Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht (https://www.trojaner-board.de/124485-weisser-bildschirm-abgesicherter-modus-netzwerktreibern-funktioniert.html)

likia 21.09.2012 22:41
weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht
 
Hallo!

Nachdem mir hier im vorigen Monat so toll geholfen wurde und mein Laptop ganz einwandfrei wieder funktioniert (nochmals RIESENDANK an t`john;) ) bitte ich jetzt um Hilfe für das Problem meines Bruders - er hat sich folgende "Version" eingefangen:

- Der Bildschirm wird beim normalen Hochfahren nach dem Windowslogo weiß, Taskmanager funktioniert auch nicht.

- Der abgesicherte Modus lässt sich starten, NICHT ABER der "abgesicherte Modus mit Netzwerktreibern" (auch hier wird der Bildschirm nach klicken einfach weiß). Wir konnten über msconfig keine verdächtigen Programme ausmachen (haben die Namen der exe`s gegoogelt, wollten aber nichts auf bloßes Tippen und Abhakeln riskieren)

--> WIE können wir jetzt Malwarebytes herunterladen bzw. kann ich es im abgesicherten Modus per USB-Stick installieren?

Bitte um Step-by-step-Hilfe!

Mfg likia

cosinus 22.09.2012 14:43
Zitat:
--> WIE können wir jetzt Malwarebytes herunterladen bzw. kann ich es im abgesicherten Modus per USB-Stick installieren?
Einmal das Malwarebytes-Setup an sich und das Setup für die Updates der Signaturen => http://data.mbamupdates.com/tools/mbam-rules.exe

Beide Dateien auf einen Stick kopieren. Installiere dann Malwarebytes, wähle am besten den Testzeitraum ab und nimm die Häkchen raus bei "Malwarebytes starten" und "Signaturen updaten"

Anschließend das Setup zum Signaturenupdate installieren und wenn fertig Malwarebytes starten. Mach einen Vollscan und lass alle lokalen Festplattenlaufwerke durchsuchen, also auch am besten USB-Platten und Sticks.

likia 22.09.2012 22:02
Ergebnis des Scans:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.17.07

Windows 7 Service Pack 1 x64 FAT32 (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
aharing :: AHARING_PC [Administrator]

Schutz: Deaktiviert

22.09.2012 21:28:50
mbam-log-2012-09-22 (22-33-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 569988
Laufzeit: 1 Stunde(n), 3 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Daten: explorer.exe,C:\Users\aharing\AppData\Roaming\msconfig.dat -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\aharing\AppData\Local\Temp\0.15176316171414828exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Users\aharing\AppData\Local\Temp\0.4247965169985338exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Users\aharing\AppData\Local\Temp\2388.tmp (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Users\aharing\AppData\Local\Temp\3830.tmp (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Users\aharing\AppData\Local\Temp\jar_cache1032492675636257619.tmp (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Users\aharing\AppData\Roaming\msconfig.dat (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Sollen die unter Quarantäne gestellten Objekte gleich gelöscht werden?

MfG

cosinus 23.09.2012 16:21
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

likia 23.09.2012 17:28
Liste der Anhänge anzeigen (Anzahl: 1)
Im abgesicherten Modus war es mir nach oben erwähnten Scan nicht möglich, die gefundenen Objekte unter Quarantäne zu stellen. Ich habe daher zuerst das Log-File gespeichert, danach hatte ich die Auswahl zwischen "Entferne Auswahl" und "Ignoriere" (wovon ich etwas irritiert war, weil ich erwartet hätte, dass die Objekte automatisch unter Quarantäne gestellt werden bzw. diese Option verfügbar ist - siehe Screenshot im Anhang). Ich habe ersteres gewählt.

Nach Start im normalen Modus habe ich Malwarebytes geöffnet und die zuvor gefundenen Objekte waren in Quarantäne (also noch nicht endgültig entfernt). Das habe ich auch bis jetzt so belassen.

cosinus 23.09.2012 19:04
Warum als Screenshot?!
Die Ergebnisse liegen in Textform doch vor, man muss es doch nicht unnötig kompliziert machen!

likia 23.09.2012 19:40
Ergebnis des Scans:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.17.07

Windows 7 Service Pack 1 x64 FAT32 (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
aharing :: AHARING_PC [Administrator]

Schutz: Deaktiviert

22.09.2012 21:28:50
mbam-log-2012-09-22 (21-28-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 569988
Laufzeit: 1 Stunde(n), 3 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Daten: explorer.exe,C:\Users\aharing\AppData\Roaming\msconfig.dat -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\aharing\AppData\Local\Temp\0.15176316171414828exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\aharing\AppData\Local\Temp\0.4247965169985338exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\aharing\AppData\Local\Temp\2388.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\aharing\AppData\Local\Temp\3830.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\aharing\AppData\Local\Temp\jar_cache1032492675636257619.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\aharing\AppData\Roaming\msconfig.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 23.09.2012 19:51
Ok, funktioniert der normale Modus wieder? Oder der abgesicherte mit Netzwerktreibern?

Wenn ja mit ESET weitermachen:

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://larusso.trojaner-board.de/Images/eset.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.



Wenn der Scan beendet wurde

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

likia 24.09.2012 20:49
Ja, der abgesicherte Modus mit Netzwerktreibern und der normale Modus funktionieren.

Das log-File des ESET-Online-Scans:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c0fc10de1464c4981f20d279eb16cfb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 07:31:08
# local_time=2012-09-24 09:31:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 49923385 49923385 0 0
# compatibility_mode=5893 16776574 66 85 38784845 100138271 0 0
# compatibility_mode=8192 67108863 100 0 407 407 0 0
# scanned=362990
# found=5
# cleaned=0
# scan_time=6647
C:\Users\aharing\AppData\Local\Temp\jar_cache874017857417118568.tmp        a variant of Win32/Kryptik.VDR trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\aharing\AppData\Local\Temp\yb4d8ly73s0vlxns.exe        a variant of Win32/Injector.WSR trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\67c8c814-552e560b        Java/Exploit.CVE-2012-1723.CI trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\25f6c817-6901d6e2        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7a7e1c1f-7678d7c7        multiple threats (unable to clean)        00000000000000000000000000000000        I
MfG

cosinus 25.09.2012 10:49
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

likia 25.09.2012 18:57
# AdwCleaner v2.003 - Datei am 09/25/2012 um 19:48:47 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : aharing - AHARING_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\aharing\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v11.0 (de)

Profilname : default
Datei : C:\Users\aharing\AppData\Roaming\Mozilla\Firefox\Profiles\pjbsyadv.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [794 octets] - [25/09/2012 19:48:47]

########## EOF - C:\AdwCleaner[R1].txt - [853 octets] ##########


(Habe nach dem Scan noch nichts gelöscht)

cosinus 25.09.2012 20:01
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

likia 26.09.2012 18:26
# AdwCleaner v2.003 - Datei am 09/26/2012 um 19:15:26 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : aharing - AHARING_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\aharing\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-931123733-2037267879-2966560627-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v11.0 (de)

Profilname : default
Datei : C:\Users\aharing\AppData\Roaming\Mozilla\Firefox\Profiles\pjbsyadv.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [921 octets] - [25/09/2012 19:48:47]
AdwCleaner[S1].txt - [1355 octets] - [26/09/2012 19:15:26]

########## EOF - C:\AdwCleaner[S1].txt - [1415 octets] ##########

cosinus 27.09.2012 14:20
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

likia 27.09.2012 21:24
Hallo!

Ja, der normale Windows-Modus scheint wieder uneingeschränkt zu funktionieren und ich vermisse auch keine Programme im Startmenü.

cosinus 28.09.2012 09:52
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

likia 28.09.2012 18:00
Ok, hier ist der Inhalt von OTL.txt:

Code:
OTL logfile created on: 28.09.2012 17:56:21 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\aharing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,86% Memory free
15,82 Gb Paging File | 13,91 Gb Available in Paging File | 87,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 84,90 Gb Free Space | 56,97% Space Free | Partition Type: NTFS
Drive D: | 425,64 Gb Total Space | 418,37 Gb Free Space | 98,29% Space Free | Partition Type: NTFS
 
