Trojaner-Board - .exe (Trojan.Agent) und (PUP.BundleInstaller.BI)

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - .exe (Trojan.Agent) und (PUP.BundleInstaller.BI) (https://www.trojaner-board.de/125081-exe-trojan-agent-pup-bundleinstaller-bi.html)

.exe (Trojan.Agent) und (PUP.BundleInstaller.BI)

Hallo zusammen,

ich bin neu angemeldet hier im Forum, weil ich wohl ein kleines Trojanerproblem besitze.. Aus diesem Grund bin ich auf Eure Hilfe angewiesen und würde mich sehr freuen, wenn Ihr mir in dieser Sache vielleicht ein bischen weiterhelfen könntet:

Ich habe mir erst vor zwei Monaten mein System komplett neu mit WIN 7 aufgespielt. ein Check mit Malwarebytes kurz nach dem neuen System erbrachte auch keinerlei Hinweise auf Infektionen.

Vor einigen Tagen hab ich dann einen angeschlossenen USB-Stick mit Malwarebytes gechecked und prompt kam folgende Meldung:

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.29.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Adaron :: ADARON-PC [Administrator]
 

30.09.2012 12:01:13

mbam-log-2012-09-30 (12-01-13).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (F:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 212812

Laufzeit: 22 Minute(n), 10 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Adaron\AppData\Local\Temp\.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Beim anschließende Quickscan des System kam folgendes zu Tage:

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.29.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Adaron :: ADARON-PC [Administrator]
 

30.09.2012 12:34:10

mbam-log-2012-09-30 (12-34-10).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 209868

Laufzeit: 4 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Adaron\Downloads\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Dann gab´s noch einmal einen Volscan und der brachte nun keine Inifzierungen mehr.

Daraufhin hab ich den DEFOGGER durchlaufen lassen... ohne Ergebnis.

Dann habe ich mit OTL weitergemacht und versehentlich meinen Virenscanner (G-DATA) nicht abgeschlatet... Prompt maulte G-Data wie folgt herum:

[I]*** Prozess ***

Prozess: 2400
Dateiname: iexplore.exe
Pfad: c:\program files\internet explorer\iexplore.exe

Herausgeber: Microsoft Corporation
Erstelldatum: 09/22/12 19:50:15
Änderungsdatum: 08/24/12 11:23:44

Gestartet von: explorer.exe
Herausgeber: Microsoft Windows

*** Aktionen ***

Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.
Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.
Das Programm stellt eine Verbindung über ein Netzwerk her.
Das Programm zeichnet alle Tastatureingaben auf.
Das Programm hat eine ausführbare Datei angelegt oder manipuliert.

YGLRvdIJJyeoaXKCKCeo5oBycuopJ5eGcnJ+kHJyqI9yostycmjJoHKCenKSKCdoDywnKCcnJwctJ4lmcrItJ3ma4HJyrS8nlycnx+dwKnSSQicndIJwKycpJycnCMdygmJicoKAKicpJycmCLli0b 1y1pAsJwfpcnKdLSeXJifH1qAnJ9dpcnJpcnJsBspycp0tJ5cmJ8fWoC0nqGlygignqOawJicoJycnB5tywmJicsKwLScrJygnCaxyoi0nynJywCwn12nALycrJygnCW1yoignenJy0CgnKiYmJwr9 YtFyrQZucqIMj3JyLSfXYmJwZ3KSty4nx3KSpwh3KCd5y3JyKid5inCncnJwx3JyYmJycnBocqIsJiYnynCYcnIpJiYnl3C4cpJoJifbcpKnCYctJycnJyYGly8nJycnJganJycHpytcY7by0rFbY7 ZywjVmKw6nLifX23JyaXJyjA0A
Version der Regeln: 3.1.4

"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\Explorer.EXE

Ich denke mal, das war ein falscher Alarm. Deswegen Abbruch von OTL und noch einmal komplett neu durchlaufen lassen mit deaktiviertem GDATA... Hier das OTL-TXT...

Code:

OTL logfile created on: 03.10.2012 10:52:57 - Run 1

OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Adaron\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,22% Memory free

8,00 Gb Paging File | 5,88 Gb Available in Paging File | 73,48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 192,22 Gb Total Space | 123,24 Gb Free Space | 64,11% Space Free | Partition Type: NTFS

Drive D: | 273,44 Gb Total Space | 186,59 Gb Free Space | 68,24% Space Free | Partition Type: NTFS

 

Computer Name: ADARON-PC | User Name: Adaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Adaron\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\GUI\GDSC.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS)

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)

DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)

DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)

DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 32 1D 8F 25 7D CD 01  [binary data]

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:52:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.08.20 20:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Extensions

[2012.08.26 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Firefox\Profiles\gir6nvp9.default\extensions

[2012.08.20 14:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.XXX.X.X

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CB6B60-D408-4F7F-915A-10285EBD3F9E}: DhcpNameServer = 192.XXX.X.X

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E072CB39-6646-4566-872C-51883663D9CD}: DhcpNameServer = 192.XXX.X.x

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.30 13:28:31 | 000,000,000 | ---D | C] -- C:\.Trash-999

[2012.09.30 12:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.30 12:00:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.30 12:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.09.26 08:26:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012.09.25 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fix WU

[2012.09.25 11:09:49 | 000,000,000 | R--D | C] -- C:\Users\Adaron\Documents\Scanned Documents

[2012.09.25 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fax

[2012.09.23 14:52:28 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.09.23 14:52:28 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.09.22 21:50:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.09.22 21:50:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.09.22 21:50:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.09.22 21:50:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.09.22 21:50:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.09.22 21:50:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.09.22 21:50:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.09.22 21:50:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.09.22 21:50:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.09.22 21:50:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.09.22 21:50:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.09.22 21:50:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.09.22 21:50:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.09.22 21:50:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.09.22 21:50:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.09.21 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon Music Importer

[2012.09.21 14:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012.09.20 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\ElevatedDiagnostics

[2012.09.20 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2012.09.20 16:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012.09.20 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012.09.20 16:39:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012.09.20 16:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012.09.20 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012.09.20 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012.09.20 16:36:58 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012.09.20 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Microsoft Help

[2012.09.20 16:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012.09.19 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Macromedia

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon MP3

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.17 15:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012.09.17 15:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2012.09.12 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.09.12 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo

[2012.09.12 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo

[2012.09.12 18:39:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012.09.12 18:39:41 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012.09.12 18:39:40 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012.09.12 18:39:40 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012.09.05 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Adobe

[2012.09.05 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012.09.05 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.03 10:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.03 09:18:06 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.03 09:18:06 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.03 09:15:45 | 000,813,445 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2012.10.03 09:15:45 | 000,044,573 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2012.10.03 09:10:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.03 09:10:26 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.30 14:01:07 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.09.30 14:01:07 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.09.30 14:01:07 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.09.30 14:01:07 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.09.30 14:01:07 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.09.30 14:00:22 | 000,000,193 | ---- | M] () -- C:\Users\Adaron\Documents\test.rtf

[2012.09.30 12:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.21 09:29:35 | 000,341,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.09.20 16:40:44 | 000,003,047 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 16:40:44 | 000,003,029 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

[2012.09.19 17:00:28 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.09.19 17:00:28 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.09.12 18:57:28 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.05 12:21:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.09.30 14:00:21 | 000,000,193 | ---- | C] () -- C:\Users\Adaron\Documents\test.rtf

[2012.09.30 12:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.20 17:04:14 | 000,003,047 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 17:03:59 | 000,003,029 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

[2012.09.12 18:57:28 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk

[2012.09.05 12:21:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.09.05 12:21:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.08.19 16:00:05 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.08.19 14:13:31 | 000,813,445 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer

 
 ========== Purity Check ==========

 

 
 

< End of report >

EXTRAS.TXT liegt als Anhang bei.

Kurioserweise habe ich derzeit keinerlei Probleme mit meinem PC, Performance etc pp. ist alles völlig o.k. und es gibt wirklich keinen Stress mit meinem Compi... Hat MALWAREBYTE mir hier vielleicht nen "False positive" ausgespuckt?

Ich bedanke mich schon im Voraus für Eure Unterstützung und wüpnsche noch einen ruhigen Tag derdeutschen Einheit...

Liebe Grüße
Mojitofan

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Cosinus...

vielen Dank Deine prompte Hilfe.

Hier das Log vom ESET-Scan. Die EOS Serielnummer habe ich mit *** unkenntlich gemacht...

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=***

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-05 07:03:57

# local_time=2012-10-05 09:03:57 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=4096 16777215 100 0 4177490 4177490 0 0

# compatibility_mode=5893 16776573 100 94 2450 101089851 0 0

# compatibility_mode=8192 67108863 100 0 179 179 0 0

# scanned=104061

# found=0

# cleaned=0

# scan_time=3837

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=***

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-06 09:11:32

# local_time=2012-10-06 11:11:32 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=4096 16777215 100 0 4231846 4231846 0 0

# compatibility_mode=5893 16776573 100 94 56806 101144207 0 0

# compatibility_mode=8192 67108863 100 0 54535 54535 0 0

# scanned=4499

# found=0

# cleaned=0

# scan_time=335

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=****

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-06 10:25:13

# local_time=2012-10-06 12:25:13 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=4096 16777215 100 0 4232233 4232233 0 0

# compatibility_mode=5893 16776573 100 94 57193 101144594 0 0

# compatibility_mode=8192 67108863 100 0 54922 54922 0 0

# scanned=100805

# found=0

# cleaned=0

# scan_time=4369

Natürlich hab ich Dussel vergessen, beim ESET-Scan besagten oben genannten USB-Stick anzuschließen.

Den habe ich jetzt noch einmal angeschlossen und gescannt. Anbei das Log...

Code:

# scan_time=4369

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=***

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-10-06 11:07:47

# local_time=2012-10-06 01:07:47 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=4096 16777215 100 0 4238538 4238538 0 0

# compatibility_mode=5893 16776573 100 94 63498 101150899 0 0

# compatibility_mode=8192 67108863 100 0 61227 61227 0 0

# scanned=11398

# found=0

# cleaned=0

# scan_time=638

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=***

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-10-06 11:27:17

# local_time=2012-10-06 01:27:17 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=4096 16777215 100 0 4240031 4240031 0 0

# compatibility_mode=5893 16776573 100 94 64991 101152392 0 0

# compatibility_mode=8192 67108863 100 0 62720 62720 0 0

# scanned=11398

# found=0

# cleaned=0

# scan_time=295

Sorry dafür.

Vielleicht noch zur Information: Ich habe vor einiger Zeit mein System komplett neu aufgespielt, weil ich mir auch einen UKASH-Trojaner (den mit dem Webcam-Bild) eingefangen habe. Ich habe dann entsprechend Eurer Anleitung die Festplatte formatiert und sogar den MBR übrschrieben. Meine Daten habe ich per UBUNTU auf besagten Stick gezogen, wobei ich darauf geachtet habe, eben keine gefährlichen .exe - Dateien etc. mitzukopieren.

LG Mojito

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hallo Cosinus,

anbei das Logfile...

Code:

# AdwCleaner v2.003 - Datei am 10/07/2012 um 11:11:34 erstellt

# Aktualisiert am 23/09/2012 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzer : Adaron - ADARON-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Adaron\Downloads\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\Softonic
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profilname : default 

Datei : C:\Users\Adaron\AppData\Roaming\Mozilla\Firefox\Profiles\gir6nvp9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [797 octets] - [07/10/2012 11:11:34]
 

########## EOF - C:\AdwCleaner[R1].txt - [856 octets] ##########

Schönen Sonntag noch...

LG Mojito

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Hallo Cosinus.

Bin bis Freitag auf Reisen und melde mich sobald ich wieder da bin.

Lg Mojitifan

Hallo Cosinus...

anbei die das Log:

Code:

# AdwCleaner v2.003 - Datei am 10/12/2012 um 11:59:25 erstellt

# Aktualisiert am 23/09/2012 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzer : Adaron - ADARON-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Adaron\Downloads\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Softonic
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profilname : default 

Datei : C:\Users\Adaron\AppData\Roaming\Mozilla\Firefox\Profiles\gir6nvp9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [924 octets] - [07/10/2012 11:11:34]

AdwCleaner[R2].txt - [986 octets] - [07/10/2012 12:55:42]

AdwCleaner[R3].txt - [1042 octets] - [12/10/2012 11:58:49]

AdwCleaner[S1].txt - [1339 octets] - [12/10/2012 11:59:25]
 

########## EOF - C:\AdwCleaner[S1].txt - [1399 octets] ##########

Lieben Gruß
Mojitp

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hallo Cosinus...

hier der neue Log des neu heruntergeladenen ADW...

Code:

# AdwCleaner v2.004 - Datei am 12/10/2012 um 15:55:48 erstellt

# Aktualisiert am 06/10/2012 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzer : Adaron - ADARON-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Adaron\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gefunden : HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profilname : default 

Datei : C:\Users\Adaron\AppData\Roaming\Mozilla\Firefox\Profiles\gir6nvp9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [924 octets] - [07/10/2012 11:11:34]

AdwCleaner[R2].txt - [986 octets] - [07/10/2012 12:55:42]

AdwCleaner[R3].txt - [1042 octets] - [12/10/2012 11:58:49]

AdwCleaner[S1].txt - [1468 octets] - [12/10/2012 11:59:25]

AdwCleaner[R4].txt - [1514 octets] - [12/10/2012 15:55:48]
 

########## EOF - C:\AdwCleaner[R4].txt - [1574 octets] ##########

LG Mojito

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Hallo Cosinus...

hier das Log:

Code:

# AdwCleaner v2.004 - Datei am 12/10/2012 um 18:41:18 erstellt

# Aktualisiert am 06/10/2012 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzer : Adaron - ADARON-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Adaron\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profilname : default 

Datei : C:\Users\Adaron\AppData\Roaming\Mozilla\Firefox\Profiles\gir6nvp9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [924 octets] - [07/10/2012 11:11:34]

AdwCleaner[R2].txt - [986 octets] - [07/10/2012 12:55:42]

AdwCleaner[R3].txt - [1042 octets] - [12/10/2012 11:58:49]

AdwCleaner[S1].txt - [1468 octets] - [12/10/2012 11:59:25]

AdwCleaner[R4].txt - [1639 octets] - [12/10/2012 15:55:48]

AdwCleaner[S2].txt - [1414 octets] - [12/10/2012 18:41:18]
 

########## EOF - C:\AdwCleaner[S2].txt - [1474 octets] ##########

.....

