 23.05.2013 16:30
Für spybot:

Code:
Search results from Spybot - Search & Destroy

22.05.2013 21:02:51
Scan took 00:23:48.
17 items found.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\s.ytimg.com\soundData.sol
  Properties.size=49
  Properties.md5=0F2F7414896648FFBC2F586F6D90EB34
  Properties.filedate=1369248303
  Properties.filedatetext=2013-05-22 20:45:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\s.ytimg.com\subtitlesModuleData.sol
  Properties.size=180
  Properties.md5=FC4229AA6948A5459695586E617BE143
  Properties.filedate=1369247154
  Properties.filedatetext=2013-05-22 20:25:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\tag.coffeetable.hiro.tv\hiro_companion_cookie.sol
  Properties.size=106
  Properties.md5=CECF7DD1A64B3A0E20AE4CF7C0B5465C
  Properties.filedate=1369242972
  Properties.filedatetext=2013-05-22 19:16:11

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\tag.coffeetable.hiro.tv\HIRO_NETWORK_CAPPING_COOKIE.sol
  Properties.size=1016
  Properties.md5=3813945D44C302AE8DE8284CA78311D0
  Properties.filedate=1369243012
  Properties.filedatetext=2013-05-22 19:16:51

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
  Properties.size=61
  Properties.md5=3ABAFA1CF4CC177EDEE657D6E256DBF7
  Properties.filedate=1369235517
  Properties.filedatetext=2013-05-22 17:11:56

Right Media: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): xxx) (Browser: Cookie, nothing done)
 

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=56
  Properties.md5=D74E3C688AA4F552EB9F55CB8EA67170
  Properties.filedate=1369230344
  Properties.filedatetext=2013-05-22 15:45:43

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\Internet Explorer\TypedURLs

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Cookie: [SBI $49804B54] Browser: Cookie (143) (Browser: Cookie, nothing done)
 

Cache: [SBI $49804B54] Browser: Cache (1613) (Browser: Cache, nothing done)
 

Verlauf: [SBI $49804B54] Browser: History (991) (Browser: History, nothing done)
 


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-05-06 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
Von Kasparsky hab ich nichts gefunden, deshalb schreib ichs schnell ab:
Code:
Typ                                                                            Status                  Zeit
HEUR:Exploit.Script.Blocker                                              Inaktiv          26.04.2012 18:09:05
Trojan-Downloader.JS.Expack.tj                                      Inaktiv          22.06.2012 13:57:23
HEUR:Exploit.Script.Generic                                      Nicht gefunden    18.11.2012 16:01:09
HEUR:Exploit.Script.Generic                                            Inaktiv          18.11.2012 15:42:13
Trojan-Downloader.JS.DarDuk.e                                      Inaktiv          17.08.2011 16:58:00
HEUR:Exploit.Script.Generic                                            Inaktiv          17.05.2012 10:53:11
HEUR:Trojan-Downloader.Script.Generic                            Inaktiv          11.09.2012 16:55:24
HEUR:Exploit.Script.Blocker                                            Inaktiv          10.05.2012 19:00:01
Exploit.Java.CVE-2012-0507.fb                                        Inaktiv          10.05.2012 18:59:59
HEUR:Exploit.Script.Generic                                            Inaktiv          07.06.2012 20:45:26
HEUR:Exploit.Script.Generic                                            Inaktiv          05.06.2012 18:18:22
Exploit.Win32.CVE-2011-3402.c      Wird n. d. Neustart d. PC verarbeitet 03.02.2013 17:27:18
HEUR:Exploit.Script.Generic                                            Inaktiv          01.06.2012 13:21:35

cosinus 23.05.2013 21:07
Die Pfadangaben fehlen, aber naja...

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

enca 24.05.2013 08:24
Bei Spybot hat er gemeckert. Ich hatte ihn zwar ausgeschalten, aber möglicherweise lief noch etwas im Hintergrund.

Hier das Log:
Code:
ComboFix 13-05-23.02 - xxx 24.05.2013  8:52.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3886.2286 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\msvcr71.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-24 bis 2013-05-24  ))))))))))))))))))))))))))))))
.
.
2013-05-24 07:03 . 2013-05-24 07:03        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-05-24 07:03 . 2013-05-24 07:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-23 07:06 . 2013-05-23 07:06        388096        ----a-r-        c:\users\xxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-16 19:26 . 2013-05-16 19:26        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2013-05-06 16:03 . 2013-05-06 16:03        --------        d-----w-        c:\program files (x86)\ClearProg
2013-05-06 15:41 . 2013-05-22 19:06        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-05-06 15:41 . 2009-01-25 10:14        17272        ----a-w-        c:\windows\system32\sdnclean64.exe
2013-05-06 15:41 . 2013-05-06 15:41        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-06 15:40 . 2013-05-06 15:40        --------        d-----w-        c:\users\xxx\AppData\Local\Programs
2013-04-27 12:11 . 2013-04-27 12:11        --------        d-----w-        c:\program files (x86)\Bethesda Softworks
2013-04-27 12:08 . 2005-04-03 21:02        753664        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-04-27 12:08 . 2005-04-03 21:02        69714        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-04-27 12:08 . 2005-04-03 21:01        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-04-27 12:08 . 2005-04-03 21:00        184320        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-04-27 12:08 . 2005-04-03 21:00        63488        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-04-27 12:08 . 2005-04-03 20:59        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-04-27 12:08 . 2013-04-27 12:08        200836        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-04-27 12:08 . 2013-04-27 12:08        331908        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-04-27 12:07 . 2013-04-27 12:07        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2013-04-24 14:40 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 19:32 . 2011-03-05 15:13        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-15 16:51 . 2012-04-11 17:16        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 16:51 . 2011-07-02 10:44        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 15:25 . 2013-04-23 15:25        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 15:25 . 2012-11-15 19:43        866720        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-04-23 15:25 . 2011-05-29 18:04        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-16 14:47        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 14:47        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 14:47        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 14:47        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 14:47        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 14:47        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 12:43        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:43        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:43        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:43        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:43        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:43        112640        ----a-w-        c:\windows\system32\smss.exe
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C4415769-1588-4AD6-9624-B2E69DB78D1A}]
2012-08-10 14:47        182056        ----a-w-        c:\program files (x86)\preispilot\Internet Explorer\preispilot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-03-31 12:57        1520776        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25976~1.107\{C16C1~1\mngr.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\DRIVERS\AF05BDA.sys [2009-11-05 171328]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 usbet;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys [2010-04-29 182912]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-06-15 737016]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 06:18        1642448        ----a-w-        c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:51]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 08:25]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 08:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{163805D3-6748-4978-BC33-7C22BDF6E1DA}: NameServer = 0.0.0.0
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.2.104/codebase/DVM_IPCam2.ocx
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:29,eb,ac,24,36,4a,f3,1e,a2,68,10,a5,cf,57,41,bb,01,0f,c7,3d,92,
  ba,16,83,fc,af,f1,08,4f,8b,0e,99,cf,02,d7,f3,dc,a4,4a,5b,0f,ca,e3,cd,0a,16,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-24  09:18:27
ComboFix-quarantined-files.txt  2013-05-24 07:18
.
Vor Suchlauf: 10 Verzeichnis(se), 29.656.662.016 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 29.691.768.832 Bytes frei
.
- - End Of File - - 592B09DFF309A774F390B95F2766A99C

cosinus 24.05.2013 11:09
Bitte nochmal GMER probieren und dann MBAR ausführen

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.





Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

enca 24.05.2013 12:39
Gmer:

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-24 13:25:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fxldypob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                            fffff800031be000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                            fffff800031be02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Tunngle\TnglCtrl.exe[2496] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                  000000007701000c 1 byte [90]
.text    C:\Program Files (x86)\Tunngle\TnglCtrl.exe[2496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4116] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4988] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                        0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000076fd1465 2 bytes [FD, 76]
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000076fd14bb 2 bytes [FD, 76]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                            0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4800] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Windows\AsScrPro.exe[6240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000076fd1465 2 bytes [FD, 76]
.text    C:\Windows\AsScrPro.exe[6240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000076fd14bb 2 bytes [FD, 76]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[6252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076fd1465 2 bytes [FD, 76]
.text    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[6252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000076fd14bb 2 bytes [FD, 76]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[7444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                      0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[7444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076fd1465 2 bytes [FD, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[7444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000076fd14bb 2 bytes [FD, 76]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7708] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076fd1465 2 bytes [FD, 76]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076fd14bb 2 bytes [FD, 76]
.text    ...                                                                                                                                            * 2
.text    C:\Users\xxx\Desktop\gmer_2.1.19163.exe[2268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                  0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text    C:\Users\xxx\Desktop\gmer_2.1.19163.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076fd1465 2 bytes [FD, 76]
.text    C:\Users\xxx\Desktop\gmer_2.1.19163.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076fd14bb 2 bytes [FD, 76]
.text    ...                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [856:4372]                                                                                                    000007fef9722154
Thread    C:\Windows\system32\svchost.exe [1188:5332]                                                                                                    000007fef6885170
Thread    C:\Windows\system32\WLANExt.exe [1544:2204]                                                                                                    0000000001a78bc8
Thread    C:\Windows\system32\WLANExt.exe [1544:2384]                                                                                                    0000000001a78be4
Thread    C:\Windows\system32\WLANExt.exe [1544:2324]                                                                                                    0000000001a78bac
Thread    C:\Windows\System32\spoolsv.exe [1724:2168]                                                                                                    000007fef8c910c8
Thread    C:\Windows\System32\spoolsv.exe [1724:2176]                                                                                                    000007fef8c56144
Thread    C:\Windows\System32\spoolsv.exe [1724:2180]                                                                                                    000007fef8a45fd0
Thread    C:\Windows\System32\spoolsv.exe [1724:2184]                                                                                                    000007fef8a33438
Thread    C:\Windows\System32\spoolsv.exe [1724:2188]                                                                                                    000007fef8a463ec
Thread    C:\Windows\System32\spoolsv.exe [1724:2196]                                                                                                    000007fef8d25e5c
Thread    C:\Windows\system32\svchost.exe [1760:3508]                                                                                                    000007fef7f42940
Thread    C:\Windows\system32\svchost.exe [1760:3692]                                                                                                    000007fef71f2888
Thread    C:\Windows\system32\svchost.exe [1760:7856]                                                                                                    000007fef71f2a40

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5019cb                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                              10774
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5019cb (not active ControlSet)                                               

---- EOF - GMER 2.1 ----
Bei MB kam diese Meldung:

http://i16.photobucket.com/albums/b39/enca/mbar.jpg

cosinus 24.05.2013 13:03
Versuch mal auf nein zu klicken und normal weiterzumachen.
Wenn MBAR dann nicht scannen will, dann das Tool bitte neu starten und die Abfrage bejahen, Rechner neu starten und scannen lassenn.-

enca 24.05.2013 13:29
MB hat nichts gefunden:

Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [administrator]

24.05.2013 14:25:28
mbar-log-2013-05-24 (14-25-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28684
Time elapsed: 13 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 24.05.2013 14:40
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

enca 24.05.2013 15:37
Scan wurde abgebrochen mit folgender Meldung:

http://i16.photobucket.com/albums/b39/enca/Avast.jpg

Edit:
Vor einer Minute ist der PC dann auch noch abgestürtzt. Blauer Screen mit Aufforderung neu zu starten.

cosinus 24.05.2013 18:06
Lies doch mal den Hinweis unter der aswMBR Anleitung

enca 24.05.2013 18:28
Tut mir Leid, ich komm nicht drauf...
Welcher Hinweis?


Ich hab alle Programme und Antivirus-Programme geschlossen.
Dann habe ich aswMBR mit Rechtsklick - als Administrator ausführen - gestartet.
Scan geklickt.

Danach kam besagte Fehlermeldung und ich hab wie aufgefordert das Problem hier gepostet...

Edit: Ok, wer lesen kann ist klar im Vorteil...