Computer Name: AHARING_PC | User Name: aharing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.28 17:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aharing\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.08 10:05:27 | 018,977,656 | ---- | M] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.25 01:36:31 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.21 04:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.04 20:52:59 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.16 20:33:06 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.07 19:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.25 06:07:39 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2010.08.05 15:41:15 | 000,047,640 | ---- | M] (ALi) -- C:\Windows\WebCam\S6000\S6000Mnt.exe
PRC - [2010.07.10 08:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010.02.03 10:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.19 23:05:47 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010.11.30 23:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2010.07.20 04:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.07.20 03:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.07.20 03:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010.04.17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.12.21 04:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 04:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.04 20:52:59 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.25 22:07:38 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.04 20:52:59 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.28 15:23:15 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 02:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2010.11.20 02:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.06 16:11:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.09.08 13:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.08.05 15:41:31 | 000,190,232 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2010.07.14 14:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.06.23 03:31:11 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.22 10:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 23:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://10.0.0.138/"
FF - prefs.js..extensions.enabledAddons: {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}:0.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.02.25 01:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.12 15:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.17 18:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.11 18:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aharing\AppData\Roaming\mozilla\Extensions
[2012.05.28 17:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aharing\AppData\Roaming\mozilla\Firefox\Profiles\pjbsyadv.default\extensions
[2012.05.28 17:08:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aharing\AppData\Roaming\mozilla\Firefox\Profiles\pjbsyadv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.17 17:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.17 17:29:18 | 000,000,000 | ---D | M] (Controller) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2012.05.12 15:37:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [A1Webassistent] C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1001..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5B7612-FC40-4ECB-8943-111600C3AC26}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell - "" = AutoRun
O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe - ()
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Trend Micro Titanium - hkey= - key= - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {98D282C4-0F5F-D022-E57E-1F883C3BCE6A} - Browser Customizations
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 17:50:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aharing\Desktop\OTL.exe
[2012.09.28 17:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.24 19:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.23 10:41:31 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{3031CBB7-9615-4791-8EAE-0E45A8E2D06B}
[2012.09.22 21:27:21 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Roaming\Malwarebytes
[2012.09.22 21:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.22 21:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.22 21:26:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.22 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.19 22:04:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.16 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{51E80C41-9063-414D-B9CF-78671F7E6007}
[2012.09.16 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{27338D5E-64B0-4FCA-BFFD-DFCB3A28A92B}
[2012.09.08 21:41:41 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{FF82E144-E449-4DC3-81F4-5977DDB021CC}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 17:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aharing\Desktop\OTL.exe
[2012.09.28 17:39:29 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 17:39:29 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 17:31:40 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.09.28 17:31:40 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.28 17:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 17:31:03 | 2077,552,639 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 22:08:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.26 19:19:46 | 007,310,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.26 19:19:46 | 000,706,528 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.09.26 19:19:46 | 000,705,552 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.09.26 19:19:46 | 000,703,290 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.09.26 19:19:46 | 000,701,206 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.09.26 19:19:46 | 000,691,440 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.09.26 19:19:46 | 000,666,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.26 19:19:46 | 000,628,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.26 19:19:46 | 000,563,868 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.09.26 19:19:46 | 000,397,418 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.09.26 19:19:46 | 000,365,620 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012.09.26 19:19:46 | 000,141,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.09.26 19:19:46 | 000,137,932 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.09.26 19:19:46 | 000,137,120 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.09.26 19:19:46 | 000,134,320 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.09.26 19:19:46 | 000,134,186 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.26 19:19:46 | 000,131,324 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.09.26 19:19:46 | 000,110,568 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.09.26 19:19:46 | 000,110,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.26 19:19:46 | 000,093,616 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.09.26 19:19:46 | 000,073,274 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012.09.25 19:28:08 | 000,513,501 | ---- | M] () -- C:\Users\aharing\Desktop\adwcleaner.exe
[2012.09.22 22:48:12 | 000,001,294 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.09.22 21:26:47 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.21 21:33:36 | 000,000,044 | ---- | M] () -- C:\Users\aharing\AppData\Roaming\msconfig.ini
[2012.09.08 21:08:13 | 000,000,244 | ---- | M] () -- C:\Users\aharing\.swfinfo
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.09.25 19:48:08 | 000,513,501 | ---- | C] () -- C:\Users\aharing\Desktop\adwcleaner.exe
[2012.09.22 21:26:47 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.19 21:41:29 | 000,000,044 | ---- | C] () -- C:\Users\aharing\AppData\Roaming\msconfig.ini
[2012.09.08 21:08:13 | 000,000,244 | ---- | C] () -- C:\Users\aharing\.swfinfo
[2012.06.17 15:35:48 | 007,405,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.12 15:42:41 | 000,017,408 | ---- | C] () -- C:\Users\aharing\AppData\Local\WebpageIcons.db
[2011.02.25 01:01:57 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.11.28 15:21:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010.11.28 15:21:27 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2010.11.28 15:21:27 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.18 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\A1 Servicecenter
[2011.04.29 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Asus WebStorage
[2012.05.28 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoft
[2012.05.28 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.25 20:31:23 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\GARMIN
[2012.03.03 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\MP42AVI
[2012.08.17 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\mquadr.at
[2012.09.23 10:33:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nokia
[2011.05.08 15:29:35 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nuance
[2011.06.19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\OpenOffice.org
[2012.06.05 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Opera
[2011.05.01 10:43:47 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Scilab
[2012.09.08 10:34:09 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\SoftGrid Client
[2012.08.17 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Thunderbird
[2012.06.17 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\TP
[2012.08.17 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Windows Live Writer
[2011.05.08 15:29:31 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.08.18 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\A1 Servicecenter
[2012.06.07 19:16:13 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Adobe
[2012.05.12 15:33:52 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Apple Computer
[2011.04.29 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Asus WebStorage
[2012.05.28 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoft
[2012.05.28 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.08 15:29:36 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\FLEXnet
[2012.08.25 20:31:23 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\GARMIN
[2011.04.29 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Identities
[2011.04.29 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Intel
[2011.05.07 19:39:54 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Macromedia
[2012.09.22 21:27:21 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Media Center Programs
[2012.07.30 17:05:05 | 000,000,000 | --SD | M] -- C:\Users\aharing\AppData\Roaming\Microsoft
[2012.03.11 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Mozilla
[2012.03.03 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\MP42AVI
[2012.08.17 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\mquadr.at
[2012.09.23 10:33:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nokia
[2011.05.08 15:29:35 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nuance
[2011.06.19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\OpenOffice.org
[2012.06.05 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Opera
[2011.05.01 10:43:47 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Scilab
[2012.09.08 10:34:09 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\SoftGrid Client
[2012.08.17 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Thunderbird
[2012.06.17 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\TP
[2012.08.17 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Windows Live Writer
[2011.05.08 15:29:31 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.06.25 14:09:14 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\aharing\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.07 00:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.02.25 01:24:06 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.02.25 01:24:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.02.25 01:24:06 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.02.25 01:24:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.02.25 00:48:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.02.25 00:48:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2012.08.24 09:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >

cosinus 28.09.2012 19:20
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell - "" = AutoRun
O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
:Files
C:\Users\aharing\AppData\Local\{*
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

likia 28.09.2012 21:14
Hier ist das Logfile:

Code:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-931123733-2037267879-2966560627-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Autorun.exe not found.
========== FILES ==========
C:\Users\aharing\AppData\Local\{062A5EB5-3DFA-4E9D-8386-31CC4DEAB604} folder moved successfully.
C:\Users\aharing\AppData\Local\{06F14F74-B824-4AD4-89DF-FAC88807CEA4} folder moved successfully.
C:\Users\aharing\AppData\Local\{092215F5-D9A8-4E9B-84A9-30DF8EA6720F} folder moved successfully.
C:\Users\aharing\AppData\Local\{0EF834B8-0844-427E-BD80-9E4F00F926A9} folder moved successfully.
C:\Users\aharing\AppData\Local\{1118EC9C-5859-46E9-A22F-16F5F536CB47} folder moved successfully.
C:\Users\aharing\AppData\Local\{137651A4-24CC-48D7-8A81-52ABA7673BD4} folder moved successfully.
C:\Users\aharing\AppData\Local\{1EED1BA4-CC51-411B-A46E-58F595941D15} folder moved successfully.
C:\Users\aharing\AppData\Local\{26C5A1A0-138C-4D55-B701-3211035D2FEE} folder moved successfully.
C:\Users\aharing\AppData\Local\{27338D5E-64B0-4FCA-BFFD-DFCB3A28A92B} folder moved successfully.
C:\Users\aharing\AppData\Local\{2D45066E-805F-4EA5-A5F4-0FAED9F61860} folder moved successfully.
C:\Users\aharing\AppData\Local\{2E25FEB3-A433-46BE-8467-20D636C734CE} folder moved successfully.
C:\Users\aharing\AppData\Local\{3031CBB7-9615-4791-8EAE-0E45A8E2D06B} folder moved successfully.
C:\Users\aharing\AppData\Local\{3861D45A-34D7-4C30-88F3-8AAEBE630567} folder moved successfully.
C:\Users\aharing\AppData\Local\{39794139-6F81-417B-9DCC-A61CC25A1A5C} folder moved successfully.
C:\Users\aharing\AppData\Local\{427E2BF9-728A-47E1-A597-778B3D1924A6} folder moved successfully.
C:\Users\aharing\AppData\Local\{449746A0-B63D-4A6E-B715-C65EF824E8D6} folder moved successfully.
C:\Users\aharing\AppData\Local\{486277A0-0A7F-44C8-BC8C-61D2FE2C0A5A} folder moved successfully.
C:\Users\aharing\AppData\Local\{51E80C41-9063-414D-B9CF-78671F7E6007} folder moved successfully.
C:\Users\aharing\AppData\Local\{55666E1B-716C-499E-8DA6-F6E68521F0BF} folder moved successfully.
C:\Users\aharing\AppData\Local\{56B77FF2-E25A-41AB-A2E5-4E107B878DBC} folder moved successfully.
C:\Users\aharing\AppData\Local\{57E385E4-B617-4C9B-B2F5-5CA037AB781B} folder moved successfully.
C:\Users\aharing\AppData\Local\{5B29A964-6D9E-4888-9B97-A37CBDD71725} folder moved successfully.
C:\Users\aharing\AppData\Local\{5DE45A88-6491-4E39-A003-56D5B22CD0B4} folder moved successfully.
C:\Users\aharing\AppData\Local\{7FE6FC5E-F7CC-4AC9-9415-097D44DDA19F} folder moved successfully.
C:\Users\aharing\AppData\Local\{81FCD5A5-C5DA-47E9-B93C-4DA2D411CB17} folder moved successfully.
C:\Users\aharing\AppData\Local\{892C7C2B-F3B6-4595-B241-A4D97AFA4316} folder moved successfully.
C:\Users\aharing\AppData\Local\{900328D6-93CB-48E6-AFD7-C58C83DAF7F6} folder moved successfully.
C:\Users\aharing\AppData\Local\{9530FA64-FF15-43A9-8CCC-F37379595E4B} folder moved successfully.
C:\Users\aharing\AppData\Local\{95728D6D-8E6A-4C03-9876-6FBAE4EC92CA} folder moved successfully.
C:\Users\aharing\AppData\Local\{95F4D581-9943-4E5D-B2ED-241F92506C83} folder moved successfully.
C:\Users\aharing\AppData\Local\{9B515135-86AC-4F9F-BA0C-D781FCAB1DB2} folder moved successfully.
C:\Users\aharing\AppData\Local\{A2199B4C-489C-46E3-B2C4-505F5B21D768} folder moved successfully.
C:\Users\aharing\AppData\Local\{A46E3183-977A-48F3-8C07-484BCFFABF95} folder moved successfully.
C:\Users\aharing\AppData\Local\{A82202AF-4377-4261-93C0-C9FD2CB3ACCA} folder moved successfully.
C:\Users\aharing\AppData\Local\{A92DE12C-02CF-449A-B3EB-7D2E8292F963} folder moved successfully.
C:\Users\aharing\AppData\Local\{AE058606-D1A6-41E0-984D-FB1E3DBDD3F2} folder moved successfully.
C:\Users\aharing\AppData\Local\{B062AA85-B377-4A47-8B78-70FEEB65E154} folder moved successfully.
C:\Users\aharing\AppData\Local\{B51F2930-53F1-4B21-A0FE-84DFBBCA9456} folder moved successfully.
C:\Users\aharing\AppData\Local\{BBF83F73-9844-42CE-801E-AC1120D58198} folder moved successfully.
C:\Users\aharing\AppData\Local\{C7E0EE02-F028-4478-BF8D-042DE5633DF6} folder moved successfully.
C:\Users\aharing\AppData\Local\{CDF0E4C9-8203-4332-9473-E8778DBC24FD} folder moved successfully.
C:\Users\aharing\AppData\Local\{D7B5C229-BFC2-4257-843E-3D5BACD15B66} folder moved successfully.
C:\Users\aharing\AppData\Local\{DAEB6F66-D376-4ABC-AFF2-EBFA93CF3467} folder moved successfully.
C:\Users\aharing\AppData\Local\{E2D73B14-70D9-4C5C-8916-B468E176438A} folder moved successfully.
C:\Users\aharing\AppData\Local\{E458626C-FBDF-4CDC-80DF-509BFD9B5C50} folder moved successfully.
C:\Users\aharing\AppData\Local\{EAECFD9D-B7EF-4BDA-AD1B-FBB66537E49B} folder moved successfully.
C:\Users\aharing\AppData\Local\{ED38F364-EB4E-4467-8343-0F9C073DD6C6} folder moved successfully.
C:\Users\aharing\AppData\Local\{EEA4DB54-C83A-41E6-916C-2080D87DEA68} folder moved successfully.
C:\Users\aharing\AppData\Local\{FC0D2952-9041-4E13-A540-285AF434B17A} folder moved successfully.
C:\Users\aharing\AppData\Local\{FDA8928E-5926-4B5D-8D58-B501582BA1E9} folder moved successfully.
C:\Users\aharing\AppData\Local\{FF82E144-E449-4DC3-81F4-5977DDB021CC} folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\aharing\Desktop\cmd.bat deleted successfully.
C:\Users\aharing\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: aharing
->Temp folder emptied: 517624121 bytes
->Temporary Internet Files folder emptied: 388798589 bytes
->FireFox cache emptied: 76762450 bytes
->Flash cache emptied: 3128719 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 498281665 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.416,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09282012_215040