LG Mojito

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo Cosinus,

Windows funktioniert einwandfrei.

Ja, es gibt unter "Alle Programme" einen Ordner "Autostart", welcher "Leer" ist... auch fehlt mir die Anzeige meines installierten "Fussballmanagers"

Übrigens: Wenn ich die Festplatte C: betrachte, so fällt mir auf auf, dass die Ordner "$Recycle.Bin", "Dokumente und Einstellungen", "Programme" und "Documents and Settings" leicht schemenhaft dargestellt werden (wie bei einer versteckten Datei) und zudem mit einem "Vorhängeschloßsymbol" versehen sind. Die einzelnen Ordner kann nicht öffnen und wenn ich in die Ordnereigenschaften schau, steht da irgendetwas von "vererbt". Hier könnte ich die Berechtigung zwar übernehmen, hab ich aber noch nicht getan... Ich meine, dass ich dieses Phänomen erst seit dem DEFOGGER-Durchlauf habe, bin mir abern icht ganz sicher...

LG Mojito

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hi Cosinus,

anbei das OTL-Log:

Code:

OTL logfile created on: 14.10.2012 13:04:07 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adaron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,07% Memory free

8,00 Gb Paging File | 5,72 Gb Available in Paging File | 71,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 192,22 Gb Total Space | 120,08 Gb Free Space | 62,47% Space Free | Partition Type: NTFS

Drive D: | 273,44 Gb Total Space | 182,65 Gb Free Space | 66,80% Space Free | Partition Type: NTFS

 

Computer Name: ADARON-PC | User Name: Adaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Adaron\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS)

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)

DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)

DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)

DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 32 1D 8F 25 7D CD 01  [binary data]

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:52:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.08.20 20:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Extensions

[2012.08.26 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Firefox\Profiles\gir6nvp9.default\extensions

[2012.10.03 11:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.10.03 11:18:41 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CB6B60-D408-4F7F-915A-10285EBD3F9E}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E072CB39-6646-4566-872C-51883663D9CD}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.14 13:01:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adaron\Desktop\OTL(1).exe

[2012.10.12 00:46:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012.10.12 00:46:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012.10.12 00:46:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012.10.12 00:46:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012.10.12 00:46:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012.10.12 00:46:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012.10.12 00:46:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012.10.12 00:46:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012.10.12 00:46:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012.10.12 00:46:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012.10.12 00:46:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012.10.12 00:46:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012.10.12 00:46:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.12 00:46:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.10.12 00:46:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.12 00:46:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.10.12 00:46:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.10.12 00:46:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.10.12 00:46:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.10.12 00:46:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.12 00:46:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.10.12 00:46:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.10.12 00:46:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.10.12 00:46:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012.10.12 00:46:43 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012.10.12 00:46:42 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012.10.12 00:46:42 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012.10.12 00:46:39 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012.10.12 00:46:24 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012.10.12 00:46:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012.10.05 19:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.03 12:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.03 12:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.09.30 13:28:31 | 000,000,000 | ---D | C] -- C:\.Trash-999

[2012.09.30 12:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.30 12:00:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.30 12:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.09.26 08:26:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012.09.25 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fix WU

[2012.09.25 11:09:49 | 000,000,000 | R--D | C] -- C:\Users\Adaron\Documents\Scanned Documents

[2012.09.25 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fax

[2012.09.23 14:52:28 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.09.23 14:52:28 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.09.22 21:50:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.09.22 21:50:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.09.22 21:50:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.09.22 21:50:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.09.22 21:50:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.09.22 21:50:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.09.22 21:50:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.09.22 21:50:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.09.22 21:50:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.09.22 21:50:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.09.22 21:50:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.09.22 21:50:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.09.22 21:50:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.09.22 21:50:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.09.22 21:50:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.09.21 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon Music Importer

[2012.09.21 14:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012.09.20 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\ElevatedDiagnostics

[2012.09.20 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2012.09.20 16:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012.09.20 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012.09.20 16:39:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012.09.20 16:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012.09.20 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012.09.20 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012.09.20 16:36:58 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012.09.20 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Microsoft Help

[2012.09.20 16:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012.09.19 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Macromedia

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon MP3

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.17 15:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012.09.17 15:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.14 13:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adaron\Desktop\OTL(1).exe

[2012.10.14 12:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.14 11:24:28 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.14 11:24:28 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.14 11:21:25 | 000,825,283 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2012.10.14 11:21:25 | 000,044,928 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2012.10.14 11:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.14 11:16:31 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.12 15:55:26 | 000,538,327 | ---- | M] () -- C:\Users\Adaron\Desktop\adwcleaner.exe

[2012.10.12 12:52:44 | 000,001,694 | ---- | M] () -- C:\Users\Adaron\Desktop\G Data Protokoll ID 409.html

[2012.10.12 01:42:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.10.12 01:42:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.10.06 12:56:45 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.10.06 12:56:45 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.10.06 12:56:45 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.10.06 12:56:45 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.10.06 12:56:45 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.10.03 11:20:52 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2012.10.03 11:18:42 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2012.10.03 11:18:42 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2012.10.03 11:18:42 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2012.09.30 12:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.21 09:29:35 | 000,341,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.09.20 16:40:44 | 000,003,047 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 16:40:44 | 000,003,029 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.10.12 15:55:21 | 000,538,327 | ---- | C] () -- C:\Users\Adaron\Desktop\adwcleaner.exe

[2012.10.12 12:52:44 | 000,001,694 | ---- | C] () -- C:\Users\Adaron\Desktop\G Data Protokoll ID 409.html

[2012.09.30 12:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.20 17:04:14 | 000,003,047 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 17:03:59 | 000,003,029 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

[2012.08.19 16:00:05 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.08.19 14:13:31 | 000,825,283 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer

 
 ========== Purity Check ==========

 

 
 

< End of report >

Und nun das zweite Log mit dem Skript von Dir:

Code:

OTL logfile created on: 14.10.2012 13:22:47 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adaron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,33% Memory free

8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 192,22 Gb Total Space | 120,08 Gb Free Space | 62,47% Space Free | Partition Type: NTFS

Drive D: | 273,44 Gb Total Space | 182,65 Gb Free Space | 66,80% Space Free | Partition Type: NTFS

 

Computer Name: ADARON-PC | User Name: Adaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Adaron\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS)

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()

MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)

DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)

DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)

DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 32 1D 8F 25 7D CD 01  [binary data]

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:52:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.08.20 20:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Extensions

[2012.08.26 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Firefox\Profiles\gir6nvp9.default\extensions

[2012.10.03 11:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.10.03 11:18:41 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CB6B60-D408-4F7F-915A-10285EBD3F9E}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E072CB39-6646-4566-872C-51883663D9CD}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.14 13:01:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adaron\Desktop\OTL(1).exe

[2012.10.05 19:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.03 12:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.03 12:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.09.30 13:28:31 | 000,000,000 | ---D | C] -- C:\.Trash-999

[2012.09.30 12:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.30 12:00:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.30 12:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.09.25 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fix WU

[2012.09.25 11:09:49 | 000,000,000 | R--D | C] -- C:\Users\Adaron\Documents\Scanned Documents

[2012.09.25 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fax

[2012.09.21 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon Music Importer

[2012.09.21 14:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012.09.20 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\ElevatedDiagnostics

[2012.09.20 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2012.09.20 16:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012.09.20 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012.09.20 16:39:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012.09.20 16:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012.09.20 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012.09.20 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012.09.20 16:36:58 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012.09.20 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Microsoft Help

[2012.09.20 16:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012.09.19 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Macromedia

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon MP3

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.17 15:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012.09.17 15:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.14 13:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adaron\Desktop\OTL(1).exe

[2012.10.14 12:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.14 11:24:28 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.14 11:24:28 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.14 11:21:25 | 000,825,283 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2012.10.14 11:21:25 | 000,044,928 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2012.10.14 11:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.14 11:16:31 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.12 15:55:26 | 000,538,327 | ---- | M] () -- C:\Users\Adaron\Desktop\adwcleaner.exe

[2012.10.12 12:52:44 | 000,001,694 | ---- | M] () -- C:\Users\Adaron\Desktop\G Data Protokoll ID 409.html

[2012.10.06 12:56:45 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.10.06 12:56:45 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.10.06 12:56:45 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.10.06 12:56:45 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.10.06 12:56:45 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.10.03 11:20:52 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2012.10.03 11:18:42 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2012.10.03 11:18:42 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2012.10.03 11:18:42 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2012.09.30 12:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.21 09:29:35 | 000,341,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.09.20 16:40:44 | 000,003,047 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 16:40:44 | 000,003,029 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.10.12 15:55:21 | 000,538,327 | ---- | C] () -- C:\Users\Adaron\Desktop\adwcleaner.exe

[2012.10.12 12:52:44 | 000,001,694 | ---- | C] () -- C:\Users\Adaron\Desktop\G Data Protokoll ID 409.html

[2012.09.30 12:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.20 17:04:14 | 000,003,047 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 17:03:59 | 000,003,029 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

[2012.08.19 16:00:05 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.08.19 14:13:31 | 000,825,283 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.09.21 14:21:30 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Adobe

[2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.08.18 11:27:14 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Identities

[2012.08.18 22:29:20 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\InstallShield

[2012.08.18 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Macromedia

[2012.08.24 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Malwarebytes

[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Media Center Programs

[2012.09.21 17:46:43 | 000,000,000 | --SD | M] -- C:\Users\Adaron\AppData\Roaming\Microsoft

[2012.08.20 20:25:06 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Mozilla

[2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.10.03 14:39:43 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Skype

[2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer

 
 < %APPDATA%\*.exe /s >

[2012.09.21 14:21:26 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Adaron\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2012.08.18 22:42:25 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Users\Adaron\Documents\IMSM_WIN7_64_8921002[1]\IaStor.sys

[2012.08.18 22:42:25 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys

[2012.08.18 22:42:25 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2012.08.24 09:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

 
 <           >

[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.08.18 11:51:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 

< End of report >

...

LG Mojito

Das war kein CustomScan. Hast du den Text aus der CODE-Box nicht bei OTL eingefügt?

Hallo Cosinus...

habe ich eigentlichgemacht...

Dann lass ich den morgen nochmaldurchlaufen und melde mich...

LG Mojito

Ähm, ich glaub ich muss meine OTL-Anleitung anders mal machen, es soll damit gemeint sein, dass man nur den CustomScan macht und nicht erst den normalen und dann nochmal den CustomScan - ist das so verstänlicher :wtf:

Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Cosinus...

ja es war ein bischen zweideutig in der Formulierung... Aber nun ists mir nachvollziehbar.

Also: Ich habe nun entsprechend Dein Skript in die Codebox gepackt und anschließend auf Quick Scan gedrückt...

Hier ist das Log:

Code:

OTL logfile created on: 16.10.2012 19:16:34 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adaron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,45% Memory free

8,00 Gb Paging File | 6,12 Gb Available in Paging File | 76,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 192,22 Gb Total Space | 124,96 Gb Free Space | 65,01% Space Free | Partition Type: NTFS

Drive D: | 273,44 Gb Total Space | 181,89 Gb Free Space | 66,52% Space Free | Partition Type: NTFS

 

Computer Name: ADARON-PC | User Name: Adaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Adaron\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS)

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)

SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)

DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)

DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)

DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 32 1D 8F 25 7D CD 01  [binary data]

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:52:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.08.20 20:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Extensions

[2012.08.26 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Firefox\Profiles\gir6nvp9.default\extensions

[2012.10.03 11:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.10.03 11:18:41 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CB6B60-D408-4F7F-915A-10285EBD3F9E}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E072CB39-6646-4566-872C-51883663D9CD}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE

O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.14 13:01:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adaron\Desktop\OTL(1).exe

[2012.10.05 19:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.03 12:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.03 12:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.09.30 13:28:31 | 000,000,000 | ---D | C] -- C:\.Trash-999

[2012.09.30 12:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.30 12:00:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.30 12:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.09.25 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fix WU

[2012.09.25 11:09:49 | 000,000,000 | R--D | C] -- C:\Users\Adaron\Documents\Scanned Documents

[2012.09.25 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fax

[2012.09.21 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon Music Importer

[2012.09.21 14:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012.09.20 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\ElevatedDiagnostics

[2012.09.20 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2012.09.20 16:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012.09.20 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012.09.20 16:39:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012.09.20 16:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012.09.20 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012.09.20 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012.09.20 16:36:58 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012.09.20 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Microsoft Help

[2012.09.20 16:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012.09.19 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Macromedia

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon MP3

[2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.17 15:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012.09.17 15:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.16 18:54:11 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.16 18:54:11 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.16 18:46:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.16 18:46:43 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.16 17:54:54 | 000,827,087 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2012.10.16 17:54:54 | 000,044,970 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2012.10.15 19:41:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.14 13:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adaron\Desktop\OTL(1).exe

[2012.10.12 15:55:26 | 000,538,327 | ---- | M] () -- C:\Users\Adaron\Desktop\adwcleaner.exe

[2012.10.06 12:56:45 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.10.06 12:56:45 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.10.06 12:56:45 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.10.06 12:56:45 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.10.06 12:56:45 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.10.03 11:20:52 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2012.10.03 11:18:42 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2012.10.03 11:18:42 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2012.10.03 11:18:42 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2012.09.30 12:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.21 09:29:35 | 000,341,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.09.20 16:40:44 | 000,003,047 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 16:40:44 | 000,003,029 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.10.12 15:55:21 | 000,538,327 | ---- | C] () -- C:\Users\Adaron\Desktop\adwcleaner.exe

[2012.09.30 12:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.20 17:04:14 | 000,003,047 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk

[2012.09.20 17:03:59 | 000,003,029 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk

[2012.08.19 16:00:05 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.08.19 14:13:31 | 000,827,087 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.09.21 14:21:30 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Adobe

[2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon

[2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader

[2012.08.18 11:27:14 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Identities

[2012.08.18 22:29:20 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\InstallShield

[2012.08.18 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Macromedia

[2012.08.24 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Malwarebytes

[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Media Center Programs

[2012.09.21 17:46:43 | 000,000,000 | --SD | M] -- C:\Users\Adaron\AppData\Roaming\Microsoft

[2012.08.20 20:25:06 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Mozilla

[2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details

[2012.10.03 14:39:43 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Skype

[2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer

 
 < %APPDATA%\*.exe /s >

[2012.09.21 14:21:26 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Adaron\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2012.08.18 22:42:25 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Users\Adaron\Documents\IMSM_WIN7_64_8921002[1]\IaStor.sys

[2012.08.18 22:42:25 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys

[2012.08.18 22:42:25 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2012.08.24 09:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 

< End of report >

Ich hoffe, ich habe es jetzt richtig gemacht......