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-24 19:32:20
-----------------------------
19:32:20.696    OS Version: Windows x64 6.1.7601 Service Pack 1
19:32:20.696    Number of processors: 4 586 0x2505
19:32:20.696    ComputerName: xxx  UserName: xxx
19:32:21.226    Initialize success
19:32:30.181    AVAST engine defs: 13052301
19:32:36.624    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:32:36.624    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
19:32:36.795    Disk 0 MBR read successfully
19:32:36.795    Disk 0 MBR scan
19:32:36.811    Disk 0 Windows 7 default MBR code
19:32:36.811    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63
19:32:36.827    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      119235 MB offset 40965752
19:32:36.842    Disk 0 Partition - 00    0F Extended LBA            337701 MB offset 285159424
19:32:36.873    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      337700 MB offset 285161472
19:32:37.029    Disk 0 scanning C:\Windows\system32\drivers
19:32:51.771    Service scanning
19:33:22.129    Modules scanning
19:33:22.129    Disk 0 trace - called modules:
19:33:22.691    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:33:22.691    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf1060]
19:33:22.706    3 CLASSPNP.SYS[fffff8800222043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004677050]
19:33:22.706    Scan finished successfully
19:34:04.503    Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
Code:
19:35:19.0386 6372  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:35:19.0573 6372  ============================================================
19:35:19.0573 6372  Current date / time: 2013/05/24 19:35:19.0573
19:35:19.0573 6372  SystemInfo:
19:35:19.0573 6372 
19:35:19.0573 6372  OS Version: 6.1.7601 ServicePack: 1.0
19:35:19.0573 6372  Product type: Workstation
19:35:19.0573 6372  ComputerName: xxx
19:35:19.0573 6372  UserName: xxx
19:35:19.0573 6372  Windows directory: C:\Windows
19:35:19.0573 6372  System windows directory: C:\Windows
19:35:19.0573 6372  Running under WOW64
19:35:19.0573 6372  Processor architecture: Intel x64
19:35:19.0573 6372  Number of processors: 4
19:35:19.0573 6372  Page size: 0x1000
19:35:19.0573 6372  Boot type: Normal boot
19:35:19.0573 6372  ============================================================
19:35:20.0135 6372  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:35:20.0135 6372  ============================================================
19:35:20.0135 6372  \Device\Harddisk0\DR0:
19:35:20.0135 6372  MBR partitions:
19:35:20.0135 6372  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711678, BlocksNum 0xE8E1800
19:35:20.0150 6372  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF3800, BlocksNum 0x29392000
19:35:20.0150 6372  ============================================================
19:35:20.0182 6372  C: <-> \Device\Harddisk0\DR0\Partition1
19:35:20.0213 6372  D: <-> \Device\Harddisk0\DR0\Partition2
19:35:20.0213 6372  ============================================================
19:35:20.0213 6372  Initialize success
19:35:20.0213 6372  ============================================================
19:36:35.0599 3892  ============================================================
19:36:35.0599 3892  Scan started
19:36:35.0599 3892  Mode: Manual; SigCheck; TDLFS;
19:36:35.0599 3892  ============================================================
19:36:36.0426 3892  ================ Scan system memory ========================
19:36:36.0426 3892  System memory - ok
19:36:36.0426 3892  ================ Scan services =============================
19:36:36.0644 3892  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:36:36.0753 3892  1394ohci - ok
19:36:36.0831 3892  [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
19:36:36.0863 3892  acedrv11 - ok
19:36:36.0909 3892  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:36:36.0941 3892  ACPI - ok
19:36:36.0972 3892  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:36:37.0003 3892  AcpiPmi - ok
19:36:37.0112 3892  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:37.0128 3892  AdobeARMservice - ok
19:36:37.0284 3892  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:37.0299 3892  AdobeFlashPlayerUpdateSvc - ok
19:36:37.0362 3892  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:37.0393 3892  adp94xx - ok
19:36:37.0424 3892  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:36:37.0455 3892  adpahci - ok
19:36:37.0471 3892  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:36:37.0487 3892  adpu320 - ok
19:36:37.0518 3892  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:36:37.0580 3892  AeLookupSvc - ok
19:36:37.0627 3892  [ 5FAB00F6BB473A0B8247ED3BE9E7A243 ] AF05BDA        C:\Windows\system32\DRIVERS\AF05BDA.sys
19:36:37.0643 3892  AF05BDA - ok
19:36:37.0689 3892  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent        C:\Windows\system32\FBAgent.exe
19:36:37.0705 3892  AFBAgent - ok
19:36:37.0767 3892  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:36:37.0814 3892  AFD - ok
19:36:37.0845 3892  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:36:37.0845 3892  agp440 - ok
19:36:37.0892 3892  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:36:37.0923 3892  ALG - ok
19:36:37.0955 3892  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:36:37.0970 3892  aliide - ok
19:36:37.0970 3892  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:36:37.0986 3892  amdide - ok
19:36:38.0033 3892  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:36:38.0064 3892  AmdK8 - ok
19:36:38.0079 3892  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:36:38.0126 3892  AmdPPM - ok
19:36:38.0142 3892  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:36:38.0157 3892  amdsata - ok
19:36:38.0189 3892  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:38.0204 3892  amdsbs - ok
19:36:38.0220 3892  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:36:38.0235 3892  amdxata - ok
19:36:38.0298 3892  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
19:36:38.0329 3892  AmUStor - ok
19:36:38.0360 3892  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:36:38.0407 3892  AppID - ok
19:36:38.0438 3892  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:36:38.0485 3892  AppIDSvc - ok
19:36:38.0516 3892  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
19:36:38.0532 3892  Appinfo - ok
19:36:38.0594 3892  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:36:38.0610 3892  arc - ok
19:36:38.0610 3892  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:36:38.0625 3892  arcsas - ok
19:36:38.0703 3892  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:36:38.0735 3892  ASLDRService - ok
19:36:38.0750 3892  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:36:38.0766 3892  ASMMAP64 - ok
19:36:38.0781 3892  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:38.0844 3892  AsyncMac - ok
19:36:38.0891 3892  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:36:38.0906 3892  atapi - ok
19:36:38.0969 3892  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:36:39.0031 3892  athr - ok
19:36:39.0047 3892  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:36:39.0062 3892  ATKGFNEXSrv - ok
19:36:39.0109 3892  [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
19:36:39.0125 3892  atksgt - ok
19:36:39.0171 3892  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:39.0265 3892  AudioEndpointBuilder - ok
19:36:39.0312 3892  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:36:39.0359 3892  AudioSrv - ok
19:36:39.0437 3892  [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP            C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
19:36:39.0468 3892  AVP - ok
19:36:39.0499 3892  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:36:39.0593 3892  AxInstSV - ok
19:36:39.0624 3892  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
19:36:39.0671 3892  b06bdrv - ok
19:36:39.0702 3892  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:36:39.0733 3892  b57nd60a - ok
19:36:39.0780 3892  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:36:39.0842 3892  BDESVC - ok
19:36:39.0873 3892  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:36:39.0951 3892  Beep - ok
19:36:40.0029 3892  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:36:40.0123 3892  BFE - ok
19:36:40.0154 3892  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
19:36:40.0232 3892  BITS - ok
19:36:40.0279 3892  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:40.0326 3892  blbdrive - ok
19:36:40.0341 3892  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:36:40.0373 3892  bowser - ok
19:36:40.0404 3892  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:40.0435 3892  BrFiltLo - ok
19:36:40.0466 3892  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:40.0497 3892  BrFiltUp - ok
19:36:40.0544 3892  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:36:40.0575 3892  BridgeMP - ok