Files\Folders moved on Reboot...
C:\Users\aharing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 28.09.2012 21:27
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

likia 29.09.2012 22:57
Hier ist der Report:

Code:
23:50:19.0914 3028  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:50:20.0258 3028  ============================================================
23:50:20.0258 3028  Current date / time: 2012/09/29 23:50:20.0258
23:50:20.0258 3028  SystemInfo:
23:50:20.0258 3028 
23:50:20.0258 3028  OS Version: 6.1.7601 ServicePack: 1.0
23:50:20.0258 3028  Product type: Workstation
23:50:20.0258 3028  ComputerName: AHARING_PC
23:50:20.0258 3028  UserName: aharing
23:50:20.0258 3028  Windows directory: C:\Windows
23:50:20.0258 3028  System windows directory: C:\Windows
23:50:20.0258 3028  Running under WOW64
23:50:20.0258 3028  Processor architecture: Intel x64
23:50:20.0258 3028  Number of processors: 4
23:50:20.0258 3028  Page size: 0x1000
23:50:20.0258 3028  Boot type: Normal boot
23:50:20.0258 3028  ============================================================
23:50:20.0975 3028  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:50:20.0991 3028  ============================================================
23:50:20.0991 3028  \Device\Harddisk0\DR0:
23:50:20.0991 3028  MBR partitions:
23:50:20.0991 3028  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x12A151A9
23:50:21.0006 3028  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1550F800, BlocksNum 0x35348000
23:50:21.0006 3028  ============================================================
23:50:21.0038 3028  C: <-> \Device\Harddisk0\DR0\Partition1
23:50:21.0162 3028  D: <-> \Device\Harddisk0\DR0\Partition2
23:50:21.0162 3028  ============================================================
23:50:21.0162 3028  Initialize success
23:50:21.0162 3028  ============================================================
23:51:03.0922 5668  ============================================================
23:51:03.0922 5668  Scan started
23:51:03.0922 5668  Mode: Manual; SigCheck; TDLFS;
23:51:03.0922 5668  ============================================================
23:51:04.0343 5668  ================ Scan system memory ========================
23:51:04.0343 5668  System memory - ok
23:51:04.0343 5668  ================ Scan services =============================
23:51:04.0874 5668  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:51:05.0030 5668  1394ohci - ok
23:51:05.0092 5668  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:51:05.0139 5668  ACPI - ok
23:51:05.0170 5668  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
23:51:05.0264 5668  AcpiPmi - ok
23:51:05.0373 5668  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:51:05.0420 5668  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:51:05.0420 5668  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:51:05.0451 5668  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:05.0498 5668  adp94xx - ok
23:51:05.0529 5668  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
23:51:05.0560 5668  adpahci - ok
23:51:05.0560 5668  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
23:51:05.0576 5668  adpu320 - ok
23:51:05.0622 5668  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:51:05.0763 5668  AeLookupSvc - ok
23:51:05.0794 5668  [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent        C:\Windows\system32\FBAgent.exe
23:51:05.0825 5668  AFBAgent - ok
23:51:05.0872 5668  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
23:51:05.0966 5668  AFD - ok
23:51:06.0012 5668  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:51:06.0044 5668  agp440 - ok
23:51:06.0090 5668  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
23:51:06.0153 5668  ALG - ok
23:51:06.0184 5668  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:51:06.0200 5668  aliide - ok
23:51:06.0231 5668  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:51:06.0246 5668  amdide - ok
23:51:06.0278 5668  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
23:51:06.0340 5668  AmdK8 - ok
23:51:06.0340 5668  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:51:06.0387 5668  AmdPPM - ok
23:51:06.0418 5668  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
23:51:06.0449 5668  amdsata - ok
23:51:06.0512 5668  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:06.0543 5668  amdsbs - ok
23:51:06.0574 5668  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
23:51:06.0574 5668  amdxata - ok
23:51:06.0668 5668  [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
23:51:06.0699 5668  Amsp - ok
23:51:06.0730 5668  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
23:51:06.0933 5668  AppID - ok
23:51:06.0980 5668  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:51:07.0058 5668  AppIDSvc - ok
23:51:07.0089 5668  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
23:51:07.0167 5668  Appinfo - ok
23:51:07.0214 5668  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
23:51:07.0245 5668  arc - ok
23:51:07.0245 5668  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:51:07.0260 5668  arcsas - ok
23:51:07.0338 5668  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:51:07.0370 5668  ASLDRService - ok
23:51:07.0416 5668  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:51:07.0432 5668  ASMMAP64 - ok
23:51:07.0479 5668  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:07.0557 5668  AsyncMac - ok
23:51:07.0588 5668  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
23:51:07.0604 5668  atapi - ok
23:51:07.0775 5668  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:51:07.0947 5668  athr - ok
23:51:07.0978 5668  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:51:07.0994 5668  ATKGFNEXSrv - ok
23:51:08.0025 5668  [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:51:08.0040 5668  ATKWMIACPIIO - ok
23:51:08.0072 5668  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:51:08.0196 5668  AudioEndpointBuilder - ok
23:51:08.0228 5668  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:51:08.0290 5668  AudioSrv - ok
23:51:08.0306 5668  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:51:08.0446 5668  AxInstSV - ok
23:51:08.0477 5668  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:08.0555 5668  b06bdrv - ok
23:51:08.0571 5668  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:08.0618 5668  b57nd60a - ok
23:51:08.0664 5668  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:51:08.0727 5668  BDESVC - ok
23:51:08.0758 5668  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:51:08.0852 5668  Beep - ok
23:51:08.0883 5668  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
23:51:08.0930 5668  BFE - ok
23:51:08.0992 5668  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:51:09.0101 5668  BITS - ok
23:51:09.0132 5668  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:09.0148 5668  blbdrive - ok
23:51:09.0179 5668  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:51:09.0242 5668  bowser - ok
23:51:09.0288 5668  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:09.0335 5668  BrFiltLo - ok
23:51:09.0335 5668  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:09.0351 5668  BrFiltUp - ok
23:51:09.0382 5668  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
23:51:09.0444 5668  Browser - ok
23:51:09.0491 5668  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:51:09.0569 5668  Brserid - ok
23:51:09.0616 5668  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:09.0663 5668  BrSerWdm - ok
23:51:09.0663 5668  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:09.0710 5668  BrUsbMdm - ok
23:51:09.0710 5668  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:09.0741 5668  BrUsbSer - ok
23:51:09.0756 5668  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:09.0772 5668  BTHMODEM - ok
23:51:09.0803 5668  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
23:51:09.0881 5668  bthserv - ok
23:51:09.0912 5668  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:51:09.0959 5668  cdfs - ok
23:51:10.0006 5668  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:51:10.0053 5668  cdrom - ok
23:51:10.0100 5668  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
23:51:10.0162 5668  CertPropSvc - ok
23:51:10.0193 5668  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:51:10.0224 5668  circlass - ok
23:51:10.0287 5668  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:51:10.0334 5668  CLFS - ok
23:51:10.0552 5668  [ FE1C81A049E5C5D67C4AB7C31C899F6F ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:51:10.0583 5668  CLKMSVC10_38F51D56 - ok
23:51:10.0802 5668  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:10.0833 5668  clr_optimization_v2.0.50727_32 - ok
23:51:11.0051 5668  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:51:11.0082 5668  clr_optimization_v2.0.50727_64 - ok
23:51:11.0363 5668  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:51:11.0379 5668  clr_optimization_v4.0.30319_32 - ok
23:51:11.0628 5668  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:51:11.0644 5668  clr_optimization_v4.0.30319_64 - ok
23:51:11.0722 5668  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:11.0753 5668  CmBatt - ok
23:51:11.0769 5668  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:51:11.0784 5668  cmdide - ok
23:51:11.0800 5668  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
23:51:11.0831 5668  CNG - ok
23:51:11.0862 5668  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:51:11.0878 5668  Compbatt - ok
23:51:11.0909 5668  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:51:11.0987 5668  CompositeBus - ok
23:51:12.0018 5668  COMSysApp - ok
23:51:12.0034 5668  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:12.0050 5668  crcdisk - ok
23:51:12.0081 5668  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:51:12.0112 5668  CryptSvc - ok
23:51:12.0237 5668  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:51:12.0268 5668  cvhsvc - ok
23:51:12.0315 5668  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:51:12.0393 5668  DcomLaunch - ok
23:51:12.0471 5668  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
23:51:12.0596 5668  defragsvc - ok
23:51:12.0658 5668  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:51:12.0752 5668  DfsC - ok
23:51:12.0798 5668  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:51:12.0908 5668  Dhcp - ok
23:51:12.0939 5668  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:51:12.0986 5668  discache - ok
23:51:13.0001 5668  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:51:13.0017 5668  Disk - ok
23:51:13.0032 5668  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:51:13.0079 5668  Dnscache - ok
23:51:13.0110 5668  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:51:13.0157 5668  dot3svc - ok
23:51:13.0188 5668  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
23:51:13.0235 5668  DPS - ok
23:51:13.0282 5668  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:51:13.0329 5668  drmkaud - ok
23:51:13.0391 5668  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:51:13.0422 5668  DXGKrnl - ok
23:51:13.0454 5668  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
23:51:13.0500 5668  EapHost - ok
23:51:13.0922 5668  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
23:51:14.0062 5668  ebdrv - ok
23:51:14.0093 5668  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
23:51:14.0140 5668  EFS - ok
23:51:14.0405 5668  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:51:14.0514 5668  ehRecvr - ok
23:51:14.0546 5668  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
23:51:14.0624 5668  ehSched - ok
23:51:14.0670 5668  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
23:51:14.0748 5668  elxstor - ok
23:51:14.0764 5668  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:51:14.0811 5668  ErrDev - ok
23:51:14.0842 5668  [ 05B0DCDA418E297A1B4CD8D7B8ADE403 ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
23:51:14.0889 5668  ETD - ok
23:51:14.0951 5668  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
23:51:15.0029 5668  EventSystem - ok
23:51:15.0123 5668  [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:51:15.0185 5668  EvtEng - ok
23:51:15.0216 5668  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
23:51:15.0248 5668  exfat - ok
23:51:15.0294 5668  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:51:15.0341 5668  fastfat - ok
23:51:15.0388 5668  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
23:51:15.0497 5668  Fax - ok
23:51:15.0528 5668  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:51:15.0575 5668  fdc - ok
23:51:15.0622 5668  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
23:51:15.0716 5668  fdPHost - ok