Liebe Grüße
Mojito

Ist unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Hallo Cosinus...

hier das Log:

Code:

20:17:59.0827 12360  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

20:18:01.0297 12360  ============================================================

20:18:01.0297 12360  Current date / time: 2012/10/17 20:18:01.0297

20:18:01.0297 12360  SystemInfo:

20:18:01.0297 12360  

20:18:01.0297 12360  OS Version: 6.1.7601 ServicePack: 1.0

20:18:01.0297 12360  Product type: Workstation

20:18:01.0297 12360  ComputerName: ADARON-PC

20:18:01.0297 12360  UserName: Adaron

20:18:01.0297 12360  Windows directory: C:\Windows

20:18:01.0297 12360  System windows directory: C:\Windows

20:18:01.0297 12360  Running under WOW64

20:18:01.0297 12360  Processor architecture: Intel x64

20:18:01.0297 12360  Number of processors: 2

20:18:01.0297 12360  Page size: 0x1000

20:18:01.0297 12360  Boot type: Normal boot

20:18:01.0297 12360  ============================================================

20:18:09.0790 12360  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:18:09.0805 12360  ============================================================

20:18:09.0805 12360  \Device\Harddisk0\DR0:

20:18:09.0805 12360  MBR partitions:

20:18:09.0805 12360  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:18:09.0805 12360  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x18073000

20:18:09.0805 12360  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x180A5800, BlocksNum 0x222E0000

20:18:09.0805 12360  ============================================================

20:18:09.0836 12360  C: <-> \Device\Harddisk0\DR0\Partition2

20:18:09.0868 12360  D: <-> \Device\Harddisk0\DR0\Partition3

20:18:09.0868 12360  ============================================================

20:18:09.0868 12360  Initialize success

20:18:09.0868 12360  ============================================================

20:18:22.0891 13040  ============================================================

20:18:22.0891 13040  Scan started

20:18:22.0891 13040  Mode: Manual; SigCheck; TDLFS; 

20:18:22.0891 13040  ============================================================

20:18:23.0468 13040  ================ Scan system memory ========================

20:18:23.0468 13040  System memory - ok

20:18:23.0468 13040  ================ Scan services =============================

20:18:23.0843 13040  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys

20:18:23.0952 13040  1394ohci - ok

20:18:23.0983 13040  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

20:18:24.0014 13040  ACPI - ok

20:18:24.0014 13040  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

20:18:24.0046 13040  AcpiPmi - ok

20:18:24.0139 13040  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:18:24.0155 13040  AdobeARMservice - ok

20:18:24.0280 13040  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:18:24.0295 13040  AdobeFlashPlayerUpdateSvc - ok

20:18:24.0342 13040  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

20:18:24.0358 13040  adp94xx - ok

20:18:24.0404 13040  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

20:18:24.0420 13040  adpahci - ok

20:18:24.0420 13040  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

20:18:24.0451 13040  adpu320 - ok

20:18:24.0529 13040  [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

20:18:24.0529 13040  ADSMService ( UnsignedFile.Multi.Generic ) - warning

20:18:24.0529 13040  ADSMService - detected UnsignedFile.Multi.Generic (1)

20:18:24.0560 13040  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

20:18:24.0607 13040  AeLookupSvc - ok

20:18:24.0654 13040  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

20:18:24.0685 13040  AFD - ok

20:18:24.0716 13040  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

20:18:24.0716 13040  agp440 - ok

20:18:24.0748 13040  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

20:18:24.0763 13040  ALG - ok

20:18:24.0794 13040  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

20:18:24.0810 13040  aliide - ok

20:18:24.0810 13040  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

20:18:24.0826 13040  amdide - ok

20:18:24.0826 13040  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

20:18:24.0841 13040  AmdK8 - ok

20:18:24.0841 13040  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys

20:18:24.0857 13040  AmdPPM - ok

20:18:24.0888 13040  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

20:18:24.0904 13040  amdsata - ok

20:18:24.0935 13040  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

20:18:24.0950 13040  amdsbs - ok

20:18:24.0966 13040  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

20:18:24.0982 13040  amdxata - ok

20:18:25.0013 13040  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

20:18:25.0044 13040  AppID - ok

20:18:25.0075 13040  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

20:18:25.0106 13040  AppIDSvc - ok

20:18:25.0106 13040  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll

20:18:25.0138 13040  Appinfo - ok

20:18:25.0200 13040  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll

20:18:25.0216 13040  AppMgmt - ok

20:18:25.0231 13040  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys

20:18:25.0247 13040  arc - ok

20:18:25.0247 13040  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys

20:18:25.0262 13040  arcsas - ok

20:18:25.0325 13040  [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys

20:18:25.0340 13040  AsDsm - ok

20:18:25.0372 13040  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

20:18:25.0387 13040  ASLDRService - ok

20:18:25.0418 13040  [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64        C:\Program Files\ATKGFNEX\ASMMAP64.sys

20:18:25.0434 13040  ASMMAP64 - ok

20:18:25.0528 13040  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:18:25.0543 13040  aspnet_state - ok

20:18:25.0574 13040  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

20:18:25.0606 13040  AsyncMac - ok

20:18:25.0637 13040  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

20:18:25.0637 13040  atapi - ok

20:18:25.0684 13040  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe

20:18:25.0684 13040  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning

20:18:25.0684 13040  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)

20:18:25.0746 13040  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:18:25.0777 13040  AudioEndpointBuilder - ok

20:18:25.0793 13040  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

20:18:25.0824 13040  AudioSrv - ok

20:18:25.0930 13040  [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

20:18:25.0970 13040  AVKProxy - ok

20:18:26.0040 13040  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe

20:18:26.0060 13040  AVKService - ok

20:18:26.0130 13040  [ 22F1444896844B0462359825EF628507 ] AVKWCtl         C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe

20:18:26.0170 13040  AVKWCtl - ok

20:18:26.0220 13040  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

20:18:26.0240 13040  AxInstSV - ok

20:18:26.0290 13040  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys

20:18:26.0310 13040  b06bdrv - ok

20:18:26.0350 13040  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

20:18:26.0360 13040  b57nd60a - ok

20:18:26.0400 13040  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

20:18:26.0420 13040  BDESVC - ok

20:18:26.0430 13040  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

20:18:26.0460 13040  Beep - ok

20:18:26.0530 13040  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

20:18:26.0570 13040  BFE - ok

20:18:26.0600 13040  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll

20:18:26.0650 13040  BITS - ok

20:18:26.0680 13040  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

20:18:26.0700 13040  blbdrive - ok

20:18:26.0740 13040  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

20:18:26.0750 13040  bowser - ok

20:18:26.0780 13040  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

20:18:26.0790 13040  BrFiltLo - ok

20:18:26.0800 13040  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

20:18:26.0820 13040  BrFiltUp - ok

20:18:26.0860 13040  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

20:18:26.0880 13040  Browser - ok

20:18:26.0910 13040  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

20:18:26.0920 13040  Brserid - ok

20:18:26.0930 13040  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

20:18:26.0950 13040  BrSerWdm - ok

20:18:26.0950 13040  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

20:18:26.0970 13040  BrUsbMdm - ok

20:18:26.0970 13040  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

20:18:26.0990 13040  BrUsbSer - ok

20:18:27.0030 13040  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

20:18:27.0040 13040  BthEnum - ok

20:18:27.0060 13040  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

20:18:27.0080 13040  BTHMODEM - ok

20:18:27.0110 13040  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

20:18:27.0130 13040  BthPan - ok

20:18:27.0160 13040  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

20:18:27.0180 13040  BTHPORT - ok

20:18:27.0220 13040  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

20:18:27.0260 13040  bthserv - ok

20:18:27.0290 13040  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

20:18:27.0300 13040  BTHUSB - ok

20:18:27.0320 13040  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

20:18:27.0360 13040  cdfs - ok

20:18:27.0390 13040  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

20:18:27.0410 13040  cdrom - ok

20:18:27.0430 13040  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

20:18:27.0470 13040  CertPropSvc - ok

20:18:27.0490 13040  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

20:18:27.0510 13040  circlass - ok

20:18:27.0540 13040  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

20:18:27.0560 13040  CLFS - ok

20:18:27.0610 13040  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:18:27.0620 13040  clr_optimization_v2.0.50727_32 - ok

20:18:27.0650 13040  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:18:27.0660 13040  clr_optimization_v2.0.50727_64 - ok

20:18:27.0770 13040  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:18:27.0780 13040  clr_optimization_v4.0.30319_32 - ok

20:18:27.0780 13040  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:18:27.0800 13040  clr_optimization_v4.0.30319_64 - ok

20:18:27.0830 13040  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

20:18:27.0850 13040  CmBatt - ok

20:18:27.0850 13040  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

20:18:27.0860 13040  cmdide - ok

20:18:27.0900 13040  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys

20:18:27.0931 13040  CNG - ok

20:18:27.0946 13040  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

20:18:27.0962 13040  Compbatt - ok

20:18:27.0978 13040  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

20:18:27.0993 13040  CompositeBus - ok

20:18:27.0993 13040  COMSysApp - ok

20:18:27.0993 13040  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

20:18:28.0009 13040  crcdisk - ok

20:18:28.0056 13040  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll

20:18:28.0071 13040  CryptSvc - ok

20:18:28.0102 13040  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys

20:18:28.0118 13040  CSC - ok

20:18:28.0134 13040  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll

20:18:28.0165 13040  CscService - ok

20:18:28.0212 13040  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

20:18:28.0243 13040  DcomLaunch - ok

20:18:28.0290 13040  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

20:18:28.0321 13040  defragsvc - ok

20:18:28.0352 13040  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

20:18:28.0383 13040  DfsC - ok

20:18:28.0414 13040  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

20:18:28.0461 13040  Dhcp - ok

20:18:28.0492 13040  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

20:18:28.0524 13040  discache - ok

20:18:28.0555 13040  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys

20:18:28.0570 13040  Disk - ok

20:18:28.0602 13040  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys

20:18:28.0617 13040  dmvsc - ok

20:18:28.0648 13040  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

20:18:28.0664 13040  Dnscache - ok

20:18:28.0711 13040  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

20:18:28.0742 13040  dot3svc - ok

20:18:28.0758 13040  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

20:18:28.0789 13040  DPS - ok

20:18:28.0836 13040  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

20:18:28.0851 13040  drmkaud - ok

20:18:28.0882 13040  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

20:18:28.0914 13040  DXGKrnl - ok

20:18:28.0945 13040  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

20:18:28.0992 13040  EapHost - ok

20:18:29.0070 13040  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys

20:18:29.0116 13040  ebdrv - ok

20:18:29.0163 13040  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

20:18:29.0179 13040  EFS - ok

20:18:29.0257 13040  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

20:18:29.0272 13040  ehRecvr - ok

20:18:29.0272 13040  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

20:18:29.0304 13040  ehSched - ok

20:18:29.0335 13040  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

20:18:29.0350 13040  elxstor - ok

20:18:29.0366 13040  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

20:18:29.0382 13040  ErrDev - ok

20:18:29.0413 13040  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

20:18:29.0460 13040  EventSystem - ok

20:18:29.0475 13040  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

20:18:29.0506 13040  exfat - ok

20:18:29.0522 13040  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

20:18:29.0553 13040  fastfat - ok

20:18:29.0616 13040  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

20:18:29.0647 13040  Fax - ok

20:18:29.0647 13040  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys

20:18:29.0662 13040  fdc - ok

20:18:29.0709 13040  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

20:18:29.0740 13040  fdPHost - ok

20:18:29.0772 13040  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

20:18:29.0803 13040  FDResPub - ok

20:18:29.0818 13040  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

20:18:29.0834 13040  FileInfo - ok

20:18:29.0834 13040  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

20:18:29.0865 13040  Filetrace - ok

20:18:29.0881 13040  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

20:18:29.0896 13040  flpydisk - ok

20:18:29.0896 13040  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

20:18:29.0912 13040  FltMgr - ok

20:18:29.0974 13040  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll

20:18:29.0990 13040  FontCache - ok

20:18:30.0037 13040  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:18:30.0052 13040  FontCache3.0.0.0 - ok

20:18:30.0068 13040  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

20:18:30.0084 13040  FsDepends - ok

20:18:30.0099 13040  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

20:18:30.0115 13040  Fs_Rec - ok

20:18:30.0130 13040  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

20:18:30.0162 13040  fvevol - ok

20:18:30.0177 13040  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

20:18:30.0193 13040  gagp30kx - ok

20:18:30.0286 13040  [ C85543022E99762B5DF58109152E48D5 ] GDBackupSvc     C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe

20:18:30.0318 13040  GDBackupSvc - ok

20:18:30.0364 13040  [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys

20:18:30.0380 13040  GDBehave - ok

20:18:30.0474 13040  [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc         C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe

20:18:30.0505 13040  GDFwSvc - ok

20:18:30.0536 13040  [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys

20:18:30.0552 13040  GDMnIcpt - ok

20:18:30.0567 13040  [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys

20:18:30.0583 13040  GDPkIcpt - ok

20:18:30.0630 13040  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

20:18:30.0645 13040  GDScan - ok

20:18:30.0708 13040  [ 0567B5641DF3C52FB4E6B623726669ED ] GDTunerSvc      C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe

20:18:30.0739 13040  GDTunerSvc - ok

20:18:30.0770 13040  [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys

20:18:30.0786 13040  gdwfpcd - ok

20:18:30.0832 13040  [ 7D66EBDE8B7F9B4E00BEEFEEE82670D4 ] ghaio           C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys

20:18:30.0848 13040  ghaio - ok

20:18:30.0848 13040  GLogin - ok

20:18:30.0895 13040  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

20:18:30.0926 13040  gpsvc - ok

20:18:31.0004 13040  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys

20:18:31.0020 13040  GRD - ok

20:18:31.0035 13040  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

20:18:31.0051 13040  hcw85cir - ok

20:18:31.0098 13040  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:18:31.0129 13040  HdAudAddService - ok

20:18:31.0144 13040  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

20:18:31.0160 13040  HDAudBus - ok

20:18:31.0160 13040  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

20:18:31.0176 13040  HidBatt - ok

20:18:31.0176 13040  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

20:18:31.0191 13040  HidBth - ok

20:18:31.0222 13040  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

20:18:31.0238 13040  HidIr - ok

20:18:31.0269 13040  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll

20:18:31.0300 13040  hidserv - ok

20:18:31.0347 13040  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

20:18:31.0363 13040  HidUsb - ok

20:18:31.0378 13040  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

20:18:31.0410 13040  hkmsvc - ok

20:18:31.0441 13040  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:18:31.0472 13040  HomeGroupListener - ok

20:18:31.0488 13040  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:18:31.0503 13040  HomeGroupProvider - ok

20:18:31.0534 13040  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys

20:18:31.0550 13040  HookCentre - ok

20:18:31.0581 13040  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

20:18:31.0597 13040  HpSAMD - ok

20:18:31.0644 13040  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

20:18:31.0690 13040  HTTP - ok

20:18:31.0690 13040  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

20:18:31.0706 13040  hwpolicy - ok

20:18:31.0722 13040  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

20:18:31.0737 13040  i8042prt - ok

20:18:31.0768 13040  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

20:18:31.0784 13040  iaStor - ok

20:18:31.0831 13040  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

20:18:31.0846 13040  iaStorV - ok

20:18:31.0893 13040  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:18:31.0924 13040  idsvc - ok

20:18:31.0940 13040  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

20:18:31.0956 13040  iirsp - ok

20:18:32.0018 13040  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

20:18:32.0049 13040  IKEEXT - ok

20:18:32.0143 13040  [ 58A60DF2B6D0D6B09E44CAC7F1D2AB6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

20:18:32.0190 13040  IntcAzAudAddService - ok

20:18:32.0221 13040  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

20:18:32.0221 13040  intelide - ok

20:18:32.0246 13040  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

20:18:32.0256 13040  intelppm - ok

20:18:32.0286 13040  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

20:18:32.0316 13040  IPBusEnum - ok

20:18:32.0326 13040  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:18:32.0356 13040  IpFilterDriver - ok

20:18:32.0406 13040  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

20:18:32.0446 13040  iphlpsvc - ok

20:18:32.0466 13040  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

20:18:32.0476 13040  IPMIDRV - ok

20:18:32.0486 13040  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

20:18:32.0516 13040  IPNAT - ok

20:18:32.0526 13040  ipswuio - ok

20:18:32.0546 13040  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

20:18:32.0566 13040  IRENUM - ok

20:18:32.0566 13040  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

20:18:32.0586 13040  isapnp - ok

20:18:32.0606 13040  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

20:18:32.0616 13040  iScsiPrt - ok

20:18:32.0656 13040  [ 9291643B494F87BFDAC95A524F69E737 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys

20:18:32.0666 13040  itecir - ok

20:18:32.0716 13040  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

20:18:32.0726 13040  kbdclass - ok

20:18:32.0736 13040  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

20:18:32.0756 13040  kbdhid - ok

20:18:32.0806 13040  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys

20:18:32.0816 13040  kbfiltr - ok

20:18:32.0826 13040  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

20:18:32.0846 13040  KeyIso - ok

20:18:32.0866 13040  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

20:18:32.0886 13040  KSecDD - ok

20:18:32.0906 13040  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

20:18:32.0916 13040  KSecPkg - ok

20:18:32.0966 13040  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

20:18:32.0996 13040  ksthunk - ok

20:18:33.0016 13040  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

20:18:33.0056 13040  KtmRm - ok

20:18:33.0096 13040  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll

20:18:33.0136 13040  LanmanServer - ok

20:18:33.0156 13040  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:18:33.0196 13040  LanmanWorkstation - ok

20:18:33.0236 13040  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

20:18:33.0266 13040  lltdio - ok

20:18:33.0296 13040  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

20:18:33.0336 13040  lltdsvc - ok

20:18:33.0356 13040  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

20:18:33.0396 13040  lmhosts - ok

20:18:33.0426 13040  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

20:18:33.0436 13040  LSI_FC - ok

20:18:33.0446 13040  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

20:18:33.0456 13040  LSI_SAS - ok

20:18:33.0476 13040  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

20:18:33.0486 13040  LSI_SAS2 - ok

20:18:33.0486 13040  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

20:18:33.0506 13040  LSI_SCSI - ok

20:18:33.0516 13040  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

20:18:33.0546 13040  luafv - ok

20:18:33.0596 13040  [ 085435AE1A124361304044029B5CC644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys

20:18:33.0606 13040  lullaby - ok

20:18:33.0676 13040  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys

20:18:33.0686 13040  LVRS64 - ok

20:18:33.0826 13040  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys

20:18:33.0906 13040  LVUVC64 - ok

20:18:33.0956 13040  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

20:18:33.0966 13040  MBAMProtector - ok

20:18:34.0016 13040  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

20:18:34.0036 13040  MBAMScheduler - ok

20:18:34.0076 13040  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:18:34.0096 13040  MBAMService - ok

20:18:34.0136 13040  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

20:18:34.0156 13040  Mcx2Svc - ok

20:18:34.0176 13040  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys

20:18:34.0196 13040  megasas - ok

20:18:34.0206 13040  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

20:18:34.0226 13040  MegaSR - ok

20:18:34.0256 13040  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

20:18:34.0296 13040  MMCSS - ok

20:18:34.0306 13040  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

20:18:34.0336 13040  Modem - ok

20:18:34.0346 13040  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

20:18:34.0366 13040  monitor - ok

20:18:34.0386 13040  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

20:18:34.0406 13040  mouclass - ok

20:18:34.0426 13040  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

20:18:34.0436 13040  mouhid - ok

20:18:34.0446 13040  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

20:18:34.0456 13040  mountmgr - ok

20:18:34.0496 13040  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:18:34.0506 13040  MozillaMaintenance - ok

20:18:34.0536 13040  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

20:18:34.0546 13040  mpio - ok

20:18:34.0556 13040  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

20:18:34.0586 13040  mpsdrv - ok

20:18:34.0626 13040  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

20:18:34.0666 13040  MpsSvc - ok

20:18:34.0676 13040  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

20:18:34.0696 13040  MRxDAV - ok

20:18:34.0726 13040  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

20:18:34.0746 13040  mrxsmb - ok

20:18:34.0756 13040  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:18:34.0776 13040  mrxsmb10 - ok

20:18:34.0776 13040  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:18:34.0796 13040  mrxsmb20 - ok

20:18:34.0826 13040  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

20:18:34.0836 13040  msahci - ok

20:18:34.0846 13040  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

20:18:34.0856 13040  msdsm - ok

20:18:34.0876 13040  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

20:18:34.0896 13040  MSDTC - ok

20:18:34.0906 13040  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

20:18:34.0936 13040  Msfs - ok

20:18:34.0946 13040  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

20:18:34.0976 13040  mshidkmdf - ok

20:18:34.0976 13040  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

20:18:34.0996 13040  msisadrv - ok

20:18:35.0026 13040  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

20:18:35.0066 13040  MSiSCSI - ok

20:18:35.0066 13040  msiserver - ok

20:18:35.0096 13040  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

20:18:35.0126 13040  MSKSSRV - ok

20:18:35.0136 13040  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

20:18:35.0166 13040  MSPCLOCK - ok

20:18:35.0176 13040  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

20:18:35.0206 13040  MSPQM - ok

20:18:35.0226 13040  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

20:18:35.0246 13040  MsRPC - ok

20:18:35.0246 13040  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

20:18:35.0266 13040  mssmbios - ok

20:18:35.0276 13040  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

20:18:35.0316 13040  MSTEE - ok

20:18:35.0316 13040  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

20:18:35.0336 13040  MTConfig - ok

20:18:35.0366 13040  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys

20:18:35.0376 13040  MTsensor - ok

20:18:35.0386 13040  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

20:18:35.0396 13040  Mup - ok

20:18:35.0436 13040  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

20:18:35.0476 13040  napagent - ok

20:18:35.0506 13040  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

20:18:35.0526 13040  NativeWifiP - ok

20:18:35.0596 13040  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys

20:18:35.0616 13040  NDIS - ok

20:18:35.0666 13040  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

20:18:35.0696 13040  NdisCap - ok

20:18:35.0716 13040  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

20:18:35.0756 13040  NdisTapi - ok

20:18:35.0756 13040  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

20:18:35.0786 13040  Ndisuio - ok

20:18:35.0796 13040  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

20:18:35.0836 13040  NdisWan - ok

20:18:35.0836 13040  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

20:18:35.0866 13040  NDProxy - ok

20:18:35.0876 13040  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

20:18:35.0906 13040  NetBIOS - ok

20:18:35.0916 13040  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

20:18:35.0956 13040  NetBT - ok

20:18:35.0966 13040  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

20:18:35.0986 13040  Netlogon - ok

20:18:36.0026 13040  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

20:18:36.0076 13040  Netman - ok

20:18:36.0116 13040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:18:36.0126 13040  NetMsmqActivator - ok

20:18:36.0136 13040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:18:36.0146 13040  NetPipeActivator - ok

20:18:36.0166 13040  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

20:18:36.0216 13040  netprofm - ok

20:18:36.0216 13040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:18:36.0226 13040  NetTcpActivator - ok

20:18:36.0236 13040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:18:36.0246 13040  NetTcpPortSharing - ok

20:18:36.0416 13040  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys

20:18:36.0506 13040  NETw5s64 - ok

20:18:36.0726 13040  [ BC9A55A6DEEF3F9A328E3CB2B31AAFD3 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys

20:18:36.0796 13040  netw5v64 - ok

20:18:36.0836 13040  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

20:18:36.0846 13040  nfrd960 - ok

20:18:36.0896 13040  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll

20:18:36.0926 13040  NlaSvc - ok

20:18:36.0956 13040  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

20:18:36.0996 13040  Npfs - ok

20:18:37.0016 13040  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

20:18:37.0056 13040  nsi - ok

20:18:37.0056 13040  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

20:18:37.0096 13040  nsiproxy - ok

20:18:37.0156 13040  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

20:18:37.0196 13040  Ntfs - ok

20:18:37.0226 13040  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

20:18:37.0256 13040  Null - ok

20:18:37.0286 13040  [ 6E41A4DF26340A07A489B721F9721EC1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys

20:18:37.0306 13040  NVHDA - ok

20:18:37.0586 13040  [ 9DCB4E47FEA1EDAE38168911E6004D3C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:18:37.0766 13040  nvlddmkm - ok

20:18:37.0816 13040  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys

20:18:37.0836 13040  nvraid - ok

20:18:37.0866 13040  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys

20:18:37.0886 13040  nvstor - ok

20:18:37.0936 13040  [ 015B7A60674F849FF8395CEAFFF9CAFD ] nvsvc           C:\Windows\system32\nvvsvc.exe

20:18:37.0956 13040  nvsvc - ok

20:18:37.0986 13040  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

20:20:31.0626 13800  ============================================================

20:20:31.0626 13800  Scan started

20:20:31.0626 13800  Mode: Manual; SigCheck; TDLFS; 

20:20:31.0626 13800  ============================================================

20:20:32.0718 13800  ================ Scan system memory ========================

20:20:32.0718 13800  System memory - ok

20:20:32.0718 13800  ================ Scan services =============================

20:20:32.0843 13800  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys

20:20:32.0874 13800  1394ohci - ok

20:20:32.0890 13800  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

20:20:32.0905 13800  ACPI - ok

20:20:32.0921 13800  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

20:20:32.0937 13800  AcpiPmi - ok

20:20:33.0015 13800  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:20:33.0030 13800  AdobeARMservice - ok

20:20:33.0139 13800  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:20:33.0155 13800  AdobeFlashPlayerUpdateSvc - ok

20:20:33.0186 13800  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

20:20:33.0202 13800  adp94xx - ok

20:20:33.0233 13800  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

20:20:33.0249 13800  adpahci - ok

20:20:33.0264 13800  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

20:20:33.0280 13800  adpu320 - ok

20:20:33.0342 13800  [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

20:20:33.0342 13800  ADSMService ( UnsignedFile.Multi.Generic ) - warning

20:20:33.0358 13800  ADSMService - detected UnsignedFile.Multi.Generic (1)

20:20:33.0373 13800  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

20:20:33.0405 13800  AeLookupSvc - ok

20:20:33.0451 13800  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

20:20:33.0467 13800  AFD - ok

20:20:33.0498 13800  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

20:20:33.0514 13800  agp440 - ok

20:20:33.0514 13800  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

20:20:33.0545 13800  ALG - ok

20:20:33.0545 13800  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

20:20:33.0561 13800  aliide - ok

20:20:33.0561 13800  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

20:20:33.0576 13800  amdide - ok

20:20:33.0576 13800  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

20:20:33.0592 13800  AmdK8 - ok

20:20:33.0592 13800  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys

20:20:33.0607 13800  AmdPPM - ok

20:20:33.0639 13800  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

20:20:33.0654 13800  amdsata - ok

20:20:33.0670 13800  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

20:20:33.0685 13800  amdsbs - ok

20:20:33.0717 13800  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

20:20:33.0732 13800  amdxata - ok

20:20:33.0732 13800  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

20:20:33.0763 13800  AppID - ok

20:20:33.0795 13800  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

20:20:33.0826 13800  AppIDSvc - ok

20:20:33.0841 13800  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll

20:20:33.0873 13800  Appinfo - ok

20:20:33.0904 13800  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll

20:20:33.0914 13800  AppMgmt - ok

20:20:33.0924 13800  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys

20:20:33.0934 13800  arc - ok

20:20:33.0954 13800  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys

20:20:33.0974 13800  arcsas - ok

20:20:34.0004 13800  [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys

20:20:34.0014 13800  AsDsm - ok

20:20:34.0044 13800  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

20:20:34.0054 13800  ASLDRService - ok

20:20:34.0094 13800  [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64        C:\Program Files\ATKGFNEX\ASMMAP64.sys