19:36:40.0607 3892  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:36:40.0653 3892  Browser - ok
19:36:40.0685 3892  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:36:40.0747 3892  Brserid - ok
19:36:40.0763 3892  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:40.0794 3892  BrSerWdm - ok
19:36:40.0809 3892  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:40.0841 3892  BrUsbMdm - ok
19:36:40.0856 3892  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:40.0872 3892  BrUsbSer - ok
19:36:40.0934 3892  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
19:36:41.0075 3892  BthEnum - ok
19:36:41.0090 3892  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:41.0106 3892  BTHMODEM - ok
19:36:41.0153 3892  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:36:41.0184 3892  BthPan - ok
19:36:41.0246 3892  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
19:36:41.0293 3892  BTHPORT - ok
19:36:41.0324 3892  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:36:41.0387 3892  bthserv - ok
19:36:41.0449 3892  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:36:41.0480 3892  BTHUSB - ok
19:36:41.0527 3892  catchme - ok
19:36:41.0574 3892  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:36:41.0636 3892  cdfs - ok
19:36:41.0667 3892  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:36:41.0714 3892  cdrom - ok
19:36:41.0777 3892  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:36:41.0839 3892  CertPropSvc - ok
19:36:41.0870 3892  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:36:41.0901 3892  circlass - ok
19:36:41.0933 3892  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:36:41.0964 3892  CLFS - ok
19:36:42.0011 3892  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:42.0026 3892  clr_optimization_v2.0.50727_32 - ok
19:36:42.0104 3892  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:36:42.0120 3892  clr_optimization_v2.0.50727_64 - ok
19:36:42.0182 3892  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:42.0213 3892  clr_optimization_v4.0.30319_32 - ok
19:36:42.0229 3892  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:36:42.0245 3892  clr_optimization_v4.0.30319_64 - ok
19:36:42.0291 3892  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:42.0323 3892  CmBatt - ok
19:36:42.0354 3892  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:36:42.0369 3892  cmdide - ok
19:36:42.0401 3892  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
19:36:42.0432 3892  CNG - ok
19:36:42.0525 3892  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:36:42.0541 3892  Compbatt - ok
19:36:42.0572 3892  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:36:42.0603 3892  CompositeBus - ok
19:36:42.0619 3892  COMSysApp - ok
19:36:42.0635 3892  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:42.0635 3892  crcdisk - ok
19:36:42.0681 3892  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:36:42.0728 3892  CryptSvc - ok
19:36:42.0775 3892  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:36:42.0853 3892  DcomLaunch - ok
19:36:42.0900 3892  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:36:42.0947 3892  defragsvc - ok
19:36:42.0978 3892  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:36:43.0025 3892  DfsC - ok
19:36:43.0056 3892  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp        C:\Windows\system32\Drivers\DgiVecp.sys
19:36:43.0071 3892  DgiVecp - ok
19:36:43.0103 3892  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:36:43.0149 3892  Dhcp - ok
19:36:43.0196 3892  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:36:43.0243 3892  discache - ok
19:36:43.0274 3892  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:36:43.0274 3892  Disk - ok
19:36:43.0305 3892  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:36:43.0337 3892  Dnscache - ok
19:36:43.0368 3892  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:36:43.0430 3892  dot3svc - ok
19:36:43.0477 3892  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:36:43.0508 3892  Dot4 - ok
19:36:43.0555 3892  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print      C:\Windows\system32\drivers\Dot4Prt.sys
19:36:43.0586 3892  Dot4Print - ok
19:36:43.0617 3892  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
19:36:43.0649 3892  dot4usb - ok
19:36:43.0680 3892  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:36:43.0742 3892  DPS - ok
19:36:43.0773 3892  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:36:43.0805 3892  drmkaud - ok
19:36:43.0836 3892  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:36:43.0898 3892  DXGKrnl - ok
19:36:43.0929 3892  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:36:44.0007 3892  EapHost - ok
19:36:44.0101 3892  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
19:36:44.0226 3892  ebdrv - ok
19:36:44.0257 3892  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:36:44.0288 3892  EFS - ok
19:36:44.0366 3892  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:36:44.0444 3892  ehRecvr - ok
19:36:44.0475 3892  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
19:36:44.0522 3892  ehSched - ok
19:36:44.0585 3892  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:36:44.0616 3892  elxstor - ok
19:36:44.0631 3892  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:36:44.0663 3892  ErrDev - ok
19:36:44.0694 3892  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
19:36:44.0725 3892  ETD - ok
19:36:44.0772 3892  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:36:44.0850 3892  EventSystem - ok
19:36:44.0959 3892  [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:36:44.0990 3892  EvtEng - ok
19:36:45.0021 3892  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:36:45.0099 3892  exfat - ok
19:36:45.0131 3892  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:36:45.0193 3892  fastfat - ok
19:36:45.0240 3892  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:36:45.0287 3892  Fax - ok
19:36:45.0302 3892  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:36:45.0349 3892  fdc - ok
19:36:45.0380 3892  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:36:45.0443 3892  fdPHost - ok
19:36:45.0458 3892  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:36:45.0536 3892  FDResPub - ok
19:36:45.0567 3892  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:36:45.0599 3892  FileInfo - ok
19:36:45.0599 3892  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:36:45.0661 3892  Filetrace - ok
19:36:45.0692 3892  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:45.0723 3892  flpydisk - ok
19:36:45.0739 3892  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:36:45.0755 3892  FltMgr - ok
19:36:45.0833 3892  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\Windows\system32\FntCache.dll
19:36:45.0895 3892  FontCache - ok
19:36:45.0957 3892  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:45.0973 3892  FontCache3.0.0.0 - ok
19:36:46.0004 3892  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:36:46.0020 3892  FsDepends - ok
19:36:46.0051 3892  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
19:36:46.0082 3892  fssfltr - ok
19:36:46.0145 3892  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:36:46.0207 3892  fsssvc - ok
19:36:46.0223 3892  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:36:46.0223 3892  Fs_Rec - ok
19:36:46.0269 3892  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:36:46.0301 3892  fvevol - ok
19:36:46.0363 3892  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:46.0379 3892  gagp30kx - ok
19:36:46.0425 3892  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:36:46.0519 3892  gpsvc - ok
19:36:46.0597 3892  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:46.0613 3892  gupdate - ok
19:36:46.0659 3892  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:46.0675 3892  gupdatem - ok
19:36:46.0706 3892  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:36:46.0769 3892  hcw85cir - ok
19:36:46.0800 3892  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:46.0847 3892  HdAudAddService - ok
19:36:46.0862 3892  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:36:46.0909 3892  HDAudBus - ok
19:36:46.0940 3892  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
19:36:46.0956 3892  HECIx64 - ok
19:36:46.0971 3892  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:46.0987 3892  HidBatt - ok
19:36:47.0003 3892  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:36:47.0018 3892  HidBth - ok
19:36:47.0049 3892  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:36:47.0065 3892  HidIr - ok
19:36:47.0096 3892  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\System32\hidserv.dll
19:36:47.0127 3892  hidserv - ok
19:36:47.0174 3892  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:36:47.0205 3892  HidUsb - ok
19:36:47.0221 3892  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:36:47.0315 3892  hkmsvc - ok
19:36:47.0330 3892  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:36:47.0393 3892  HomeGroupListener - ok
19:36:47.0408 3892  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:36:47.0439 3892  HomeGroupProvider - ok