23:51:15.0716 5668  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:51:15.0762 5668  FDResPub - ok
23:51:15.0778 5668  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:51:15.0794 5668  FileInfo - ok
23:51:15.0809 5668  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:51:15.0856 5668  Filetrace - ok
23:51:15.0872 5668  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:15.0887 5668  flpydisk - ok
23:51:15.0934 5668  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:51:15.0950 5668  FltMgr - ok
23:51:15.0965 5668  [ D0ADBCF2A5316D23EF67DFAA02D5D544 ] FLxHCIc        C:\Windows\system32\DRIVERS\FLxHCIc.sys
23:51:15.0981 5668  FLxHCIc - ok
23:51:16.0012 5668  [ F9B6DB9727AD2F14ECF84E43EB5279F7 ] FLxHCIh        C:\Windows\system32\DRIVERS\FLxHCIh.sys
23:51:16.0043 5668  FLxHCIh - ok
23:51:16.0152 5668  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
23:51:16.0246 5668  FontCache - ok
23:51:16.0308 5668  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:16.0340 5668  FontCache3.0.0.0 - ok
23:51:16.0371 5668  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:51:16.0386 5668  FsDepends - ok
23:51:16.0418 5668  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
23:51:16.0433 5668  fssfltr - ok
23:51:16.0511 5668  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:51:16.0605 5668  fsssvc - ok
23:51:16.0667 5668  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:51:16.0683 5668  Fs_Rec - ok
23:51:16.0714 5668  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:51:16.0730 5668  fvevol - ok
23:51:16.0745 5668  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:16.0761 5668  gagp30kx - ok
23:51:16.0792 5668  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
23:51:16.0870 5668  gpsvc - ok
23:51:16.0932 5668  [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb        C:\Windows\system32\drivers\grmnusb.sys
23:51:16.0948 5668  grmnusb - ok
23:51:17.0010 5668  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:17.0026 5668  gupdate - ok
23:51:17.0042 5668  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:17.0057 5668  gupdatem - ok
23:51:17.0104 5668  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:51:17.0104 5668  gusvc - ok
23:51:17.0135 5668  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:51:17.0182 5668  hcw85cir - ok
23:51:17.0244 5668  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:51:17.0322 5668  HdAudAddService - ok
23:51:17.0338 5668  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:51:17.0369 5668  HDAudBus - ok
23:51:17.0400 5668  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:17.0447 5668  HidBatt - ok
23:51:17.0463 5668  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:51:17.0510 5668  HidBth - ok
23:51:17.0541 5668  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
23:51:17.0556 5668  HidIr - ok
23:51:17.0588 5668  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
23:51:17.0619 5668  hidserv - ok
23:51:17.0650 5668  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:51:17.0681 5668  HidUsb - ok
23:51:17.0697 5668  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:51:17.0775 5668  hkmsvc - ok
23:51:17.0806 5668  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:51:17.0837 5668  HomeGroupListener - ok
23:51:17.0868 5668  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:51:17.0915 5668  HomeGroupProvider - ok
23:51:17.0946 5668  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:51:17.0962 5668  HpSAMD - ok
23:51:18.0024 5668  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:51:18.0102 5668  HTTP - ok
23:51:18.0165 5668  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:51:18.0180 5668  hwpolicy - ok
23:51:18.0227 5668  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:51:18.0243 5668  i8042prt - ok
23:51:18.0274 5668  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:51:18.0290 5668  iaStor - ok
23:51:18.0352 5668  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
23:51:18.0383 5668  iaStorV - ok
23:51:18.0492 5668  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:18.0555 5668  idsvc - ok
23:51:19.0725 5668  [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:51:20.0115 5668  igfx - ok
23:51:20.0130 5668  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
23:51:20.0162 5668  iirsp - ok
23:51:20.0224 5668  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:51:20.0286 5668  IKEEXT - ok
23:51:20.0505 5668  [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:51:20.0552 5668  IntcAzAudAddService - ok
23:51:20.0583 5668  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:51:20.0645 5668  IntcDAud - ok
23:51:20.0676 5668  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:51:20.0708 5668  intelide - ok
23:51:20.0723 5668  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:51:20.0770 5668  intelppm - ok
23:51:20.0801 5668  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:51:20.0864 5668  IPBusEnum - ok
23:51:20.0895 5668  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:20.0973 5668  IpFilterDriver - ok
23:51:21.0035 5668  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:51:21.0129 5668  iphlpsvc - ok
23:51:21.0144 5668  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
23:51:21.0207 5668  IPMIDRV - ok
23:51:21.0300 5668  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:51:21.0394 5668  IPNAT - ok
23:51:21.0394 5668  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:51:21.0488 5668  IRENUM - ok
23:51:21.0503 5668  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:51:21.0519 5668  isapnp - ok
23:51:21.0550 5668  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:51:21.0566 5668  iScsiPrt - ok
23:51:21.0581 5668  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:51:21.0597 5668  kbdclass - ok
23:51:21.0644 5668  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:51:21.0706 5668  kbdhid - ok
23:51:21.0722 5668  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr        C:\Windows\system32\DRIVERS\kbfiltr.sys
23:51:21.0737 5668  kbfiltr - ok
23:51:21.0753 5668  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:51:21.0784 5668  KeyIso - ok
23:51:21.0800 5668  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:51:21.0846 5668  KSecDD - ok
23:51:21.0878 5668  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:51:21.0909 5668  KSecPkg - ok
23:51:21.0956 5668  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
23:51:22.0034 5668  ksthunk - ok
23:51:22.0065 5668  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:51:22.0158 5668  KtmRm - ok
23:51:22.0221 5668  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:51:22.0299 5668  LanmanServer - ok
23:51:22.0314 5668  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:51:22.0361 5668  LanmanWorkstation - ok
23:51:22.0377 5668  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:51:22.0424 5668  lltdio - ok
23:51:22.0439 5668  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:51:22.0517 5668  lltdsvc - ok
23:51:22.0517 5668  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:51:22.0548 5668  lmhosts - ok
23:51:22.0626 5668  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:51:22.0658 5668  LMS - ok
23:51:22.0673 5668  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:22.0689 5668  LSI_FC - ok
23:51:22.0720 5668  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:22.0720 5668  LSI_SAS - ok
23:51:22.0751 5668  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:22.0751 5668  LSI_SAS2 - ok
23:51:22.0767 5668  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:22.0782 5668  LSI_SCSI - ok
23:51:22.0798 5668  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
23:51:22.0845 5668  luafv - ok
23:51:22.0876 5668  [ 830708A5CC0A19196C1DC205BED5A3A8 ] massfilter      C:\Windows\system32\drivers\massfilter.sys
23:51:22.0938 5668  massfilter - ok
23:51:22.0985 5668  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
23:51:23.0016 5668  MBAMProtector - ok
23:51:23.0126 5668  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:51:23.0172 5668  MBAMScheduler - ok
23:51:23.0204 5668  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:51:23.0250 5668  MBAMService - ok
23:51:23.0282 5668  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:51:23.0313 5668  Mcx2Svc - ok
23:51:23.0344 5668  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
23:51:23.0375 5668  megasas - ok
23:51:23.0391 5668  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:23.0406 5668  MegaSR - ok
23:51:23.0422 5668  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:51:23.0422 5668  MEIx64 - ok
23:51:23.0453 5668  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
23:51:23.0531 5668  MMCSS - ok
23:51:23.0531 5668  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
23:51:23.0594 5668  Modem - ok
23:51:23.0609 5668  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:51:23.0625 5668  monitor - ok
23:51:23.0640 5668  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:51:23.0656 5668  mouclass - ok
23:51:23.0672 5668  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:51:23.0687 5668  mouhid - ok
23:51:23.0718 5668  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:51:23.0718 5668  mountmgr - ok
23:51:23.0750 5668  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:51:23.0750 5668  mpio - ok
23:51:23.0796 5668  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:51:23.0859 5668  mpsdrv - ok
23:51:23.0984 5668  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:51:24.0108 5668  MpsSvc - ok
23:51:24.0140 5668  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:51:24.0186 5668  MRxDAV - ok
23:51:24.0218 5668  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:24.0296 5668  mrxsmb - ok
23:51:24.0327 5668  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:24.0358 5668  mrxsmb10 - ok
23:51:24.0389 5668  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:24.0452 5668  mrxsmb20 - ok
23:51:24.0483 5668  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:51:24.0483 5668  msahci - ok
23:51:24.0530 5668  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:51:24.0561 5668  msdsm - ok
23:51:24.0592 5668  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
23:51:24.0639 5668  MSDTC - ok
23:51:24.0670 5668  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:51:24.0732 5668  Msfs - ok
23:51:24.0732 5668  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:51:24.0779 5668  mshidkmdf - ok
23:51:24.0795 5668  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:51:24.0810 5668  msisadrv - ok
23:51:24.0842 5668  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:51:24.0904 5668  MSiSCSI - ok
23:51:24.0920 5668  msiserver - ok
23:51:24.0935 5668  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:51:24.0982 5668  MSKSSRV - ok
23:51:24.0998 5668  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:25.0029 5668  MSPCLOCK - ok
23:51:25.0060 5668  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:51:25.0091 5668  MSPQM - ok
23:51:25.0154 5668  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:51:25.0185 5668  MsRPC - ok
23:51:25.0216 5668  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:51:25.0232 5668  mssmbios - ok
23:51:25.0232 5668  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:51:25.0278 5668  MSTEE - ok
23:51:25.0278 5668  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:25.0310 5668  MTConfig - ok
23:51:25.0325 5668  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:51:25.0325 5668  Mup - ok
23:51:25.0356 5668  [ 93CD1C4ECB8658A35E5E6EBA02D43E4F ] MyWiFiDHCPDNS  C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:51:25.0372 5668  MyWiFiDHCPDNS - ok
23:51:25.0403 5668  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:51:25.0434 5668  napagent - ok
23:51:25.0481 5668  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:51:25.0544 5668  NativeWifiP - ok
23:51:25.0700 5668  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:51:25.0746 5668  NDIS - ok
23:51:25.0778 5668  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:25.0856 5668  NdisCap - ok
23:51:25.0856 5668  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:25.0887 5668  NdisTapi - ok
23:51:25.0918 5668  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:25.0949 5668  Ndisuio - ok
23:51:25.0996 5668  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:26.0058 5668  NdisWan - ok
23:51:26.0105 5668  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:51:26.0199 5668  NDProxy - ok
23:51:26.0230 5668  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:51:26.0308 5668  NetBIOS - ok
23:51:26.0339 5668  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:51:26.0402 5668  NetBT - ok