20:20:34.0104 13800  ASMMAP64 - ok

20:20:34.0194 13800  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:20:34.0204 13800  aspnet_state - ok

20:20:34.0234 13800  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

20:20:34.0274 13800  AsyncMac - ok

20:20:34.0284 13800  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

20:20:34.0294 13800  atapi - ok

20:20:34.0324 13800  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe

20:20:34.0324 13800  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning

20:20:34.0324 13800  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)

20:20:34.0374 13800  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:20:34.0404 13800  AudioEndpointBuilder - ok

20:20:34.0414 13800  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

20:20:34.0454 13800  AudioSrv - ok

20:20:34.0544 13800  [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

20:20:34.0584 13800  AVKProxy - ok

20:20:34.0634 13800  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe

20:20:34.0654 13800  AVKService - ok

20:20:34.0734 13800  [ 22F1444896844B0462359825EF628507 ] AVKWCtl         C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe

20:20:34.0774 13800  AVKWCtl - ok

20:20:34.0804 13800  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

20:20:34.0824 13800  AxInstSV - ok

20:20:34.0864 13800  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys

20:20:34.0884 13800  b06bdrv - ok

20:20:34.0894 13800  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

20:20:34.0914 13800  b57nd60a - ok

20:20:34.0934 13800  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

20:20:34.0944 13800  BDESVC - ok

20:20:34.0954 13800  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

20:20:34.0984 13800  Beep - ok

20:20:35.0004 13800  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

20:20:35.0044 13800  BFE - ok

20:20:35.0084 13800  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll

20:20:35.0124 13800  BITS - ok

20:20:35.0154 13800  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

20:20:35.0164 13800  blbdrive - ok

20:20:35.0204 13800  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

20:20:35.0214 13800  bowser - ok

20:20:35.0244 13800  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

20:20:35.0264 13800  BrFiltLo - ok

20:20:35.0264 13800  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

20:20:35.0284 13800  BrFiltUp - ok

20:20:35.0314 13800  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

20:20:35.0334 13800  Browser - ok

20:20:35.0334 13800  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

20:20:35.0354 13800  Brserid - ok

20:20:35.0364 13800  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

20:20:35.0374 13800  BrSerWdm - ok

20:20:35.0384 13800  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

20:20:35.0394 13800  BrUsbMdm - ok

20:20:35.0404 13800  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

20:20:35.0414 13800  BrUsbSer - ok

20:20:35.0454 13800  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

20:20:35.0464 13800  BthEnum - ok

20:20:35.0474 13800  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

20:20:35.0494 13800  BTHMODEM - ok

20:20:35.0514 13800  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

20:20:35.0534 13800  BthPan - ok

20:20:35.0554 13800  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

20:20:35.0574 13800  BTHPORT - ok

20:20:35.0594 13800  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

20:20:35.0634 13800  bthserv - ok

20:20:35.0634 13800  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

20:20:35.0654 13800  BTHUSB - ok

20:20:35.0664 13800  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

20:20:35.0694 13800  cdfs - ok

20:20:35.0714 13800  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

20:20:35.0734 13800  cdrom - ok

20:20:35.0744 13800  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

20:20:35.0784 13800  CertPropSvc - ok

20:20:35.0784 13800  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

20:20:35.0804 13800  circlass - ok

20:20:35.0824 13800  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

20:20:35.0844 13800  CLFS - ok

20:20:35.0894 13800  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:20:35.0904 13800  clr_optimization_v2.0.50727_32 - ok

20:20:35.0934 13800  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:20:35.0949 13800  clr_optimization_v2.0.50727_64 - ok

20:20:35.0996 13800  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:20:36.0012 13800  clr_optimization_v4.0.30319_32 - ok

20:20:36.0027 13800  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:20:36.0027 13800  clr_optimization_v4.0.30319_64 - ok

20:20:36.0074 13800  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

20:20:36.0074 13800  CmBatt - ok

20:20:36.0090 13800  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

20:20:36.0105 13800  cmdide - ok

20:20:36.0137 13800  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys

20:20:36.0168 13800  CNG - ok

20:20:36.0183 13800  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

20:20:36.0199 13800  Compbatt - ok

20:20:36.0199 13800  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

20:20:36.0215 13800  CompositeBus - ok

20:20:36.0215 13800  COMSysApp - ok

20:20:36.0230 13800  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

20:20:36.0230 13800  crcdisk - ok

20:20:36.0261 13800  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll

20:20:36.0293 13800  CryptSvc - ok

20:20:36.0324 13800  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys

20:20:36.0339 13800  CSC - ok

20:20:36.0355 13800  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll

20:20:36.0371 13800  CscService - ok

20:20:36.0417 13800  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

20:20:36.0449 13800  DcomLaunch - ok

20:20:36.0495 13800  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

20:20:36.0527 13800  defragsvc - ok

20:20:36.0542 13800  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

20:20:36.0573 13800  DfsC - ok

20:20:36.0589 13800  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

20:20:36.0636 13800  Dhcp - ok

20:20:36.0636 13800  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

20:20:36.0667 13800  discache - ok

20:20:36.0667 13800  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys

20:20:36.0683 13800  Disk - ok

20:20:36.0714 13800  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys

20:20:36.0729 13800  dmvsc - ok

20:20:36.0761 13800  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

20:20:36.0776 13800  Dnscache - ok

20:20:36.0807 13800  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

20:20:36.0854 13800  dot3svc - ok

20:20:36.0870 13800  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

20:20:36.0901 13800  DPS - ok

20:20:36.0917 13800  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

20:20:36.0932 13800  drmkaud - ok

20:20:36.0979 13800  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

20:20:37.0010 13800  DXGKrnl - ok

20:20:37.0026 13800  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

20:20:37.0073 13800  EapHost - ok

20:20:37.0151 13800  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys

20:20:37.0197 13800  ebdrv - ok

20:20:37.0229 13800  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

20:20:37.0244 13800  EFS - ok

20:20:37.0307 13800  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

20:20:37.0338 13800  ehRecvr - ok

20:20:37.0338 13800  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

20:20:37.0353 13800  ehSched - ok

20:20:37.0385 13800  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

20:20:37.0400 13800  elxstor - ok

20:20:37.0416 13800  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

20:20:37.0431 13800  ErrDev - ok

20:20:37.0463 13800  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

20:20:37.0494 13800  EventSystem - ok

20:20:37.0509 13800  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

20:20:37.0541 13800  exfat - ok

20:20:37.0556 13800  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

20:20:37.0603 13800  fastfat - ok

20:20:37.0634 13800  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

20:20:37.0650 13800  Fax - ok

20:20:37.0665 13800  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys

20:20:37.0681 13800  fdc - ok

20:20:37.0712 13800  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

20:20:37.0743 13800  fdPHost - ok

20:20:37.0759 13800  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

20:20:37.0790 13800  FDResPub - ok

20:20:37.0806 13800  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

20:20:37.0821 13800  FileInfo - ok

20:20:37.0821 13800  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

20:20:37.0853 13800  Filetrace - ok

20:20:37.0868 13800  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

20:20:37.0884 13800  flpydisk - ok

20:20:37.0884 13800  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

20:20:37.0899 13800  FltMgr - ok

20:20:37.0946 13800  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll

20:20:37.0977 13800  FontCache - ok

20:20:38.0024 13800  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:20:38.0024 13800  FontCache3.0.0.0 - ok

20:20:38.0040 13800  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

20:20:38.0055 13800  FsDepends - ok

20:20:38.0087 13800  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

20:20:38.0102 13800  Fs_Rec - ok

20:20:38.0102 13800  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

20:20:38.0118 13800  fvevol - ok

20:20:38.0149 13800  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

20:20:38.0149 13800  gagp30kx - ok

20:20:38.0243 13800  [ C85543022E99762B5DF58109152E48D5 ] GDBackupSvc     C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe

20:20:38.0274 13800  GDBackupSvc - ok

20:20:38.0305 13800  [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys

20:20:38.0321 13800  GDBehave - ok

20:20:38.0414 13800  [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc         C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe

20:20:38.0445 13800  GDFwSvc - ok

20:20:38.0477 13800  [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys

20:20:38.0492 13800  GDMnIcpt - ok

20:20:38.0523 13800  [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys

20:20:38.0539 13800  GDPkIcpt - ok

20:20:38.0586 13800  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

20:20:38.0601 13800  GDScan - ok

20:20:38.0648 13800  [ 0567B5641DF3C52FB4E6B623726669ED ] GDTunerSvc      C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe

20:20:38.0679 13800  GDTunerSvc - ok

20:20:38.0711 13800  [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys

20:20:38.0726 13800  gdwfpcd - ok

20:20:38.0773 13800  [ 7D66EBDE8B7F9B4E00BEEFEEE82670D4 ] ghaio           C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys

20:20:38.0773 13800  ghaio - ok

20:20:38.0789 13800  GLogin - ok

20:20:38.0835 13800  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

20:20:38.0867 13800  gpsvc - ok

20:20:38.0913 13800  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys

20:20:38.0913 13800  GRD - ok

20:20:38.0945 13800  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

20:20:38.0960 13800  hcw85cir - ok

20:20:38.0991 13800  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:20:39.0023 13800  HdAudAddService - ok

20:20:39.0038 13800  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

20:20:39.0054 13800  HDAudBus - ok

20:20:39.0069 13800  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

20:20:39.0085 13800  HidBatt - ok

20:20:39.0085 13800  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

20:20:39.0101 13800  HidBth - ok

20:20:39.0116 13800  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

20:20:39.0132 13800  HidIr - ok

20:20:39.0163 13800  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll

20:20:39.0194 13800  hidserv - ok

20:20:39.0194 13800  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

20:20:39.0210 13800  HidUsb - ok

20:20:39.0241 13800  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

20:20:39.0272 13800  hkmsvc - ok

20:20:39.0288 13800  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:20:39.0303 13800  HomeGroupListener - ok

20:20:39.0319 13800  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:20:39.0335 13800  HomeGroupProvider - ok

20:20:39.0366 13800  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys

20:20:39.0381 13800  HookCentre - ok

20:20:39.0397 13800  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

20:20:39.0413 13800  HpSAMD - ok

20:20:39.0428 13800  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

20:20:39.0475 13800  HTTP - ok

20:20:39.0475 13800  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

20:20:39.0491 13800  hwpolicy - ok

20:20:39.0491 13800  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

20:20:39.0506 13800  i8042prt - ok

20:20:39.0542 13800  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

20:20:39.0562 13800  iaStor - ok

20:20:39.0592 13800  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

20:20:39.0612 13800  iaStorV - ok

20:20:39.0662 13800  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:20:39.0682 13800  idsvc - ok

20:20:39.0702 13800  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

20:20:39.0712 13800  iirsp - ok

20:20:39.0752 13800  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

20:20:39.0792 13800  IKEEXT - ok

20:20:39.0862 13800  [ 58A60DF2B6D0D6B09E44CAC7F1D2AB6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

20:20:39.0902 13800  IntcAzAudAddService - ok

20:20:39.0922 13800  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

20:20:39.0932 13800  intelide - ok

20:20:39.0942 13800  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

20:20:39.0952 13800  intelppm - ok

20:20:39.0972 13800  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

20:20:40.0012 13800  IPBusEnum - ok

20:20:40.0022 13800  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:20:40.0052 13800  IpFilterDriver - ok

20:20:40.0072 13800  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

20:20:40.0112 13800  iphlpsvc - ok

20:20:40.0142 13800  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

20:20:40.0152 13800  IPMIDRV - ok

20:20:40.0162 13800  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

20:20:40.0192 13800  IPNAT - ok

20:20:40.0192 13800  ipswuio - ok

20:20:40.0202 13800  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

20:20:40.0222 13800  IRENUM - ok

20:20:40.0222 13800  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

20:20:40.0242 13800  isapnp - ok

20:20:40.0252 13800  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

20:20:40.0272 13800  iScsiPrt - ok

20:20:40.0302 13800  [ 9291643B494F87BFDAC95A524F69E737 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys

20:20:40.0322 13800  itecir - ok

20:20:40.0322 13800  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

20:20:40.0342 13800  kbdclass - ok

20:20:40.0342 13800  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

20:20:40.0362 13800  kbdhid - ok

20:20:40.0362 13800  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys

20:20:40.0372 13800  kbfiltr - ok

20:20:40.0382 13800  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

20:20:40.0402 13800  KeyIso - ok

20:20:40.0422 13800  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

20:20:40.0432 13800  KSecDD - ok

20:20:40.0452 13800  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

20:20:40.0472 13800  KSecPkg - ok

20:20:40.0492 13800  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

20:20:40.0522 13800  ksthunk - ok

20:20:40.0542 13800  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

20:20:40.0582 13800  KtmRm - ok

20:20:40.0612 13800  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll

20:20:40.0652 13800  LanmanServer - ok

20:20:40.0672 13800  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:20:40.0712 13800  LanmanWorkstation - ok

20:20:40.0712 13800  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

20:20:40.0752 13800  lltdio - ok

20:20:40.0782 13800  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

20:20:40.0822 13800  lltdsvc - ok

20:20:40.0822 13800  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

20:20:40.0862 13800  lmhosts - ok

20:20:40.0882 13800  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

20:20:40.0902 13800  LSI_FC - ok

20:20:40.0902 13800  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

20:20:40.0922 13800  LSI_SAS - ok

20:20:40.0922 13800  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

20:20:40.0942 13800  LSI_SAS2 - ok

20:20:40.0942 13800  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

20:20:40.0962 13800  LSI_SCSI - ok

20:20:40.0962 13800  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

20:20:41.0002 13800  luafv - ok

20:20:41.0032 13800  [ 085435AE1A124361304044029B5CC644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys

20:20:41.0042 13800  lullaby - ok

20:20:41.0092 13800  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys

20:20:41.0112 13800  LVRS64 - ok

20:20:41.0222 13800  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys

20:20:41.0302 13800  LVUVC64 - ok

20:20:41.0332 13800  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

20:20:41.0352 13800  MBAMProtector - ok

20:20:41.0402 13800  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

20:20:41.0412 13800  MBAMScheduler - ok

20:20:41.0462 13800  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:20:41.0482 13800  MBAMService - ok

20:20:41.0512 13800  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

20:20:41.0532 13800  Mcx2Svc - ok

20:20:41.0562 13800  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys

20:20:41.0582 13800  megasas - ok

20:20:41.0592 13800  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

20:20:41.0612 13800  MegaSR - ok

20:20:41.0632 13800  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

20:20:41.0672 13800  MMCSS - ok

20:20:41.0672 13800  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

20:20:41.0702 13800  Modem - ok

20:20:41.0712 13800  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

20:20:41.0732 13800  monitor - ok

20:20:41.0732 13800  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

20:20:41.0752 13800  mouclass - ok

20:20:41.0752 13800  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

20:20:41.0772 13800  mouhid - ok

20:20:41.0772 13800  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

20:20:41.0782 13800  mountmgr - ok

20:20:41.0822 13800  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:20:41.0832 13800  MozillaMaintenance - ok

20:20:41.0862 13800  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

20:20:41.0872 13800  mpio - ok

20:20:41.0882 13800  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

20:20:41.0922 13800  mpsdrv - ok

20:20:41.0942 13800  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

20:20:41.0982 13800  MpsSvc - ok

20:20:41.0992 13800  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

20:20:42.0012 13800  MRxDAV - ok

20:20:42.0042 13800  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

20:20:42.0062 13800  mrxsmb - ok

20:20:42.0072 13800  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:20:42.0092 13800  mrxsmb10 - ok

20:20:42.0092 13800  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:20:42.0112 13800  mrxsmb20 - ok

20:20:42.0142 13800  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

20:20:42.0152 13800  msahci - ok

20:20:42.0162 13800  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

20:20:42.0182 13800  msdsm - ok

20:20:42.0192 13800  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

20:20:42.0212 13800  MSDTC - ok

20:20:42.0222 13800  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

20:20:42.0252 13800  Msfs - ok

20:20:42.0262 13800  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

20:20:42.0292 13800  mshidkmdf - ok

20:20:42.0302 13800  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

20:20:42.0312 13800  msisadrv - ok

20:20:42.0332 13800  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

20:20:42.0372 13800  MSiSCSI - ok

20:20:42.0372 13800  msiserver - ok

20:20:42.0392 13800  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

20:20:42.0422 13800  MSKSSRV - ok

20:20:42.0422 13800  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

20:20:42.0462 13800  MSPCLOCK - ok

20:20:42.0462 13800  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

20:20:42.0502 13800  MSPQM - ok

20:20:42.0512 13800  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

20:20:42.0532 13800  MsRPC - ok

20:20:42.0532 13800  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

20:20:42.0552 13800  mssmbios - ok

20:20:42.0552 13800  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

20:20:42.0592 13800  MSTEE - ok

20:20:42.0592 13800  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

20:20:42.0602 13800  MTConfig - ok

20:20:42.0632 13800  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys

20:20:42.0642 13800  MTsensor - ok

20:20:42.0652 13800  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

20:20:42.0662 13800  Mup - ok

20:20:42.0692 13800  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

20:20:42.0732 13800  napagent - ok

20:20:42.0742 13800  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

20:20:42.0772 13800  NativeWifiP - ok

20:20:42.0822 13800  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys

20:20:42.0852 13800  NDIS - ok

20:20:42.0882 13800  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

20:20:42.0912 13800  NdisCap - ok

20:20:42.0922 13800  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

20:20:42.0952 13800  NdisTapi - ok

20:20:42.0962 13800  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

20:20:42.0992 13800  Ndisuio - ok

20:20:43.0002 13800  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

20:20:43.0032 13800  NdisWan - ok

20:20:43.0042 13800  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

20:20:43.0072 13800  NDProxy - ok

20:20:43.0082 13800  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

20:20:43.0112 13800  NetBIOS - ok

20:20:43.0122 13800  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

20:20:43.0152 13800  NetBT - ok

20:20:43.0172 13800  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

20:20:43.0192 13800  Netlogon - ok

20:20:43.0222 13800  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

20:20:43.0262 13800  Netman - ok

20:20:43.0282 13800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:20:43.0302 13800  NetMsmqActivator - ok

20:20:43.0302 13800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:20:43.0322 13800  NetPipeActivator - ok

20:20:43.0352 13800  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

20:20:43.0392 13800  netprofm - ok

20:20:43.0402 13800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:20:43.0412 13800  NetTcpActivator - ok

20:20:43.0412 13800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:20:43.0432 13800  NetTcpPortSharing - ok

20:20:43.0592 13800  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys

20:20:43.0672 13800  NETw5s64 - ok

20:20:43.0822 13800  [ BC9A55A6DEEF3F9A328E3CB2B31AAFD3 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys

20:20:43.0892 13800  netw5v64 - ok

20:20:43.0922 13800  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

20:20:43.0932 13800  nfrd960 - ok

20:20:43.0962 13800  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll

20:20:44.0002 13800  NlaSvc - ok

20:20:44.0032 13800  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

20:20:44.0062 13800  Npfs - ok

20:20:44.0092 13800  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

20:20:44.0122 13800  nsi - ok

20:20:44.0132 13800  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

20:20:44.0162 13800  nsiproxy - ok

20:20:44.0232 13800  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

20:20:44.0262 13800  Ntfs - ok

20:20:44.0292 13800  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

20:20:44.0332 13800  Null - ok

20:20:44.0362 13800  [ 6E41A4DF26340A07A489B721F9721EC1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys

20:20:44.0372 13800  NVHDA - ok

20:20:44.0662 13800  [ 9DCB4E47FEA1EDAE38168911E6004D3C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:20:44.0842 13800  nvlddmkm - ok

20:20:44.0892 13800  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys

20:20:44.0902 13800  nvraid - ok

20:20:44.0942 13800  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys

20:20:44.0952 13800  nvstor - ok

20:20:45.0002 13800  [ 015B7A60674F849FF8395CEAFFF9CAFD ] nvsvc           C:\Windows\system32\nvvsvc.exe

20:20:45.0022 13800  nvsvc - ok

20:20:45.0042 13800  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

20:20:45.0062 13800  nv_agp - ok

20:20:45.0072 13800  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

20:20:45.0092 13800  ohci1394 - ok

20:20:45.0162 13800  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:20:45.0182 13800  ose - ok

20:20:45.0342 13800  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:20:45.0422 13800  osppsvc - ok

20:20:45.0462 13800  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

20:20:45.0482 13800  p2pimsvc - ok

20:20:45.0502 13800  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

20:20:45.0522 13800  p2psvc - ok

20:20:45.0542 13800  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys

20:20:45.0562 13800  Parport - ok

20:20:45.0582 13800  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys

20:20:45.0602 13800  partmgr - ok

20:20:45.0622 13800  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

20:20:45.0642 13800  PcaSvc - ok

20:20:45.0652 13800  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys

20:20:45.0662 13800  pci - ok

20:20:45.0672 13800  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys

20:20:45.0682 13800  pciide - ok

20:20:45.0702 13800  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

20:20:45.0722 13800  pcmcia - ok

20:20:45.0722 13800  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

20:20:45.0742 13800  pcw - ok

20:20:45.0762 13800  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

20:20:45.0802 13800  PEAUTH - ok

20:20:45.0842 13800  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

20:20:45.0872 13800  PeerDistSvc - ok

20:20:45.0952 13800  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

20:20:45.0972 13800  PerfHost - ok

20:20:46.0012 13800  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll

20:20:46.0062 13800  pla - ok

20:20:46.0112 13800  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

20:20:46.0132 13800  PlugPlay - ok

20:20:46.0152 13800  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

20:20:46.0172 13800  PNRPAutoReg - ok

20:20:46.0202 13800  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

20:20:46.0222 13800  PNRPsvc - ok

20:20:46.0272 13800  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

20:20:46.0302 13800  PolicyAgent - ok

20:20:46.0342 13800  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

20:20:46.0382 13800  Power - ok

20:20:46.0422 13800  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

20:20:46.0452 13800  PptpMiniport - ok

20:20:46.0472 13800  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys

20:20:46.0482 13800  Processor - ok

20:20:46.0532 13800  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll

20:20:46.0552 13800  ProfSvc - ok

20:20:46.0562 13800  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

20:20:46.0582 13800  ProtectedStorage - ok

20:20:46.0622 13800  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

20:20:46.0652 13800  Psched - ok

20:20:46.0722 13800  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

20:20:46.0762 13800  ql2300 - ok

20:20:46.0792 13800  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

20:20:46.0802 13800  ql40xx - ok

20:20:46.0832 13800  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

20:20:46.0852 13800  QWAVE - ok

20:20:46.0872 13800  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

20:20:46.0892 13800  QWAVEdrv - ok

20:20:46.0892 13800  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

20:20:46.0932 13800  RasAcd - ok

20:20:46.0972 13800  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

20:20:47.0012 13800  RasAgileVpn - ok

20:20:47.0032 13800  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

20:20:47.0072 13800  RasAuto - ok

20:20:47.0072 13800  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

20:20:47.0112 13800  Rasl2tp - ok

20:20:47.0122 13800  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll

20:20:47.0162 13800  RasMan - ok

20:20:47.0172 13800  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

20:20:47.0202 13800  RasPppoe - ok

20:20:47.0222 13800  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

20:20:47.0262 13800  RasSstp - ok

20:20:47.0262 13800  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

20:20:47.0302 13800  rdbss - ok

20:20:47.0302 13800  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

20:20:47.0322 13800  rdpbus - ok

20:20:47.0342 13800  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

20:20:47.0382 13800  RDPCDD - ok

20:20:47.0412 13800  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

20:20:47.0432 13800  RDPDR - ok

20:20:47.0432 13800  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

20:20:47.0472 13800  RDPENCDD - ok

20:20:47.0482 13800  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

20:20:47.0522 13800  RDPREFMP - ok

20:20:47.0552 13800  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

20:20:47.0572 13800  RDPWD - ok

20:20:47.0582 13800  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

20:20:47.0602 13800  rdyboost - ok

20:20:47.0632 13800  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

20:20:47.0672 13800  RemoteAccess - ok

20:20:47.0702 13800  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

20:20:47.0742 13800  RemoteRegistry - ok

20:20:47.0772 13800  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

20:20:47.0782 13800  RFCOMM - ok

20:20:47.0822 13800  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys

20:20:47.0842 13800  rimmptsk - ok

20:20:47.0862 13800  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys

20:20:47.0872 13800  rimsptsk - ok

20:20:47.0912 13800  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys

20:20:47.0922 13800  rismxdp - ok

20:20:47.0962 13800  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

20:20:48.0002 13800  RpcEptMapper - ok

20:20:48.0032 13800  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

20:20:48.0052 13800  RpcLocator - ok

20:20:48.0072 13800  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll

20:20:48.0112 13800  RpcSs - ok

20:20:48.0152 13800  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

20:20:48.0192 13800  rspndr - ok

20:20:48.0242 13800  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys

20:20:48.0262 13800  RTL8167 - ok

20:20:48.0292 13800  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

20:20:48.0312 13800  s3cap - ok

20:20:48.0332 13800  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe

20:20:48.0352 13800  SamSs - ok

20:20:48.0352 13800  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

20:20:48.0372 13800  sbp2port - ok

20:20:48.0402 13800  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

20:20:48.0442 13800  SCardSvr - ok

20:20:48.0472 13800  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

20:20:48.0502 13800  scfilter - ok

20:20:48.0532 13800  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll

20:20:48.0582 13800  Schedule - ok

20:20:48.0602 13800  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll

20:20:48.0632 13800  SCPolicySvc - ok

20:20:48.0672 13800  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys

20:20:48.0692 13800  sdbus - ok

20:20:48.0722 13800  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

20:20:48.0742 13800  SDRSVC - ok

20:20:48.0782 13800  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

20:20:48.0822 13800  secdrv - ok

20:20:48.0832 13800  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll

20:20:48.0872 13800  seclogon - ok

20:20:48.0882 13800  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll

20:20:48.0922 13800  SENS - ok

20:20:48.0952 13800  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

20:20:48.0972 13800  SensrSvc - ok

20:20:48.0972 13800  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys

20:20:48.0992 13800  Serenum - ok

20:20:48.0992 13800  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys

20:20:49.0012 13800  Serial - ok

20:20:49.0022 13800  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

20:20:49.0042 13800  sermouse - ok

20:20:49.0062 13800  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll

20:20:49.0102 13800  SessionEnv - ok

20:20:49.0122 13800  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys

20:20:49.0142 13800  sffdisk - ok

20:20:49.0152 13800  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

20:20:49.0162 13800  sffp_mmc - ok

20:20:49.0172 13800  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys

20:20:49.0192 13800  sffp_sd - ok

20:20:49.0192 13800  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

20:20:49.0212 13800  sfloppy - ok

20:20:49.0222 13800  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

20:20:49.0262 13800  SharedAccess - ok

20:20:49.0302 13800  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:20:49.0342 13800  ShellHWDetection - ok

20:20:49.0342 13800  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

20:20:49.0362 13800  SiSRaid2 - ok

20:20:49.0362 13800  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

20:20:49.0382 13800  SiSRaid4 - ok

20:20:49.0462 13800  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

20:20:49.0472 13800  SkypeUpdate - ok

20:20:49.0512 13800  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

20:20:49.0542 13800  Smb - ok

20:20:49.0582 13800  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

20:20:49.0592 13800  SNMPTRAP - ok

20:20:49.0602 13800  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

20:20:49.0612 13800  spldr - ok

20:20:49.0682 13800  [ 739DB668DBD812285ECC553E64A5E212 ] spmgr           C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe

20:20:49.0692 13800  spmgr - ok

20:20:49.0732 13800  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe

20:20:49.0752 13800  Spooler - ok

20:20:49.0832 13800  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe

20:20:49.0912 13800  sppsvc - ok

20:20:49.0912 13800  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

20:20:49.0952 13800  sppuinotify - ok

20:20:49.0982 13800  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys

20:20:50.0002 13800  srv - ok

20:20:50.0022 13800  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

20:20:50.0042 13800  srv2 - ok

20:20:50.0062 13800  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

20:20:50.0082 13800  srvnet - ok

20:20:50.0122 13800  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

20:20:50.0162 13800  SSDPSRV - ok

20:20:50.0172 13800  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

20:20:50.0212 13800  SstpSvc - ok

20:20:50.0232 13800  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys

20:20:50.0252 13800  stexstor - ok

20:20:50.0292 13800  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll

20:20:50.0312 13800  stisvc - ok

20:20:50.0342 13800  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

20:20:50.0362 13800  storflt - ok

20:20:50.0382 13800  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll

20:20:50.0402 13800  StorSvc - ok

20:20:50.0442 13800  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

20:20:50.0452 13800  storvsc - ok

20:20:50.0472 13800  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

20:20:50.0482 13800  swenum - ok

20:20:50.0522 13800  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

20:20:50.0562 13800  swprv - ok

20:20:50.0622 13800  [ 0FAA1933FBCF916C301FF94ACC623031 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys

20:20:50.0632 13800  SynTP - ok

20:20:50.0702 13800  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll

20:20:50.0742 13800  SysMain - ok

20:20:50.0772 13800  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:20:50.0792 13800  TabletInputService - ok

20:20:50.0802 13800  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll

20:20:50.0842 13800  TapiSrv - ok

20:20:50.0852 13800  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

20:20:50.0892 13800  TBS - ok

20:20:50.0952 13800  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

20:20:50.0992 13800  Tcpip - ok

20:20:51.0062 13800  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

20:20:51.0102 13800  TCPIP6 - ok

20:20:51.0122 13800  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

20:20:51.0162 13800  tcpipreg - ok

20:20:51.0162 13800  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

20:20:51.0182 13800  TDPIPE - ok

20:20:51.0202 13800  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

20:20:51.0222 13800  TDTCP - ok

20:20:51.0232 13800  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

20:20:51.0272 13800  tdx - ok

20:20:51.0272 13800  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

20:20:51.0292 13800  TermDD - ok

20:20:51.0352 13800  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll

20:20:51.0392 13800  TermService - ok

20:20:51.0392 13800  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

20:20:51.0422 13800  Themes - ok

20:20:51.0432 13800  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

20:20:51.0472 13800  THREADORDER - ok

20:20:51.0522 13800  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

20:20:51.0552 13800  TrkWks - ok

20:20:51.0592 13800  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:20:51.0622 13800  TrustedInstaller - ok

20:20:51.0652 13800  [ 59BD43714E1034A913F019413905D387 ] TS4NT           C:\Windows\system32\Drivers\TS4nt.sys

20:20:51.0662 13800  TS4NT - ok

20:20:51.0732 13800  [ B4A0237AF692AC90E18F61880A48D010 ] TSNxGService    C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe

20:20:51.0752 13800  TSNxGService - ok

20:20:51.0772 13800  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

20:20:51.0812 13800  tssecsrv - ok

20:20:51.0822 13800  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

20:20:51.0832 13800  TsUsbFlt - ok

20:20:51.0842 13800  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys

20:20:51.0852 13800  TsUsbGD - ok

20:20:51.0872 13800  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

20:20:51.0902 13800  tunnel - ok

20:20:51.0912 13800  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys

20:20:51.0922 13800  uagp35 - ok

20:20:51.0952 13800  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

20:20:51.0982 13800  udfs - ok

20:20:52.0012 13800  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

20:20:52.0032 13800  UI0Detect - ok

20:20:52.0042 13800  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

20:20:52.0062 13800  uliagpkx - ok

20:20:52.0072 13800  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

20:20:52.0092 13800  umbus - ok

20:20:52.0112 13800  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys

20:20:52.0122 13800  UmPass - ok

20:20:52.0152 13800  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll

20:20:52.0172 13800  UmRdpService - ok

20:20:52.0232 13800  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

20:20:52.0252 13800  UMVPFSrv - ok

20:20:52.0292 13800  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

20:20:52.0332 13800  upnphost - ok

20:20:52.0372 13800  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys

20:20:52.0392 13800  usbaudio - ok

20:20:52.0422 13800  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

20:20:52.0442 13800  usbccgp - ok

20:20:52.0482 13800  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

20:20:52.0502 13800  usbcir - ok

20:20:52.0522 13800  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

20:20:52.0532 13800  usbehci - ok

20:20:52.0572 13800  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

20:20:52.0592 13800  usbhub - ok

20:20:52.0622 13800  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

20:20:52.0642 13800  usbohci - ok

20:20:52.0672 13800  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

20:20:52.0692 13800  usbprint - ok

20:20:52.0712 13800  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

20:20:52.0732 13800  usbscan - ok

20:20:52.0742 13800  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:20:52.0762 13800  USBSTOR - ok

20:20:52.0772 13800  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

20:20:52.0792 13800  usbuhci - ok

20:20:52.0822 13800  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

20:20:52.0842 13800  usbvideo - ok

20:20:52.0872 13800  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

20:20:52.0912 13800  UxSms - ok

20:20:52.0942 13800  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe

20:20:52.0962 13800  VaultSvc - ok

20:20:53.0012 13800  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

20:20:53.0022 13800  vdrvroot - ok

20:20:53.0052 13800  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe

20:20:53.0092 13800  vds - ok

20:20:53.0102 13800  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

20:20:53.0112 13800  vga - ok

20:20:53.0122 13800  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

20:20:53.0152 13800  VgaSave - ok

20:20:53.0162 13800  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

20:20:53.0182 13800  vhdmp - ok

20:20:53.0192 13800  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys

20:20:53.0212 13800  viaide - ok

20:20:53.0242 13800  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys

20:20:53.0252 13800  vmbus - ok

20:20:53.0272 13800  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

20:20:53.0282 13800  VMBusHID - ok

20:20:53.0302 13800  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

20:20:53.0312 13800  volmgr - ok

20:20:53.0332 13800  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

20:20:53.0352 13800  volmgrx - ok

20:20:53.0362 13800  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

20:20:53.0382 13800  volsnap - ok

20:20:53.0402 13800  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

20:20:53.0422 13800  vsmraid - ok

20:20:53.0472 13800  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe

20:20:53.0532 13800  VSS - ok

20:20:53.0552 13800  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

20:20:53.0572 13800  vwifibus - ok

20:20:53.0592 13800  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

20:20:53.0612 13800  vwififlt - ok

20:20:53.0622 13800  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

20:20:53.0642 13800  vwifimp - ok

20:20:53.0662 13800  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

20:20:53.0702 13800  W32Time - ok

20:20:53.0712 13800  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

20:20:53.0722 13800  WacomPen - ok

20:20:53.0742 13800  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

20:20:53.0782 13800  WANARP - ok

20:20:53.0782 13800  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

20:20:53.0822 13800  Wanarpv6 - ok

20:20:53.0882 13800  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

20:20:53.0912 13800  WatAdminSvc - ok

20:20:53.0972 13800  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe

20:20:54.0002 13800  wbengine - ok

20:20:54.0042 13800  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

20:20:54.0062 13800  WbioSrvc - ok

20:20:54.0072 13800  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll

20:20:54.0102 13800  wcncsvc - ok

20:20:54.0102 13800  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:20:54.0122 13800  WcsPlugInService - ok

20:20:54.0142 13800  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys

20:20:54.0152 13800  Wd - ok

20:20:54.0172 13800  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

20:20:54.0202 13800  Wdf01000 - ok

20:20:54.0232 13800  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

20:20:54.0252 13800  WdiServiceHost - ok

20:20:54.0262 13800  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

20:20:54.0282 13800  WdiSystemHost - ok

20:20:54.0292 13800  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll

20:20:54.0322 13800  WebClient - ok

20:20:54.0332 13800  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

20:20:54.0372 13800  Wecsvc - ok

20:20:54.0392 13800  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

20:20:54.0432 13800  wercplsupport - ok

20:20:54.0472 13800  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

20:20:54.0512 13800  WerSvc - ok

20:20:54.0552 13800  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

20:20:54.0582 13800  WfpLwf - ok

20:20:54.0582 13800  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

20:20:54.0602 13800  WIMMount - ok

20:20:54.0622 13800  WinDefend - ok

20:20:54.0622 13800  WinHttpAutoProxySvc - ok

20:20:54.0672 13800  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

20:20:54.0712 13800  Winmgmt - ok

20:20:54.0762 13800  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll

20:20:54.0822 13800  WinRM - ok

20:20:54.0872 13800  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

20:20:54.0912 13800  Wlansvc - ok

20:20:55.0012 13800  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:20:55.0062 13800  wlidsvc - ok

20:20:55.0082 13800  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

20:20:55.0102 13800  WmiAcpi - ok

20:20:55.0132 13800  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

20:20:55.0142 13800  wmiApSrv - ok

20:20:55.0182 13800  WMPNetworkSvc - ok

20:20:55.0222 13800  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

20:20:55.0242 13800  WPCSvc - ok

20:20:55.0242 13800  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

20:20:55.0262 13800  WPDBusEnum - ok

20:20:55.0282 13800  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

20:20:55.0322 13800  ws2ifsl - ok

20:20:55.0322 13800  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll

20:20:55.0352 13800  wscsvc - ok

20:20:55.0352 13800  WSearch - ok

20:20:55.0422 13800  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

20:20:55.0482 13800  wuauserv - ok

20:20:55.0492 13800  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

20:20:55.0532 13800  WudfPf - ok

20:20:55.0572 13800  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

20:20:55.0612 13800  WUDFRd - ok

20:20:55.0642 13800  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

20:20:55.0682 13800  wudfsvc - ok

20:20:55.0692 13800  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll

20:20:55.0722 13800  WwanSvc - ok

20:20:55.0742 13800  ================ Scan global ===============================

20:20:55.0762 13800  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

20:20:55.0792 13800  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

20:20:55.0802 13800  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

20:20:55.0832 13800  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

20:20:55.0852 13800  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

20:20:55.0862 13800  [Global] - ok

20:20:55.0862 13800  ================ Scan MBR ==================================

20:20:55.0862 13800  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:20:56.0182 13800  \Device\Harddisk0\DR0 - ok

20:20:56.0182 13800  ================ Scan VBR ==================================

20:20:56.0182 13800  [ 533319C3EC8CE6BA562E7BD8BF287AAF ] \Device\Harddisk0\DR0\Partition1

20:20:56.0182 13800  \Device\Harddisk0\DR0\Partition1 - ok

20:20:56.0212 13800  [ 5F097C40E3A8DEE98D7088959D399277 ] \Device\Harddisk0\DR0\Partition2

20:20:56.0212 13800  \Device\Harddisk0\DR0\Partition2 - ok

20:20:56.0232 13800  [ A74476AE0714DDC444948CCC948D130A ] \Device\Harddisk0\DR0\Partition3

20:20:56.0232 13800  \Device\Harddisk0\DR0\Partition3 - ok

20:20:56.0232 13800  ============================================================

20:20:56.0232 13800  Scan finished

20:20:56.0232 13800  ============================================================

20:20:56.0232 13876  Detected object count: 2

20:20:56.0232 13876  Actual detected object count: 2

20:20:58.0571 13876  ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user

20:20:58.0571 13876  ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:20:58.0571 13876  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user

20:20:58.0571 13876  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

LG Mojito

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Cosinus...

hier das Log...

Code:

ComboFix 12-10-17.05 - Adaron 17.10.2012  21:35:57.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2718 [GMT 2:00]

ausgeführt von:: c:\users\Adaron\Desktop\ComboFix.exe

AV: G Data TotalProtection 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

SP: G Data TotalProtection 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\ASPG_icon.ico

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_nvsvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-17 bis 2012-10-17  ))))))))))))))))))))))))))))))

.

.