19:36:47.0533 3892  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:36:47.0564 3892  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:36:47.0564 3892  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:36:47.0595 3892  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:36:47.0595 3892  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:36:47.0595 3892  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:36:47.0627 3892  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:36:47.0642 3892  HpSAMD - ok
19:36:47.0689 3892  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:36:47.0783 3892  HTTP - ok
19:36:47.0845 3892  [ C8F3119AD72A507D12EF389DF4C266EF ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:36:47.0907 3892  hwdatacard - ok
19:36:47.0939 3892  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:36:47.0954 3892  hwpolicy - ok
19:36:47.0985 3892  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:36:48.0001 3892  i8042prt - ok
19:36:48.0032 3892  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:36:48.0048 3892  iaStor - ok
19:36:48.0079 3892  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:36:48.0095 3892  iaStorV - ok
19:36:48.0188 3892  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:48.0204 3892  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:36:48.0204 3892  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:36:48.0251 3892  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:36:48.0313 3892  idsvc - ok
19:36:48.0531 3892  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:36:48.0812 3892  igfx - ok
19:36:48.0843 3892  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:36:48.0843 3892  iirsp - ok
19:36:48.0890 3892  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:36:48.0968 3892  IKEEXT - ok
19:36:49.0031 3892  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
19:36:49.0062 3892  Impcd - ok
19:36:49.0171 3892  [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:36:49.0265 3892  IntcAzAudAddService - ok
19:36:49.0296 3892  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:36:49.0327 3892  IntcDAud - ok
19:36:49.0358 3892  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:36:49.0374 3892  intelide - ok
19:36:49.0405 3892  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:36:49.0436 3892  intelppm - ok
19:36:49.0467 3892  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:36:49.0530 3892  IPBusEnum - ok
19:36:49.0561 3892  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:49.0623 3892  IpFilterDriver - ok
19:36:49.0670 3892  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:36:49.0717 3892  iphlpsvc - ok
19:36:49.0733 3892  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:36:49.0764 3892  IPMIDRV - ok
19:36:49.0795 3892  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:36:49.0826 3892  IPNAT - ok
19:36:49.0857 3892  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:36:49.0904 3892  IRENUM - ok
19:36:49.0935 3892  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:36:49.0935 3892  isapnp - ok
19:36:49.0967 3892  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:36:49.0982 3892  iScsiPrt - ok
19:36:49.0998 3892  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:36:50.0013 3892  kbdclass - ok
19:36:50.0045 3892  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:36:50.0060 3892  kbdhid - ok
19:36:50.0091 3892  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr        C:\Windows\system32\DRIVERS\kbfiltr.sys
19:36:50.0107 3892  kbfiltr - ok
19:36:50.0123 3892  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:36:50.0123 3892  KeyIso - ok
19:36:50.0201 3892  [ E656FE10D6D27794AFA08136685A69E8 ] KL1            C:\Windows\system32\DRIVERS\kl1.sys
19:36:50.0232 3892  KL1 - ok
19:36:50.0232 3892  [ D865DD8B0448E3F963D68C04C532858F ] kl2            C:\Windows\system32\DRIVERS\kl2.sys
19:36:50.0247 3892  kl2 - ok
19:36:50.0310 3892  [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
19:36:50.0341 3892  KLIF - ok
19:36:50.0388 3892  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6          C:\Windows\system32\DRIVERS\klim6.sys
19:36:50.0403 3892  KLIM6 - ok
19:36:50.0419 3892  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
19:36:50.0435 3892  klmouflt - ok
19:36:50.0450 3892  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:36:50.0466 3892  KSecDD - ok
19:36:50.0497 3892  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:36:50.0513 3892  KSecPkg - ok
19:36:50.0544 3892  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:36:50.0606 3892  ksthunk - ok
19:36:50.0637 3892  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:36:50.0684 3892  KtmRm - ok
19:36:50.0715 3892  [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
19:36:50.0747 3892  L1C - ok
19:36:50.0793 3892  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:36:50.0840 3892  LanmanServer - ok
19:36:50.0856 3892  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:50.0918 3892  LanmanWorkstation - ok
19:36:50.0965 3892  [ 955982BF4421B77722196552B62E8DC2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
19:36:50.0981 3892  lirsgt - ok
19:36:50.0996 3892  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:36:51.0043 3892  lltdio - ok
19:36:51.0074 3892  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:36:51.0121 3892  lltdsvc - ok
19:36:51.0137 3892  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:36:51.0199 3892  lmhosts - ok
19:36:51.0277 3892  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:36:51.0293 3892  LMS ( UnsignedFile.Multi.Generic ) - warning
19:36:51.0293 3892  LMS - detected UnsignedFile.Multi.Generic (1)
19:36:51.0339 3892  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:51.0355 3892  LSI_FC - ok
19:36:51.0371 3892  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:51.0386 3892  LSI_SAS - ok
19:36:51.0402 3892  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:51.0417 3892  LSI_SAS2 - ok
19:36:51.0433 3892  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:51.0449 3892  LSI_SCSI - ok
19:36:51.0464 3892  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:36:51.0527 3892  luafv - ok
19:36:51.0558 3892  lullaby - ok
19:36:51.0589 3892  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:36:51.0620 3892  Mcx2Svc - ok
19:36:51.0636 3892  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:36:51.0651 3892  megasas - ok
19:36:51.0683 3892  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:51.0714 3892  MegaSR - ok
19:36:51.0745 3892  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:36:51.0823 3892  MMCSS - ok
19:36:51.0839 3892  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:36:51.0901 3892  Modem - ok
19:36:51.0932 3892  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:36:51.0979 3892  monitor - ok
19:36:52.0010 3892  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:36:52.0041 3892  mouclass - ok
19:36:52.0073 3892  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:36:52.0088 3892  mouhid - ok
19:36:52.0119 3892  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:36:52.0135 3892  mountmgr - ok
19:36:52.0166 3892  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:36:52.0197 3892  mpio - ok
19:36:52.0213 3892  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:36:52.0275 3892  mpsdrv - ok
19:36:52.0322 3892  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:36:52.0400 3892  MpsSvc - ok
19:36:52.0431 3892  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:36:52.0478 3892  MRxDAV - ok
19:36:52.0494 3892  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:52.0525 3892  mrxsmb - ok
19:36:52.0556 3892  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:52.0587 3892  mrxsmb10 - ok
19:36:52.0603 3892  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:52.0619 3892  mrxsmb20 - ok
19:36:52.0650 3892  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:36:52.0665 3892  msahci - ok
19:36:52.0697 3892  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:36:52.0712 3892  msdsm - ok
19:36:52.0728 3892  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:36:52.0775 3892  MSDTC - ok
19:36:52.0821 3892  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:36:52.0884 3892  Msfs - ok
19:36:52.0931 3892  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:36:53.0009 3892  mshidkmdf - ok
19:36:53.0024 3892  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:36:53.0040 3892  msisadrv - ok
19:36:53.0071 3892  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:36:53.0118 3892  MSiSCSI - ok
19:36:53.0118 3892  msiserver - ok
19:36:53.0149 3892  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:36:53.0196 3892  MSKSSRV - ok
19:36:53.0211 3892  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:53.0258 3892  MSPCLOCK - ok
19:36:53.0274 3892  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:36:53.0321 3892  MSPQM - ok
19:36:53.0352 3892  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:36:53.0367 3892  MsRPC - ok