23:51:26.0448 5668  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:51:26.0480 5668  Netlogon - ok
23:51:26.0511 5668  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:51:26.0573 5668  Netman - ok
23:51:26.0604 5668  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:51:26.0636 5668  netprofm - ok
23:51:26.0667 5668  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:26.0667 5668  NetTcpPortSharing - ok
23:51:26.0916 5668  [ EB43840BABF5589E33186D094DE7381D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
23:51:27.0182 5668  NETwNs64 - ok
23:51:27.0228 5668  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:27.0260 5668  nfrd960 - ok
23:51:27.0275 5668  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:51:27.0338 5668  NlaSvc - ok
23:51:27.0338 5668  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:51:27.0384 5668  Npfs - ok
23:51:27.0400 5668  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
23:51:27.0431 5668  nsi - ok
23:51:27.0447 5668  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:51:27.0478 5668  nsiproxy - ok
23:51:27.0556 5668  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:51:27.0603 5668  Ntfs - ok
23:51:27.0618 5668  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:51:27.0681 5668  Null - ok
23:51:28.0274 5668  [ 4FB60F36D13EABE95CE60A0D97D1A022 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:51:28.0430 5668  nvlddmkm - ok
23:51:28.0570 5668  [ 8952D53483F690BCCE3D51654AFE0892 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
23:51:28.0601 5668  nvpciflt - ok
23:51:28.0632 5668  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:51:28.0632 5668  nvraid - ok
23:51:28.0648 5668  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:51:28.0664 5668  nvstor - ok
23:51:28.0710 5668  [ 6EADB29447941304CEECC7270892F572 ] NVSvc          C:\Windows\system32\nvvsvc.exe
23:51:28.0757 5668  NVSvc - ok
23:51:28.0851 5668  [ 7E0780027DD61424655C1A44DDC94686 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:51:28.0913 5668  nvUpdatusService - ok
23:51:28.0929 5668  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:51:28.0944 5668  nv_agp - ok
23:51:28.0976 5668  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:51:28.0976 5668  ohci1394 - ok
23:51:29.0038 5668  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:29.0069 5668  ose - ok
23:51:29.0397 5668  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:51:29.0568 5668  osppsvc - ok
23:51:29.0631 5668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:51:29.0693 5668  p2pimsvc - ok
23:51:29.0756 5668  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:51:29.0818 5668  p2psvc - ok
23:51:29.0834 5668  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
23:51:29.0896 5668  Parport - ok
23:51:29.0927 5668  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:51:29.0943 5668  partmgr - ok
23:51:29.0990 5668  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:51:30.0021 5668  PcaSvc - ok
23:51:30.0036 5668  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
23:51:30.0052 5668  pci - ok
23:51:30.0083 5668  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:51:30.0083 5668  pciide - ok
23:51:30.0114 5668  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:30.0161 5668  pcmcia - ok
23:51:30.0177 5668  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
23:51:30.0177 5668  pcw - ok
23:51:30.0208 5668  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:51:30.0270 5668  PEAUTH - ok
23:51:30.0832 5668  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:51:30.0879 5668  PerfHost - ok
23:51:30.0972 5668  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
23:51:31.0082 5668  pla - ok
23:51:31.0191 5668  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:51:31.0238 5668  PlugPlay - ok
23:51:31.0269 5668  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:51:31.0300 5668  PNRPAutoReg - ok
23:51:31.0316 5668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:51:31.0347 5668  PNRPsvc - ok
23:51:31.0440 5668  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:51:31.0534 5668  PolicyAgent - ok
23:51:31.0706 5668  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
23:51:31.0752 5668  Power - ok
23:51:31.0784 5668  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:51:31.0815 5668  PptpMiniport - ok
23:51:31.0830 5668  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
23:51:31.0846 5668  Processor - ok
23:51:31.0877 5668  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
23:51:31.0908 5668  ProfSvc - ok
23:51:31.0924 5668  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:51:31.0924 5668  ProtectedStorage - ok
23:51:31.0971 5668  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:51:32.0033 5668  Psched - ok
23:51:32.0080 5668  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:51:32.0174 5668  ql2300 - ok
23:51:32.0189 5668  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:32.0189 5668  ql40xx - ok
23:51:32.0220 5668  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
23:51:32.0236 5668  QWAVE - ok
23:51:32.0236 5668  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:51:32.0283 5668  QWAVEdrv - ok
23:51:32.0283 5668  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:51:32.0314 5668  RasAcd - ok
23:51:32.0345 5668  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:32.0439 5668  RasAgileVpn - ok
23:51:32.0501 5668  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
23:51:32.0595 5668  RasAuto - ok
23:51:32.0626 5668  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:32.0704 5668  Rasl2tp - ok
23:51:32.0720 5668  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:51:32.0766 5668  RasMan - ok
23:51:32.0798 5668  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:32.0844 5668  RasPppoe - ok
23:51:32.0860 5668  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:51:32.0891 5668  RasSstp - ok
23:51:32.0938 5668  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:51:32.0985 5668  rdbss - ok
23:51:33.0000 5668  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:33.0032 5668  rdpbus - ok
23:51:33.0032 5668  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:33.0063 5668  RDPCDD - ok
23:51:33.0063 5668  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:51:33.0141 5668  RDPENCDD - ok
23:51:33.0141 5668  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:51:33.0172 5668  RDPREFMP - ok
23:51:33.0203 5668  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:51:33.0266 5668  RDPWD - ok
23:51:33.0312 5668  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:51:33.0344 5668  rdyboost - ok
23:51:33.0422 5668  [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:51:33.0500 5668  RegSrvc - ok
23:51:33.0531 5668  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:51:33.0609 5668  RemoteAccess - ok
23:51:33.0640 5668  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:51:33.0687 5668  RemoteRegistry - ok
23:51:33.0780 5668  [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:51:33.0812 5668  RichVideo - ok
23:51:33.0858 5668  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:51:33.0952 5668  RpcEptMapper - ok
23:51:33.0968 5668  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:51:33.0983 5668  RpcLocator - ok
23:51:34.0014 5668  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
23:51:34.0061 5668  RpcSs - ok
23:51:34.0092 5668  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:51:34.0124 5668  rspndr - ok
23:51:34.0155 5668  [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
23:51:34.0170 5668  RTL8167 - ok
23:51:34.0202 5668  [ 538B4DECD14E7A664921908C44987C8A ] S6000KNT        C:\Windows\system32\Drivers\S6000KNT.sys
23:51:34.0202 5668  S6000KNT - ok
23:51:34.0217 5668  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
23:51:34.0233 5668  SamSs - ok
23:51:34.0280 5668  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:51:34.0311 5668  sbp2port - ok
23:51:34.0342 5668  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:51:34.0389 5668  SCardSvr - ok
23:51:34.0467 5668  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:51:34.0545 5668  scfilter - ok
23:51:34.0685 5668  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:51:34.0779 5668  Schedule - ok
23:51:34.0826 5668  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:51:34.0841 5668  SCPolicySvc - ok
23:51:34.0888 5668  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:51:34.0904 5668  SDRSVC - ok
23:51:34.0935 5668  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:51:34.0966 5668  secdrv - ok
23:51:34.0997 5668  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:51:35.0044 5668  seclogon - ok
23:51:35.0060 5668  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:51:35.0091 5668  SENS - ok
23:51:35.0106 5668  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:51:35.0153 5668  SensrSvc - ok
23:51:35.0169 5668  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
23:51:35.0200 5668  Serenum - ok
23:51:35.0216 5668  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:51:35.0231 5668  Serial - ok
23:51:35.0262 5668  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:51:35.0294 5668  sermouse - ok
23:51:35.0325 5668  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:51:35.0387 5668  SessionEnv - ok
23:51:35.0434 5668  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:51:35.0481 5668  sffdisk - ok
23:51:35.0496 5668  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:51:35.0559 5668  sffp_mmc - ok
23:51:35.0574 5668  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:51:35.0606 5668  sffp_sd - ok
23:51:35.0621 5668  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:35.0637 5668  sfloppy - ok
23:51:35.0699 5668  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
23:51:35.0730 5668  Sftfs - ok
23:51:35.0808 5668  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:51:35.0840 5668  sftlist - ok
23:51:35.0871 5668  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:51:35.0871 5668  Sftplay - ok
23:51:35.0902 5668  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:51:35.0918 5668  Sftredir - ok
23:51:35.0980 5668  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:51:35.0996 5668  Sftvol - ok
23:51:36.0027 5668  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:51:36.0042 5668  sftvsa - ok
23:51:36.0089 5668  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:51:36.0152 5668  SharedAccess - ok
23:51:36.0214 5668  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:51:36.0292 5668  ShellHWDetection - ok
23:51:36.0339 5668  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
23:51:36.0370 5668  SiSGbeLH - ok
23:51:36.0417 5668  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:36.0432 5668  SiSRaid2 - ok
23:51:36.0448 5668  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:36.0464 5668  SiSRaid4 - ok
23:51:36.0510 5668  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:51:36.0588 5668  Smb - ok
23:51:36.0620 5668  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:51:36.0635 5668  SNMPTRAP - ok
23:51:36.0635 5668  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:51:36.0651 5668  spldr - ok
23:51:36.0698 5668  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
23:51:36.0760 5668  Spooler - ok
23:51:36.0978 5668  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:51:37.0119 5668  sppsvc - ok
23:51:37.0166 5668  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:51:37.0197 5668  sppuinotify - ok
23:51:37.0244 5668  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:51:37.0322 5668  srv - ok
23:51:37.0353 5668  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:51:37.0431 5668  srv2 - ok
23:51:37.0478 5668  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:51:37.0524 5668  srvnet - ok
23:51:37.0556 5668  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:51:37.0618 5668  SSDPSRV - ok
23:51:37.0634 5668  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:51:37.0665 5668  SstpSvc - ok
23:51:37.0696 5668  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:51:37.0712 5668  stexstor - ok
23:51:37.0743 5668  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:51:37.0774 5668  stisvc - ok
23:51:37.0790 5668  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:51:37.0805 5668  swenum - ok
23:51:37.0899 5668  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
23:51:37.0977 5668  swprv - ok
23:51:38.0133 5668  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
23:51:38.0211 5668  SysMain - ok
23:51:38.0242 5668  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:51:38.0258 5668  TabletInputService - ok