19:36:53.0399 3892  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:36:53.0414 3892  mssmbios - ok
19:36:53.0445 3892  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:36:53.0492 3892  MSTEE - ok
19:36:53.0508 3892  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:53.0523 3892  MTConfig - ok
19:36:53.0539 3892  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:36:53.0555 3892  MTsensor - ok
19:36:53.0570 3892  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:36:53.0586 3892  Mup - ok
19:36:53.0601 3892  [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS  C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:36:53.0633 3892  MyWiFiDHCPDNS - ok
19:36:53.0664 3892  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:36:53.0711 3892  napagent - ok
19:36:53.0757 3892  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:36:53.0789 3892  NativeWifiP - ok
19:36:53.0835 3892  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:36:53.0898 3892  NDIS - ok
19:36:53.0913 3892  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:53.0960 3892  NdisCap - ok
19:36:53.0991 3892  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:54.0038 3892  NdisTapi - ok
19:36:54.0054 3892  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:54.0116 3892  Ndisuio - ok
19:36:54.0147 3892  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:54.0194 3892  NdisWan - ok
19:36:54.0225 3892  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:36:54.0257 3892  NDProxy - ok
19:36:54.0319 3892  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:36:54.0335 3892  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:36:54.0335 3892  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:36:54.0366 3892  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:36:54.0428 3892  NetBIOS - ok
19:36:54.0459 3892  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:36:54.0506 3892  NetBT - ok
19:36:54.0522 3892  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:36:54.0537 3892  Netlogon - ok
19:36:54.0553 3892  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:36:54.0615 3892  Netman - ok
19:36:54.0631 3892  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:36:54.0693 3892  netprofm - ok
19:36:54.0709 3892  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:54.0740 3892  NetTcpPortSharing - ok
19:36:54.0912 3892  [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
19:36:55.0130 3892  NETw5s64 - ok
19:36:55.0177 3892  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:55.0193 3892  nfrd960 - ok
19:36:55.0224 3892  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:36:55.0255 3892  NlaSvc - ok
19:36:55.0271 3892  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:36:55.0317 3892  Npfs - ok
19:36:55.0333 3892  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:36:55.0380 3892  nsi - ok
19:36:55.0395 3892  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:36:55.0473 3892  nsiproxy - ok
19:36:55.0520 3892  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:36:55.0583 3892  Ntfs - ok
19:36:55.0614 3892  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:36:55.0676 3892  Null - ok
19:36:55.0707 3892  [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:36:55.0723 3892  nusb3hub - ok
19:36:55.0754 3892  [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:36:55.0785 3892  nusb3xhc - ok
19:36:56.0051 3892  [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:56.0409 3892  nvlddmkm - ok
19:36:56.0456 3892  [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:36:56.0456 3892  nvpciflt - ok
19:36:56.0487 3892  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:36:56.0503 3892  nvraid - ok
19:36:56.0534 3892  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:36:56.0550 3892  nvstor - ok
19:36:56.0612 3892  [ E04FCE1D149CF05C3449E3171F9C3E41 ] nvsvc          C:\Windows\system32\nvvsvc.exe
19:36:56.0643 3892  nvsvc - ok
19:36:56.0737 3892  [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:36:56.0784 3892  nvUpdatusService - ok
19:36:56.0815 3892  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:36:56.0831 3892  nv_agp - ok
19:36:56.0862 3892  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:36:56.0877 3892  ohci1394 - ok
19:36:56.0955 3892  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:56.0971 3892  ose - ok
19:36:57.0158 3892  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:57.0236 3892  osppsvc - ok
19:36:57.0267 3892  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:36:57.0330 3892  p2pimsvc - ok
19:36:57.0345 3892  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:36:57.0377 3892  p2psvc - ok
19:36:57.0408 3892  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:36:57.0423 3892  Parport - ok
19:36:57.0455 3892  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:36:57.0470 3892  partmgr - ok
19:36:57.0501 3892  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:36:57.0533 3892  PcaSvc - ok
19:36:57.0548 3892  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:36:57.0564 3892  pci - ok
19:36:57.0579 3892  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:36:57.0595 3892  pciide - ok
19:36:57.0611 3892  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:57.0626 3892  pcmcia - ok
19:36:57.0642 3892  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:36:57.0657 3892  pcw - ok
19:36:57.0689 3892  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:36:57.0735 3892  PEAUTH - ok
19:36:57.0829 3892  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:36:57.0876 3892  PerfHost - ok
19:36:57.0938 3892  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:36:58.0032 3892  pla - ok
19:36:58.0079 3892  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:36:58.0110 3892  PlugPlay - ok
19:36:58.0141 3892  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:36:58.0157 3892  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:36:58.0172 3892  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:36:58.0188 3892  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:36:58.0219 3892  PNRPAutoReg - ok
19:36:58.0235 3892  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:36:58.0250 3892  PNRPsvc - ok
19:36:58.0281 3892  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:36:58.0344 3892  PolicyAgent - ok
19:36:58.0375 3892  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:36:58.0437 3892  Power - ok
19:36:58.0469 3892  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:36:58.0515 3892  PptpMiniport - ok
19:36:58.0547 3892  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:36:58.0562 3892  Processor - ok
19:36:58.0593 3892  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc        C:\Windows\system32\profsvc.dll
19:36:58.0640 3892  ProfSvc - ok
19:36:58.0656 3892  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:36:58.0671 3892  ProtectedStorage - ok
19:36:58.0703 3892  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:36:58.0765 3892  Psched - ok
19:36:58.0827 3892  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:36:58.0890 3892  ql2300 - ok
19:36:58.0921 3892  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:58.0937 3892  ql40xx - ok
19:36:58.0952 3892  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:36:58.0983 3892  QWAVE - ok
19:36:58.0983 3892  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:36:59.0015 3892  QWAVEdrv - ok
19:36:59.0030 3892  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:36:59.0061 3892  RasAcd - ok
19:36:59.0108 3892  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:59.0171 3892  RasAgileVpn - ok
19:36:59.0202 3892  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:36:59.0249 3892  RasAuto - ok
19:36:59.0280 3892  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:59.0311 3892  Rasl2tp - ok
19:36:59.0358 3892  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:36:59.0436 3892  RasMan - ok
19:36:59.0467 3892  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:59.0514 3892  RasPppoe - ok
19:36:59.0529 3892  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:36:59.0576 3892  RasSstp - ok
19:36:59.0607 3892  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:36:59.0670 3892  rdbss - ok
19:36:59.0685 3892  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:59.0701 3892  rdpbus - ok
19:36:59.0732 3892  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:59.0779 3892  RDPCDD - ok
19:36:59.0779 3892  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:36:59.0826 3892  RDPENCDD - ok
19:36:59.0841 3892  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:36:59.0873 3892  RDPREFMP - ok
19:36:59.0904 3892  [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:36:59.0919 3892  RDPWD - ok
19:36:59.0935 3892  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:36:59.0951 3892  rdyboost - ok
19:37:00.0013 3892  [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:37:00.0044 3892  RegSrvc - ok
19:37:00.0075 3892  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:37:00.0169 3892  RemoteAccess - ok