23:51:38.0273 5668  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:51:38.0320 5668  TapiSrv - ok
23:51:38.0336 5668  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
23:51:38.0367 5668  TBS - ok
23:51:38.0445 5668  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:51:38.0507 5668  Tcpip - ok
23:51:38.0570 5668  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:51:38.0601 5668  TCPIP6 - ok
23:51:38.0663 5668  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:51:38.0710 5668  tcpipreg - ok
23:51:38.0741 5668  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:51:38.0788 5668  TDPIPE - ok
23:51:38.0819 5668  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:51:38.0850 5668  TDTCP - ok
23:51:38.0882 5668  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:51:38.0960 5668  tdx - ok
23:51:38.0975 5668  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:51:38.0975 5668  TermDD - ok
23:51:39.0022 5668  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
23:51:39.0131 5668  TermService - ok
23:51:39.0162 5668  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:51:39.0209 5668  Themes - ok
23:51:39.0209 5668  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
23:51:39.0240 5668  THREADORDER - ok
23:51:39.0303 5668  [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService  C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
23:51:39.0334 5668  TiMiniService - ok
23:51:39.0365 5668  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
23:51:39.0381 5668  tmactmon - ok
23:51:39.0396 5668  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
23:51:39.0412 5668  tmcomm - ok
23:51:39.0412 5668  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
23:51:39.0428 5668  tmevtmgr - ok
23:51:39.0443 5668  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi          C:\Windows\system32\DRIVERS\tmtdi.sys
23:51:39.0443 5668  tmtdi - ok
23:51:39.0474 5668  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:51:39.0537 5668  TrkWks - ok
23:51:39.0615 5668  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:51:39.0693 5668  TrustedInstaller - ok
23:51:39.0724 5668  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:39.0771 5668  tssecsrv - ok
23:51:39.0833 5668  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:51:39.0880 5668  TsUsbFlt - ok
23:51:39.0911 5668  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:51:39.0989 5668  tunnel - ok
23:51:40.0005 5668  [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
23:51:40.0020 5668  TurboB - ok
23:51:40.0052 5668  [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:51:40.0067 5668  TurboBoost - ok
23:51:40.0083 5668  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:51:40.0114 5668  uagp35 - ok
23:51:40.0145 5668  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:51:40.0239 5668  udfs - ok
23:51:40.0254 5668  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:51:40.0286 5668  UI0Detect - ok
23:51:40.0301 5668  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:51:40.0317 5668  uliagpkx - ok
23:51:40.0348 5668  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
23:51:40.0379 5668  umbus - ok
23:51:40.0426 5668  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:51:40.0473 5668  UmPass - ok
23:51:40.0816 5668  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:51:40.0863 5668  UNS - ok
23:51:40.0941 5668  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:51:41.0003 5668  upnphost - ok
23:51:41.0019 5668  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:41.0050 5668  usbccgp - ok
23:51:41.0066 5668  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:51:41.0097 5668  usbcir - ok
23:51:41.0128 5668  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
23:51:41.0159 5668  usbehci - ok
23:51:41.0206 5668  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:51:41.0237 5668  usbhub - ok
23:51:41.0268 5668  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:51:41.0284 5668  usbohci - ok
23:51:41.0315 5668  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:51:41.0346 5668  usbprint - ok
23:51:41.0362 5668  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:51:41.0424 5668  USBSTOR - ok
23:51:41.0440 5668  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
23:51:41.0471 5668  usbuhci - ok
23:51:41.0502 5668  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:51:41.0534 5668  usbvideo - ok
23:51:41.0565 5668  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
23:51:41.0627 5668  UxSms - ok
23:51:41.0643 5668  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:51:41.0643 5668  VaultSvc - ok
23:51:41.0690 5668  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:51:41.0721 5668  vdrvroot - ok
23:51:41.0830 5668  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
23:51:41.0924 5668  vds - ok
23:51:41.0939 5668  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:41.0955 5668  vga - ok
23:51:41.0970 5668  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:51:42.0017 5668  VgaSave - ok
23:51:42.0048 5668  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
23:51:42.0048 5668  vhdmp - ok
23:51:42.0080 5668  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:51:42.0095 5668  viaide - ok
23:51:42.0142 5668  [ 0ADF410187B71C9B855721C8D59CEC7A ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
23:51:42.0173 5668  VideAceWindowsService ( UnsignedFile.Multi.Generic ) - warning
23:51:42.0173 5668  VideAceWindowsService - detected UnsignedFile.Multi.Generic (1)
23:51:42.0189 5668  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:51:42.0204 5668  volmgr - ok
23:51:42.0282 5668  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:51:42.0329 5668  volmgrx - ok
23:51:42.0360 5668  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:51:42.0407 5668  volsnap - ok
23:51:42.0454 5668  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
23:51:42.0470 5668  vsmraid - ok
23:51:42.0610 5668  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
23:51:42.0719 5668  VSS - ok
23:51:42.0735 5668  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:51:42.0766 5668  vwifibus - ok
23:51:42.0797 5668  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:51:42.0813 5668  vwififlt - ok
23:51:42.0828 5668  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
23:51:42.0860 5668  vwifimp - ok
23:51:42.0906 5668  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
23:51:43.0000 5668  W32Time - ok
23:51:43.0016 5668  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:51:43.0047 5668  WacomPen - ok
23:51:43.0062 5668  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:51:43.0094 5668  WANARP - ok
23:51:43.0109 5668  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:51:43.0140 5668  Wanarpv6 - ok
23:51:43.0234 5668  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
23:51:43.0328 5668  WatAdminSvc - ok
23:51:43.0468 5668  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:51:43.0546 5668  wbengine - ok
23:51:43.0577 5668  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:51:43.0624 5668  WbioSrvc - ok
23:51:43.0655 5668  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:51:43.0718 5668  wcncsvc - ok
23:51:43.0733 5668  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:51:43.0764 5668  WcsPlugInService - ok
23:51:43.0780 5668  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:51:43.0796 5668  Wd - ok
23:51:43.0811 5668  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:51:43.0858 5668  Wdf01000 - ok
23:51:43.0874 5668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:51:43.0967 5668  WdiServiceHost - ok
23:51:43.0983 5668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:51:44.0014 5668  WdiSystemHost - ok
23:51:44.0045 5668  [ D655B1A102E352D7801E7C8B36317A6D ] wdkmd          C:\Windows\system32\DRIVERS\WDKMD.sys
23:51:44.0076 5668  wdkmd - ok
23:51:44.0123 5668  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
23:51:44.0186 5668  WebClient - ok
23:51:44.0264 5668  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:51:44.0326 5668  Wecsvc - ok
23:51:44.0357 5668  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:51:44.0388 5668  wercplsupport - ok
23:51:44.0404 5668  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:51:44.0451 5668  WerSvc - ok
23:51:44.0482 5668  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:44.0560 5668  WfpLwf - ok
23:51:44.0591 5668  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr        C:\Windows\system32\DRIVERS\wimfltr.sys
23:51:44.0607 5668  WimFltr - ok
23:51:44.0607 5668  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:51:44.0622 5668  WIMMount - ok
23:51:44.0638 5668  WinDefend - ok
23:51:44.0654 5668  WinHttpAutoProxySvc - ok
23:51:44.0810 5668  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:51:44.0856 5668  Winmgmt - ok
23:51:44.0934 5668  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
23:51:45.0075 5668  WinRM - ok
23:51:45.0106 5668  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:51:45.0122 5668  WinUsb - ok
23:51:45.0184 5668  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:51:45.0246 5668  Wlansvc - ok
23:51:45.0340 5668  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:51:45.0356 5668  wlcrasvc - ok
23:51:45.0621 5668  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:51:45.0714 5668  wlidsvc - ok
23:51:45.0746 5668  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
23:51:45.0777 5668  WmiAcpi - ok
23:51:45.0808 5668  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:51:45.0839 5668  wmiApSrv - ok
23:51:45.0855 5668  WMPNetworkSvc - ok
23:51:45.0886 5668  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:51:45.0917 5668  WPCSvc - ok
23:51:45.0948 5668  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:51:45.0980 5668  WPDBusEnum - ok
23:51:46.0011 5668  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:51:46.0089 5668  ws2ifsl - ok
23:51:46.0136 5668  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:51:46.0182 5668  wscsvc - ok
23:51:46.0182 5668  WSearch - ok
23:51:46.0292 5668  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:51:46.0370 5668  wuauserv - ok
23:51:46.0385 5668  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:51:46.0463 5668  WudfPf - ok
23:51:46.0494 5668  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:46.0526 5668  WUDFRd - ok
23:51:46.0557 5668  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:51:46.0572 5668  wudfsvc - ok
23:51:46.0619 5668  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:51:46.0650 5668  WwanSvc - ok
23:51:46.0666 5668  [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbmdm6k    C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:51:46.0682 5668  ZTEusbmdm6k - ok
23:51:46.0713 5668  [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:51:46.0713 5668  ZTEusbnmea - ok
23:51:46.0728 5668  [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbser6k    C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:51:46.0728 5668  ZTEusbser6k - ok
23:51:46.0760 5668  ================ Scan global ===============================
23:51:46.0806 5668  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:51:46.0838 5668  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:51:46.0853 5668  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:51:46.0884 5668  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:51:46.0900 5668  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:51:46.0916 5668  [Global] - ok
23:51:46.0916 5668  ================ Scan MBR ==================================
23:51:46.0931 5668  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:51:47.0820 5668  \Device\Harddisk0\DR0 - ok
23:51:47.0820 5668  ================ Scan VBR ==================================
23:51:47.0867 5668  [ 6B41624EB4ED1238BCA41995B87CD8BD ] \Device\Harddisk0\DR0\Partition1
23:51:47.0867 5668  \Device\Harddisk0\DR0\Partition1 - ok
23:51:47.0898 5668  [ B2B33AEC8BCE4C3A041A95E0EBB66163 ] \Device\Harddisk0\DR0\Partition2
23:51:47.0898 5668  \Device\Harddisk0\DR0\Partition2 - ok
23:51:47.0898 5668  ============================================================
23:51:47.0914 5668  Scan finished
23:51:47.0914 5668  ============================================================
23:51:47.0930 5644  Detected object count: 2
23:51:47.0930 5644  Actual detected object count: 2
23:52:18.0724 5644  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:18.0724 5644  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:18.0724 5644  VideAceWindowsService ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:18.0724 5644  VideAceWindowsService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 01.10.2012 12:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