19:37:00.0185 3892  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:37:00.0231 3892  RemoteRegistry - ok
19:37:00.0278 3892  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:37:00.0309 3892  RFCOMM - ok
19:37:00.0356 3892  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:37:00.0372 3892  RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:37:00.0372 3892  RichVideo - detected UnsignedFile.Multi.Generic (1)
19:37:00.0403 3892  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:37:00.0450 3892  RpcEptMapper - ok
19:37:00.0481 3892  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:37:00.0497 3892  RpcLocator - ok
19:37:00.0528 3892  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:37:00.0575 3892  RpcSs - ok
19:37:00.0606 3892  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:37:00.0653 3892  rspndr - ok
19:37:00.0653 3892  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:37:00.0668 3892  SamSs - ok
19:37:00.0699 3892  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:37:00.0699 3892  sbp2port - ok
19:37:00.0731 3892  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:37:00.0793 3892  SCardSvr - ok
19:37:00.0824 3892  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:37:00.0871 3892  scfilter - ok
19:37:00.0902 3892  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:37:00.0980 3892  Schedule - ok
19:37:01.0027 3892  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:37:01.0089 3892  SCPolicySvc - ok
19:37:01.0121 3892  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:37:01.0152 3892  SDRSVC - ok
19:37:01.0230 3892  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:37:01.0277 3892  SDScannerService - ok
19:37:01.0323 3892  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:37:01.0355 3892  SDUpdateService - ok
19:37:01.0386 3892  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:37:01.0401 3892  SDWSCService - ok
19:37:01.0417 3892  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:37:01.0448 3892  secdrv - ok
19:37:01.0479 3892  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:37:01.0526 3892  seclogon - ok
19:37:01.0557 3892  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
19:37:01.0604 3892  SENS - ok
19:37:01.0620 3892  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:37:01.0635 3892  SensrSvc - ok
19:37:01.0651 3892  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:37:01.0682 3892  Serenum - ok
19:37:01.0729 3892  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:37:01.0760 3892  Serial - ok
19:37:01.0791 3892  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:37:01.0823 3892  sermouse - ok
19:37:01.0854 3892  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:37:01.0901 3892  SessionEnv - ok
19:37:01.0932 3892  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:37:01.0947 3892  sffdisk - ok
19:37:01.0963 3892  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:37:01.0994 3892  sffp_mmc - ok
19:37:02.0010 3892  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:37:02.0041 3892  sffp_sd - ok
19:37:02.0072 3892  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:37:02.0119 3892  sfloppy - ok
19:37:02.0150 3892  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:37:02.0228 3892  SharedAccess - ok
19:37:02.0275 3892  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:37:02.0322 3892  ShellHWDetection - ok
19:37:02.0337 3892  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
19:37:02.0353 3892  SiSGbeLH - ok
19:37:02.0369 3892  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:37:02.0384 3892  SiSRaid2 - ok
19:37:02.0415 3892  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:37:02.0415 3892  SiSRaid4 - ok
19:37:02.0493 3892  [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
19:37:02.0509 3892  SkypeUpdate - ok
19:37:02.0525 3892  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:37:02.0571 3892  Smb - ok
19:37:02.0603 3892  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:37:02.0634 3892  SNMPTRAP - ok
19:37:02.0696 3892  [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC        C:\Windows\system32\DRIVERS\snp2uvc.sys
19:37:02.0805 3892  SNP2UVC - ok
19:37:02.0821 3892  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:37:02.0837 3892  spldr - ok
19:37:02.0868 3892  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:37:02.0899 3892  Spooler - ok
19:37:03.0008 3892  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:37:03.0071 3892  sppsvc - ok
19:37:03.0102 3892  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:37:03.0164 3892  sppuinotify - ok
19:37:03.0195 3892  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:37:03.0211 3892  srv - ok
19:37:03.0227 3892  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:37:03.0258 3892  srv2 - ok
19:37:03.0273 3892  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:37:03.0305 3892  srvnet - ok
19:37:03.0336 3892  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:37:03.0398 3892  SSDPSRV - ok
19:37:03.0445 3892  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
19:37:03.0461 3892  SSPORT - ok
19:37:03.0476 3892  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:37:03.0523 3892  SstpSvc - ok
19:37:03.0554 3892  Steam Client Service - ok
19:37:03.0601 3892  [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:37:03.0617 3892  Stereo Service - ok
19:37:03.0648 3892  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:37:03.0663 3892  stexstor - ok
19:37:03.0710 3892  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:37:03.0741 3892  stisvc - ok
19:37:03.0773 3892  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:37:03.0788 3892  swenum - ok
19:37:03.0819 3892  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:37:03.0866 3892  swprv - ok
19:37:03.0929 3892  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:37:04.0022 3892  SysMain - ok
19:37:04.0038 3892  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:37:04.0053 3892  TabletInputService - ok
19:37:04.0085 3892  [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
19:37:04.0116 3892  tap0901t ( UnsignedFile.Multi.Generic ) - warning
19:37:04.0116 3892  tap0901t - detected UnsignedFile.Multi.Generic (1)
19:37:04.0131 3892  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:37:04.0209 3892  TapiSrv - ok
19:37:04.0241 3892  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:37:04.0303 3892  TBS - ok
19:37:04.0365 3892  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:37:04.0443 3892  Tcpip - ok
19:37:04.0490 3892  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:37:04.0537 3892  TCPIP6 - ok
19:37:04.0568 3892  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:37:04.0584 3892  tcpipreg - ok
19:37:04.0631 3892  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:37:04.0646 3892  TDPIPE - ok
19:37:04.0662 3892  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:37:04.0693 3892  TDTCP - ok
19:37:04.0724 3892  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:37:04.0787 3892  tdx - ok
19:37:04.0833 3892  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:37:04.0849 3892  TermDD - ok
19:37:04.0880 3892  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:37:04.0943 3892  TermService - ok
19:37:04.0974 3892  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:37:04.0989 3892  Themes - ok
19:37:05.0021 3892  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:37:05.0067 3892  THREADORDER - ok
19:37:05.0083 3892  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:37:05.0130 3892  TrkWks - ok
19:37:05.0192 3892  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:37:05.0255 3892  TrustedInstaller - ok
19:37:05.0270 3892  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:05.0333 3892  tssecsrv - ok
19:37:05.0395 3892  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:37:05.0426 3892  TsUsbFlt - ok
19:37:05.0473 3892  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:37:05.0520 3892  tunnel - ok
19:37:05.0598 3892  [ E7DE48979E275AB5E3E3B2489F9C5176 ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
19:37:05.0629 3892  TunngleService ( UnsignedFile.Multi.Generic ) - warning
19:37:05.0629 3892  TunngleService - detected UnsignedFile.Multi.Generic (1)
19:37:05.0660 3892  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
19:37:05.0676 3892  TurboB - ok
19:37:05.0707 3892  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:37:05.0723 3892  TurboBoost - ok
19:37:05.0754 3892  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:37:05.0785 3892  uagp35 - ok
19:37:05.0816 3892  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:37:05.0879 3892  udfs - ok
19:37:05.0910 3892  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:37:05.0941 3892  UI0Detect - ok
19:37:05.0972 3892  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:37:05.0988 3892  uliagpkx - ok
19:37:06.0003 3892  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
19:37:06.0035 3892  umbus - ok
19:37:06.0066 3892  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:37:06.0097 3892  UmPass - ok