likia 01.10.2012 18:50
Hallo Cosinus!

Ich habe Combo-Fix ausgeführt (Log-Datei siehe etwas weiter unten).

Danach sind mir (auf die Schnelle) folgende Dinge aufgefallen:
- Die beiden Hilfsprogramme zur Konfiguration der Internetverbindung "A1-Webassistent" und "A1-Servicecenters" meines Internet-Providers (A1) wurden gelöscht (Verknüpfungen in Startmenü und Desktop noch vorhanden)
- Mozilla Firefox ist nicht mehr der Standard-Browser
- Im Windows Explorer werden die Dateiendungen nicht mehr angezeigt.

Ansonsten lassen sich offenbar alle Programme normal ausführen.

Hier ist die Log-Datei:

Code:
ComboFix 12-09-30.03 - aharing 01.10.2012  19:07:54.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.8103.6106 [GMT 2:00]
ausgeführt von:: c:\users\aharing\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\A1
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
c:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
c:\program files (x86)\A1\A1 Servicecenter\Content\index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\more.html
c:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
c:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
c:\program files (x86)\A1\A1 Servicecenter\libcef.dll
c:\program files (x86)\A1\A1 Servicecenter\M2Updater.exe
c:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
c:\program files (x86)\A1\A1 Servicecenter\Start.exe
c:\program files (x86)\A1\A1 Servicecenter\Start.ini
c:\program files (x86)\A1\A1 Webassistent\A1Breitband.chm
c:\program files (x86)\A1\A1 Webassistent\A1Breitband.exe
c:\program files (x86)\A1\A1 Webassistent\A1CMDTool.exe
c:\program files (x86)\A1\A1 Webassistent\A1Mailboxen.exe
c:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.elf
c:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.exe
c:\program files (x86)\A1\A1 Webassistent\A1Webassistent.chm
c:\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe
c:\program files (x86)\A1\A1 Webassistent\A1WLANAssistent.exe
c:\program files (x86)\A1\A1 Webassistent\inifiles.dat
c:\program files (x86)\A1\A1 Webassistent\ipworks6.dll
c:\program files (x86)\A1\A1 Webassistent\KCO.exe
c:\program files (x86)\A1\A1 Webassistent\M2Updater.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-01 bis 2012-10-01  ))))))))))))))))))))))))))))))
.
.
2012-10-01 17:15 . 2012-10-01 17:15        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-10-01 17:15 . 2012-10-01 17:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-28 19:50 . 2012-09-28 19:50        --------        d-----w-        C:\_OTL
2012-09-28 15:42 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-28 15:42 . 2012-09-28 15:42        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-28 15:42 . 2012-09-28 15:42        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 19:43 . 2012-08-24 11:15        17810944        ----a-w-        c:\windows\system32\mshtml.dll
2012-09-24 19:43 . 2012-08-24 10:39        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-09-24 17:33 . 2012-09-24 17:33        --------        d-----w-        c:\program files (x86)\ESET
2012-09-22 19:27 . 2012-09-22 19:27        --------        d-----w-        c:\users\aharing\AppData\Roaming\Malwarebytes
2012-09-22 19:26 . 2012-09-22 19:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-22 19:26 . 2012-09-22 19:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-22 19:26 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-12 18:26 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 18:26 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-12 18:26 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-12 18:26 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 18:26 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 18:26 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 18:26 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 16:53 . 2011-04-29 19:15        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-09-28 15:42 . 2012-06-30 14:42        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 15:42 . 2011-06-19 21:04        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-12 20:19 . 2011-06-16 20:49        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-17 15:16        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-17 15:34        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-17 15:34        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-17 15:34        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-17 15:34        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-20 37888]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-17 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-5 113664]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-5 113664]
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-25 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/24 15:47;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 135664]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 135664]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 11776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-04 25576]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-04 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-20 210944]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-20 49664]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [2010-08-05 190232]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-06 42392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 22:50]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 22:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-03 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-03 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-03 417304]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\aharing\AppData\Roaming\Mozilla\Firefox\Profiles\pjbsyadv.default\
FF - prefs.js: browser.startup.homepage - hxxp://10.0.0.138/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-S6000Mnt - S6000Rmv.dll
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
Wow6432Node-HKLM-Run-A1Webassistent - c:\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-01  19:18:14
ComboFix-quarantined-files.txt  2012-10-01 17:18
.
Vor Suchlauf: 12 Verzeichnis(se), 91.463.852.032 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 91.222.507.520 Bytes frei
.
- - End Of File - - 5A2FBC39757CA6F2E501B397951B4F0E

cosinus 02.10.2012 13:41
A1 stellen wir wieder her, die anderen Sachen wie Standardbrowser also das ist ja pillepalle http://cheesebuerger.de/images/midi/froehlich/a048.gif

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
DeQuarantine::
C:\Qoobox\Quarantine\c\program files (x86)\A1
Quit::
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

likia 02.10.2012 18:50
Ich habe das Script wie beschrieben von Combo-Fix ausführen lassen. Danach wurde die Datei DeQuarantine.txt im Editor angezeigt, die Datei "Combofix.txt" habe ich diesmal allerdings nirgendwo gefunden (weder am Desktop, noch direkt unter C:\, auch nicht im Ordner C:\Combofix\), auch ein Neustart wurde mir nicht angeboten (habe ich dann manuell durchgeführt).
Die Wiederherstellung scheint aber funktioniert zu haben.
Ich poste dir mangels Combofix.txt (wo sollte sie zu finden sein?) die Datei DeQuarantine.txt:

Code:
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\icudt42.dll -> C:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\libcef.dll -> C:\program files (x86)\A1\A1 Servicecenter\libcef.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\M2Updater.exe -> C:\program files (x86)\A1\A1 Servicecenter\M2Updater.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\reqdata.cfg -> C:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.exe -> C:\program files (x86)\A1\A1 Servicecenter\Start.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.ini -> C:\program files (x86)\A1\A1 Servicecenter\Start.ini
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\broadband.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\more.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\more.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\wlan.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Breitband.chm -> C:\program files (x86)\A1\A1 Webassistent\A1Breitband.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Breitband.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Breitband.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1CMDTool.exe -> C:\program files (x86)\A1\A1 Webassistent\A1CMDTool.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Mailboxen.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Mailboxen.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.elf -> C:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.elf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Webassistent.chm -> C:\program files (x86)\A1\A1 Webassistent\A1Webassistent.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1WLANAssistent.exe -> C:\program files (x86)\A1\A1 Webassistent\A1WLANAssistent.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\inifiles.dat -> C:\program files (x86)\A1\A1 Webassistent\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\ipworks6.dll -> C:\program files (x86)\A1\A1 Webassistent\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\KCO.exe -> C:\program files (x86)\A1\A1 Webassistent\KCO.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\M2Updater.exe -> C:\program files (x86)\A1\A1 Webassistent\M2Updater.exe
76 Datei(en) kopiert

cosinus 02.10.2012 20:31
Ja nur die brauch ich - das Dequarantine wird so selten benötigt, dass ich da öfter mal vergesse den Baustein für die Anleitungen anzupassen

Läuft A1 wieder?

likia 02.10.2012 20:55
Alles klar!
Ja, A1 läuft wieder.

cosinus 03.10.2012 17:57
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

likia 03.10.2012 20:33
Nach einem langen Scan mit GMER hat sich ein Fenster mit der Nachricht "GMER has not found any system modifications" (oder so ähnlich) geöffnet, das ich mit OK bestätigt habe. Log-File wurde keines erzeugt: mit "Copy" wurde nichts in die Zwischenablage kopiert - auch "Save..." hat nur ein leeres log-File erzeugt.

OSAM-Log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:01:29 on 03.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
"ATKWMIACPI Driver" (ATKWMIACPIIO) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmtdi.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
{0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\npjpi170_07.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} "TmBpIeBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
{1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"AsusVibeLauncher.lnk" - ? - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"gStart" - "GARMIN Corp." - C:\Garmin\gStart.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
"FLxHCIm" - "Windows (R) Win 7 DDK provider" - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
"HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
"Nuance PDF Reader-reminder" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"RemoteControl10" - "CyberLink Corp." - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
"SonicMasterTray" - "Virage Logic Corporation / Sonic Focus" - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"VAWinAgent" - ? - C:\ExpressGateUtil\VAWinAgent.exe  (File found, but it contains no detailed information)
"Wireless Console 3" - ? - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"CyberLink Product - 2011/02/24 15:47:30" (CLKMSVC10_38F51D56) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) Turbo Boost Technology Monitor" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"TiMiniService" (TiMiniService) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
"Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
"VideAceWindowsService" (VideAceWindowsService) - ? - C:\ExpressGateUtil\VAWinService.exe  (File found, but it contains no detailed information)
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR.txt:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 21:07:10
-----------------------------
21:07:10.378    OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:10.378    Number of processors: 4 586 0x2A07
21:07:10.378    ComputerName: AHARING_PC  UserName: aharing
21:07:12.094    Initialize success
21:12:09.869    AVAST engine defs: 12100301
21:12:42.052    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:12:42.052    Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
21:12:42.067    Disk 0 MBR read successfully
21:12:42.083    Disk 0 MBR scan
21:12:42.083    Disk 0 Windows 7 default MBR code
21:12:42.098    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    22003 MB offset 63
21:12:42.114    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      152618 MB offset 45062325
21:12:42.114    Disk 0 Partition - 00    0F Extended LBA            435857 MB offset 357625856
21:12:42.145    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      435856 MB offset 357627904
21:12:42.192    Disk 0 scanning C:\Windows\system32\drivers
21:12:55.078    Service scanning
21:13:50.130    Modules scanning
21:13:50.146    Disk 0 trace - called modules:
21:13:50.692    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:13:50.692    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099eb060]
21:13:50.707    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8006fca7b0]
21:13:50.723    5 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b46050]
21:13:54.685    AVAST engine scan C:\Windows
21:13:57.868    AVAST engine scan C:\Windows\system32
21:17:11.308    AVAST engine scan C:\Windows\system32\drivers
21:17:29.092    AVAST engine scan C:\Users\aharing
21:18:43.114    AVAST engine scan C:\ProgramData
21:19:14.579    Scan finished successfully
21:19:28.214    Disk 0 MBR has been saved successfully to "C:\Users\aharing\Desktop\MBR.dat"
21:19:28.229    The log file has been saved successfully to "C:\Users\aharing\Desktop\aswMBR.txt"

cosinus 03.10.2012 21:19
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

likia 04.10.2012 21:42
Malwarebytes-Log:
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aharing :: AHARING_PC [Administrator]

Schutz: Aktiviert

04.10.2012 18:06:59
mbam-log-2012-10-04 (18-06-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 564733
Laufzeit: 1 Stunde(n), 12 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SUPERAntiSpyware-Log:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/04/2012 at 10:16 PM

Application Version : 5.5.1022

Core Rules Database Version : 9342
Trace Rules Database Version: 7154

Scan type      : Complete Scan
Total Scan Time : 02:44:14

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 716
Memory threats detected  : 0
Registry items scanned    : 72384
Registry threats detected : 0
File items scanned        : 353284
File threats detected    : 88

Adware.Tracking Cookie
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\B36PU6MU.txt [ Cookie:aharing@tribalfusion.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4WAOG45.txt [ Cookie:aharing@o1.qnsr.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\RESMXH1Q.txt [ Cookie:aharing@adx.chip.de/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CYCCV6G.txt [ Cookie:aharing@smartadserver.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY7G20E4.txt [ Cookie:aharing@etargetnet.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCSEHLRT.txt [ Cookie:aharing@revsci.net/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\PFR97M4E.txt [ Cookie:aharing@ad1.adfarm1.adition.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\PBDUP1W2.txt [ Cookie:aharing@tracking.oe24.at// ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\MHLUN2O3.txt [ Cookie:aharing@kontera.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9J16O05.txt [ Cookie:aharing@c.atdmt.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\EK7DHQ14.txt [ Cookie:aharing@webmasterplan.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\SD55UUX1.txt [ Cookie:aharing@doubleclick.net/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\KFKDVPME.txt [ Cookie:aharing@livestat.derstandard.at/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZWAAQ6M.txt [ Cookie:aharing@atdmt.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\59IA4KS3.txt [ Cookie:aharing@adfarm1.adition.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\9NET2XDA.txt [ Cookie:aharing@ad.yieldmanager.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RCT709L.txt [ Cookie:aharing@adtech.de/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZN8OT32W.txt [ Cookie:aharing@rambler.ru/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHWJQABX.txt [ Cookie:aharing@ad4.adfarm1.adition.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q3DKNGEH.txt [ Cookie:aharing@edsa.122.2o7.net/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\33NBP6KH.txt [ Cookie:aharing@eas4.emediate.eu/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\QHAE9BH2.txt [ Cookie:aharing@2o7.net/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\FS324O7L.txt [ Cookie:aharing@ww251.smartadserver.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\A95VYA3Y.txt [ Cookie:aharing@www.googleadservices.com/pagead/conversion/1036781026/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\NA0LV0HK.txt [ Cookie:aharing@imrworldwide.com/cgi-bin ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\W3I4NW3A.txt [ Cookie:aharing@apmebf.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\X3452XUD.txt [ Cookie:aharing@zanox.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YDRXSW9.txt [ Cookie:aharing@ad.zanox.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\HI4NPZIN.txt [ Cookie:aharing@dyntracker.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\1XJ7AVHK.txt [ Cookie:aharing@tracking.quisma.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5T09JUY.txt [ Cookie:aharing@invitemedia.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\FSN5CI42.txt [ Cookie:aharing@statse.webtrendslive.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQB1LKE7.txt [ Cookie:aharing@statcounter.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\S5G3AOZL.txt [ Cookie:aharing@ad.adserver01.de/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\PX2J8R4R.txt [ Cookie:aharing@m1.webstats.motigo.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\O6VOJ07D.txt [ Cookie:aharing@www.qsstats.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IZW3HXC.txt [ Cookie:aharing@traffictrack.de/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\I6NYVP1O.txt [ Cookie:aharing@qnsr.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMNWZZ3T.txt [ Cookie:aharing@e1.cdn.qnsr.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\7WOKXKGW.txt [ Cookie:aharing@im.banner.t-online.de/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GP4J6CP.txt [ Cookie:aharing@legolas-media.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\2F203307.txt [ Cookie:aharing@accounts.google.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\79CQAABF.txt [ Cookie:aharing@advertising.finon.info/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4W67393.txt [ Cookie:aharing@specificclick.net/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\AZ6Q1BUE.txt [ Cookie:aharing@ad3.adfarm1.adition.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZ9271MX.txt [ Cookie:aharing@xiti.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\SRXQHRWH.txt [ Cookie:aharing@mediaplex.com/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\R2X102AS.txt [ Cookie:aharing@track.effiliation.com/servlet/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SOPC1V6.txt [ Cookie:aharing@liveperson.net/ ]
        C:\USERS\AHARING\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8UIJCRB.txt [ Cookie:aharing@adviva.net/ ]
        statse.webtrendslive.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .kaspersky.122.2o7.net [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tacoda.net [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .ar.atwola.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.at [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.at [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.at [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\AHARING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJBSYADV.DEFAULT\COOKIES.SQLITE ]

cosinus 05.10.2012 13:08
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

likia 05.10.2012 16:45
Hallo Cosinus!

Vielen Dank für deine kompetente Hilfe! Habe dabei auch einiges dazugelernt.
:dankeschoen:

Wegen Cookies werde ich mal CookieCuller (danke für den Link!) ausprobieren.

Zitat:
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
Mein System scheint wieder in Ordnung zu sein - ich bräuchte aber bitte noch deine Hilfe, um die installierten Tools wieder sauber vom Rechner zu entfernen.

cosinus 05.10.2012 18:16
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131