19:37:06.0191 3892  [ 41118D920B2B268C0ADC36421248CDCF ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:37:06.0253 3892  UNS ( UnsignedFile.Multi.Generic ) - warning
19:37:06.0253 3892  UNS - detected UnsignedFile.Multi.Generic (1)
19:37:06.0284 3892  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:37:06.0331 3892  upnphost - ok
19:37:06.0362 3892  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:06.0362 3892  usbccgp - ok
19:37:06.0393 3892  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:37:06.0440 3892  usbcir - ok
19:37:06.0471 3892  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
19:37:06.0487 3892  usbehci - ok
19:37:06.0534 3892  [ AACB7661C3137DC069CB7FD9EAB1062E ] usbet          C:\Windows\system32\DRIVERS\ETdrv.sys
19:37:06.0565 3892  usbet - ok
19:37:06.0612 3892  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:37:06.0643 3892  usbhub - ok
19:37:06.0674 3892  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
19:37:06.0674 3892  usbohci - ok
19:37:06.0721 3892  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:37:06.0752 3892  usbprint - ok
19:37:06.0815 3892  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
19:37:06.0846 3892  usbscan - ok
19:37:06.0877 3892  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:06.0908 3892  USBSTOR - ok
19:37:06.0924 3892  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
19:37:06.0939 3892  usbuhci - ok
19:37:06.0986 3892  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:37:07.0017 3892  usbvideo - ok
19:37:07.0049 3892  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:37:07.0127 3892  UxSms - ok
19:37:07.0127 3892  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:37:07.0142 3892  VaultSvc - ok
19:37:07.0158 3892  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:37:07.0173 3892  vdrvroot - ok
19:37:07.0205 3892  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:37:07.0298 3892  vds - ok
19:37:07.0329 3892  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:07.0345 3892  vga - ok
19:37:07.0361 3892  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:37:07.0407 3892  VgaSave - ok
19:37:07.0439 3892  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:37:07.0454 3892  vhdmp - ok
19:37:07.0470 3892  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:37:07.0485 3892  viaide - ok
19:37:07.0501 3892  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:37:07.0517 3892  volmgr - ok
19:37:07.0548 3892  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:37:07.0563 3892  volmgrx - ok
19:37:07.0579 3892  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:37:07.0610 3892  volsnap - ok
19:37:07.0673 3892  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:37:07.0688 3892  vsmraid - ok
19:37:07.0735 3892  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:37:07.0860 3892  VSS - ok
19:37:07.0891 3892  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:37:07.0907 3892  vwifibus - ok
19:37:07.0907 3892  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:37:07.0938 3892  vwififlt - ok
19:37:07.0969 3892  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
19:37:08.0000 3892  vwifimp - ok
19:37:08.0063 3892  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:37:08.0141 3892  W32Time - ok
19:37:08.0172 3892  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:37:08.0203 3892  WacomPen - ok
19:37:08.0219 3892  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:37:08.0265 3892  WANARP - ok
19:37:08.0265 3892  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:37:08.0312 3892  Wanarpv6 - ok
19:37:08.0375 3892  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
19:37:08.0437 3892  WatAdminSvc - ok
19:37:08.0484 3892  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:37:08.0577 3892  wbengine - ok
19:37:08.0609 3892  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:37:08.0624 3892  WbioSrvc - ok
19:37:08.0655 3892  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:37:08.0687 3892  wcncsvc - ok
19:37:08.0718 3892  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:37:08.0749 3892  WcsPlugInService - ok
19:37:08.0765 3892  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:37:08.0780 3892  Wd - ok
19:37:08.0811 3892  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:37:08.0843 3892  Wdf01000 - ok
19:37:08.0858 3892  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:37:08.0921 3892  WdiServiceHost - ok
19:37:08.0921 3892  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:37:08.0952 3892  WdiSystemHost - ok
19:37:08.0967 3892  [ 5B34E5938B9E76798977725E3F7847C4 ] wdkmd          C:\Windows\system32\DRIVERS\WDKMD.sys
19:37:08.0983 3892  wdkmd - ok
19:37:09.0014 3892  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:37:09.0045 3892  WebClient - ok
19:37:09.0077 3892  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:37:09.0108 3892  Wecsvc - ok
19:37:09.0123 3892  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:37:09.0201 3892  wercplsupport - ok
19:37:09.0217 3892  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:37:09.0264 3892  WerSvc - ok
19:37:09.0295 3892  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:09.0326 3892  WfpLwf - ok
19:37:09.0373 3892  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr        C:\Windows\system32\DRIVERS\wimfltr.sys
19:37:09.0389 3892  WimFltr - ok
19:37:09.0404 3892  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:37:09.0420 3892  WIMMount - ok
19:37:09.0435 3892  WinDefend - ok
19:37:09.0435 3892  WinHttpAutoProxySvc - ok
19:37:09.0498 3892  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:37:09.0560 3892  Winmgmt - ok
19:37:09.0638 3892  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
19:37:09.0763 3892  WinRM - ok
19:37:09.0825 3892  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:37:09.0888 3892  Wlansvc - ok
19:37:09.0997 3892  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:37:10.0059 3892  wlidsvc - ok
19:37:10.0075 3892  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:37:10.0091 3892  WmiAcpi - ok
19:37:10.0122 3892  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:37:10.0153 3892  wmiApSrv - ok
19:37:10.0184 3892  WMPNetworkSvc - ok
19:37:10.0215 3892  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:37:10.0247 3892  WPCSvc - ok
19:37:10.0278 3892  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:37:10.0293 3892  WPDBusEnum - ok
19:37:10.0325 3892  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:37:10.0387 3892  ws2ifsl - ok
19:37:10.0403 3892  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
19:37:10.0418 3892  wscsvc - ok
19:37:10.0418 3892  WSearch - ok
19:37:10.0496 3892  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:37:10.0574 3892  wuauserv - ok
19:37:10.0605 3892  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:37:10.0621 3892  WudfPf - ok
19:37:10.0637 3892  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:10.0652 3892  WUDFRd - ok
19:37:10.0683 3892  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:37:10.0699 3892  wudfsvc - ok
19:37:10.0730 3892  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:37:10.0746 3892  WwanSvc - ok
19:37:10.0808 3892  ================ Scan global ===============================
19:37:10.0839 3892  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:37:10.0871 3892  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:37:10.0886 3892  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:37:10.0902 3892  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:37:10.0917 3892  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:37:10.0933 3892  [Global] - ok
19:37:10.0933 3892  ================ Scan MBR ==================================
19:37:10.0933 3892  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:37:11.0432 3892  \Device\Harddisk0\DR0 - ok
19:37:11.0432 3892  ================ Scan VBR ==================================
19:37:11.0448 3892  [ 98B95949013FED8DCDA486A594A3C54E ] \Device\Harddisk0\DR0\Partition1
19:37:11.0448 3892  \Device\Harddisk0\DR0\Partition1 - ok
19:37:11.0463 3892  [ DD81AEDD491648F30F15C184853BF332 ] \Device\Harddisk0\DR0\Partition2
19:37:11.0479 3892  \Device\Harddisk0\DR0\Partition2 - ok
19:37:11.0479 3892  ============================================================
19:37:11.0479 3892  Scan finished
19:37:11.0479 3892  ============================================================
19:37:11.0495 8964  Detected object count: 10
19:37:11.0495 8964  Actual detected object count: 10
19:38:01.0401 8964  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0401 8964  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964  tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964  tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964  TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964  TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
Sorry für Umstände...


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:58 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19