2012-10-17 19:48 . 2012-10-17 19:48        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-17 16:51 . 2012-10-12 07:19        9291768        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{83A33AB8-96D9-494F-ABFF-EB37032A4494}\mpengine.dll

2012-10-05 17:57 . 2012-10-05 17:57        --------        d-----w-        c:\program files (x86)\ESET

2012-10-03 10:55 . 2012-10-03 10:55        --------        d-----w-        c:\program files (x86)\7-Zip

2012-10-03 09:18 . 2012-08-10 03:21        51224        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll

2012-09-30 11:28 . 2012-09-30 11:28        --------        d---a-w-        C:\.Trash-999

2012-09-30 10:00 . 2012-09-30 10:00        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-30 10:00 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-30 09:08 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-09-30 09:08 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-09-30 09:08 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-09-30 09:08 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-09-30 09:08 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-09-30 09:06 . 2012-09-30 09:06        --------        d-----w-        c:\program files\Microsoft Silverlight

2012-09-30 09:06 . 2012-09-30 09:06        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2012-09-26 06:26 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2012-09-23 12:52 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll

2012-09-23 12:52 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2012-09-21 12:21 . 2012-09-21 12:21        --------        d-----w-        c:\users\Adaron\AppData\Roaming\com.amazon.music.uploader

2012-09-21 12:21 . 2012-09-21 12:21        --------        d-----w-        c:\program files (x86)\Common Files\Adobe AIR

2012-09-21 07:38 . 2012-09-21 07:38        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-09-20 15:44 . 2012-09-25 09:31        --------        d-----w-        c:\users\Adaron\AppData\Local\ElevatedDiagnostics

2012-09-20 15:44 . 2012-09-20 15:44        --------        d-----w-        c:\programdata\Hewlett-Packard

2012-09-20 15:43 . 2009-07-14 01:41        230400        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2012-09-20 14:39 . 2012-09-20 14:39        --------        d-----w-        c:\windows\PCHEALTH

2012-09-20 14:37 . 2012-09-20 14:37        --------        d-----w-        c:\program files\Microsoft Office

2012-09-20 14:37 . 2012-09-20 14:37        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services

2012-09-20 14:36 . 2012-09-20 14:36        --------        d-----r-        C:\MSOCache

2012-09-20 14:10 . 2012-09-20 14:10        --------        d-----w-        c:\users\Adaron\AppData\Local\Microsoft Help

2012-09-20 14:10 . 2012-10-11 23:59        --------        d-----w-        c:\programdata\Microsoft Help

2012-09-19 15:11 . 2012-09-19 15:11        --------        d-----w-        c:\users\Adaron\AppData\Local\Macromedia

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 23:59 . 2012-08-20 12:34        65309168        ----a-w-        c:\windows\system32\MRT.exe

2012-10-11 23:42 . 2012-08-18 09:51        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-11 23:42 . 2012-08-18 09:51        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-03 09:20 . 2012-08-18 09:35        60320        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys

2012-10-03 09:18 . 2012-08-18 09:35        54176        ----a-w-        c:\windows\system32\drivers\GDBehave.sys

2012-10-03 09:18 . 2012-08-18 09:35        126880        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys

2012-10-03 09:18 . 2012-08-18 09:35        64416        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys

2012-08-22 18:12 . 2012-09-12 16:39        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 16:39        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 16:39        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 16:39        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-11 22:46        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-08-19 14:48 . 2012-08-19 14:48        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2012-08-19 14:48 . 2012-08-19 14:48        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-19 14:48 . 2012-08-19 14:48        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-19 14:48 . 2012-08-19 14:48        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2012-08-19 14:48 . 2012-08-19 14:48        161792        ----a-w-        c:\windows\SysWow64\msls31.dll

2012-08-19 14:48 . 2012-08-19 14:48        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2012-08-19 14:48 . 2012-08-19 14:48        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll

2012-08-19 14:48 . 2012-08-19 14:48        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx

2012-08-19 14:48 . 2012-08-19 14:48        367104        ----a-w-        c:\windows\SysWow64\html.iec

2012-08-19 14:48 . 2012-08-19 14:48        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2012-08-19 14:48 . 2012-08-19 14:48        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll

2012-08-19 14:48 . 2012-08-19 14:48        152064        ----a-w-        c:\windows\SysWow64\wextract.exe

2012-08-19 14:48 . 2012-08-19 14:48        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2012-08-19 14:48 . 2012-08-19 14:48        11776        ----a-w-        c:\windows\SysWow64\mshta.exe

2012-08-19 14:48 . 2012-08-19 14:48        101888        ----a-w-        c:\windows\SysWow64\admparse.dll

2012-08-19 14:48 . 2012-08-19 14:48        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2012-08-19 14:48 . 2012-08-19 14:48        222208        ----a-w-        c:\windows\system32\msls31.dll

2012-08-19 14:48 . 2012-08-19 14:48        197120        ----a-w-        c:\windows\system32\msrating.dll

2012-08-19 14:48 . 2012-08-19 14:48        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2012-08-19 14:48 . 2012-08-19 14:48        76800        ----a-w-        c:\windows\system32\tdc.ocx

2012-08-19 14:48 . 2012-08-19 14:48        65024        ----a-w-        c:\windows\system32\pngfilt.dll

2012-08-19 14:48 . 2012-08-19 14:48        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll

2012-08-19 14:48 . 2012-08-19 14:48        49664        ----a-w-        c:\windows\system32\imgutil.dll

2012-08-19 14:48 . 2012-08-19 14:48        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2012-08-19 14:48 . 2012-08-19 14:48        448512        ----a-w-        c:\windows\system32\html.iec

2012-08-19 14:48 . 2012-08-19 14:48        282112        ----a-w-        c:\windows\system32\dxtrans.dll

2012-08-19 14:48 . 2012-08-19 14:48        267776        ----a-w-        c:\windows\system32\ieaksie.dll

2012-08-19 14:48 . 2012-08-19 14:48        163840        ----a-w-        c:\windows\system32\ieakui.dll

2012-08-19 14:48 . 2012-08-19 14:48        160256        ----a-w-        c:\windows\system32\ieakeng.dll

2012-08-19 14:48 . 2012-08-19 14:48        149504        ----a-w-        c:\windows\system32\occache.dll

2012-08-19 14:48 . 2012-08-19 14:48        145920        ----a-w-        c:\windows\system32\iepeers.dll

2012-08-19 14:48 . 2012-08-19 14:48        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll

2012-08-19 14:48 . 2012-08-19 14:48        12288        ----a-w-        c:\windows\system32\mshta.exe

2012-08-19 14:48 . 2012-08-19 14:48        114176        ----a-w-        c:\windows\system32\admparse.dll

2012-08-19 14:48 . 2012-08-19 14:48        111616        ----a-w-        c:\windows\system32\iesysprep.dll

2012-08-19 14:48 . 2012-08-19 14:48        10752        ----a-w-        c:\windows\system32\msfeedssync.exe

2012-08-19 14:48 . 2012-08-19 14:48        452608        ----a-w-        c:\windows\system32\dxtmsft.dll

2012-08-19 14:48 . 2012-08-19 14:48        89088        ----a-w-        c:\windows\system32\ie4uinit.exe

2012-08-19 14:48 . 2012-08-19 14:48        85504        ----a-w-        c:\windows\system32\iesetup.dll

2012-08-19 14:48 . 2012-08-19 14:48        82432        ----a-w-        c:\windows\system32\icardie.dll

2012-08-19 14:48 . 2012-08-19 14:48        534528        ----a-w-        c:\windows\system32\ieapfltr.dll

2012-08-19 14:48 . 2012-08-19 14:48        403248        ----a-w-        c:\windows\system32\iedkcs32.dll

2012-08-19 14:48 . 2012-08-19 14:48        39936        ----a-w-        c:\windows\system32\iernonce.dll

2012-08-19 14:48 . 2012-08-19 14:48        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat

2012-08-19 14:48 . 2012-08-19 14:48        30720        ----a-w-        c:\windows\system32\licmgr10.dll

2012-08-19 14:48 . 2012-08-19 14:48        249344        ----a-w-        c:\windows\system32\webcheck.dll

2012-08-19 14:48 . 2012-08-19 14:48        165888        ----a-w-        c:\windows\system32\iexpress.exe

2012-08-19 14:48 . 2012-08-19 14:48        160256        ----a-w-        c:\windows\system32\wextract.exe

2012-08-19 14:48 . 2012-08-19 14:48        103936        ----a-w-        c:\windows\system32\inseng.dll

2012-08-19 13:42 . 2012-08-19 13:42        16504        ----a-w-        c:\windows\system32\drivers\GdPhyMem.sys

2012-08-19 13:42 . 2012-08-19 13:42        106648        ----a-w-        c:\windows\system32\drivers\GRD.sys

2012-08-19 12:53 . 2012-08-19 12:53        839152        ----a-w-        c:\windows\system32\deployJava1.dll

2012-08-19 12:53 . 2012-08-19 12:53        955888        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-08-18 20:42 . 2009-08-07 03:24        408600        ----a-w-        c:\windows\system32\drivers\iaStor.sys

2012-08-18 20:40 . 2009-07-20 15:29        15416        ----a-w-        c:\windows\system32\drivers\kbfiltr.sys

2012-08-18 20:39 . 2009-08-23 03:24        5435904        ----a-w-        c:\windows\system32\drivers\NETw5v64.sys

2012-08-18 20:37 . 2009-05-13 07:07        15928        ----a-w-        c:\windows\system32\drivers\ATK64AMD.sys

2012-08-18 20:27 . 2012-08-18 20:27        35384        ----a-w-        c:\windows\system32\drivers\AsDsm.sys

2012-08-18 09:35 . 2012-08-18 09:35        98760        ----a-w-        c:\windows\system32\drivers\TS4nt.sys

2012-08-18 09:35 . 2012-08-18 09:35        64376        ----a-w-        c:\windows\system32\drivers\HookCentre.sys

2012-08-02 17:58 . 2012-09-12 16:39        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 16:39        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2012-07-26 17:08 . 2012-07-26 17:08        862664        ----a-w-        c:\windows\SysWow64\msvcr110.dll

2012-07-26 17:08 . 2012-07-26 17:08        534480        ----a-w-        c:\windows\SysWow64\msvcp110.dll

2012-07-26 17:08 . 2012-07-26 17:08        251864        ----a-w-        c:\windows\SysWow64\vccorlib110.dll

2012-07-26 17:08 . 2012-07-26 17:08        153536        ----a-w-        c:\windows\SysWow64\atl110.dll

2012-07-26 17:08 . 2012-07-26 17:08        115656        ----a-w-        c:\windows\SysWow64\vcomp110.dll

2012-07-26 13:22 . 2012-07-26 13:22        828872        ----a-w-        c:\windows\system32\msvcr110.dll

2012-07-26 13:22 . 2012-07-26 13:22        661448        ----a-w-        c:\windows\system32\msvcp110.dll

2012-07-26 13:22 . 2012-07-26 13:22        354264        ----a-w-        c:\windows\system32\vccorlib110.dll

2012-07-26 13:22 . 2012-07-26 13:22        177096        ----a-w-        c:\windows\system32\atl110.dll

2012-07-26 13:22 . 2012-07-26 13:22        124360        ----a-w-        c:\windows\system32\vcomp110.dll

2009-04-08 08:31 . 2009-04-08 08:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-11 19:45 . 2008-08-11 19:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 15:08        143360        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" [2012-09-17 995352]

"GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-06-24 272952]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 GLogin;GLogin; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2012-05-14 1218552]

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2012-08-18 5435904]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-26 1255736]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-03 54176]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys [2012-08-18 98760]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-03 126880]

S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-10-03 64416]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-08-19 106648]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-08-18 64376]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]

S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2012-01-27 468472]

S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2012-08-30 2011568]

S2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2012-09-11 1617432]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2012-05-24 306216]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]

S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-03 60320]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-05-01 81440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 23:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 14:52        159744        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-16 8114720]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 16336416]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Adaron\AppData\Roaming\Mozilla\Firefox\Profiles\gir6nvp9.default\

FF - ExtSQL: 2012-10-03 11:18; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-TSNxG4Tray - c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]

@DACL=(02 0000)

@SACL=

"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,

   00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-10-17  21:57:08 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-10-17 19:57

.

Vor Suchlauf: 8 Verzeichnis(se), 133.220.913.152 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 135.312.908.288 Bytes frei

.

- - End Of File - - 5E4963B164A1940141693A6E7E3F465D

....

LG Mojito

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

HAllo Cosinus...

hier die LOGS:

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-10-19 18:12:22

Windows 6.1.7601 Service Pack 1 

Running: gyvvkeqk.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243bfcb64                      

Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243bfcb64 (not active ControlSet)  
 

---- Files - GMER 1.0.15 ----
 

File  C:\ADSM_PData_0150                                                                               0 bytes

File  C:\ADSM_PData_0150\DB                                                                            0 bytes

File  C:\ADSM_PData_0150\DB\SI.db                                                                      624 bytes

File  C:\ADSM_PData_0150\DB\UL.db                                                                      16 bytes

File  C:\ADSM_PData_0150\DB\VL.db                                                                      16 bytes

File  C:\ADSM_PData_0150\DB\WAL.db                                                                     2048 bytes

File  C:\ADSM_PData_0150\DragWait.exe                                                                  315392 bytes executable

File  C:\ADSM_PData_0150\_avt                                                                          512 bytes
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:27:57 on 19.10.2012
 

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASMMAP64" (ASMMAP64) - ? - C:\Program Files\ATKGFNEX\ASMMAP64.sys

"aswMBR" (aswMBR) - ? - C:\Users\Adaron\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Data Security Manager Driver" (AsDsm) - "ASUSTek Computer Inc" - C:\Windows\system32\drivers\AsDsm.sys

"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys

"G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd64.sys

"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys

"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys

"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys

"ghaio" (ghaio) - ? - C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)

"GLogin" (GLogin) - ? - C:\Windows\system32\drivers\GLogin.sys  (File not found)

"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys

"ipswuio" (ipswuio) - ? - C:\Windows\System32\DRIVERS\ipswuio.sys  (File not found)

"lullaby" (lullaby) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"TS4nt driver" (TS4NT) - "G Data Software" - C:\Windows\System32\Drivers\TS4nt.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll

{04184942-D1DF-4B17-BD72-81C230531CA6} "AVKVirtualFolder Class" - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupNSE.dll

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Microsoft-Konto-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Adaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ADSMTray" - "ASUSTek Computer Inc." - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

"ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

"ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe

"GDFirewallTray" - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe

"HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

"ADSM Service" (ADSMService) - "ASUSTek Computer Inc." - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

"G Data Backup Service" (GDBackupSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe

"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe

"G Data Datensafe Service" (TSNxGService) - "G Data Software" - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe

"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe

"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe

"G Data Tuner Service" (GDTunerSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe

"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe

"spmgr" (spmgr) - ? - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

ASW MBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-10-19 18:28:22

-----------------------------

18:28:22.435    OS Version: Windows x64 6.1.7601 Service Pack 1

18:28:22.435    Number of processors: 2 586 0x1706

18:28:22.435    ComputerName: ADARON-PC  UserName: Adaron

18:28:23.045    Initialize success

18:28:28.960    AVAST engine defs: 12101900

18:28:36.532    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:28:36.532    Disk 0 Vendor: Hitachi_ BKFO Size: 476940MB BusType: 3

18:28:36.563    Disk 0 MBR read successfully

18:28:36.563    Disk 0 MBR scan

18:28:36.579    Disk 0 Windows 7 default MBR code

18:28:36.595    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

18:28:36.610    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       196838 MB offset 206848

18:28:36.641    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       280000 MB offset 403331072

18:28:36.688    Disk 0 scanning C:\Windows\system32\drivers

18:28:45.763    Service scanning

18:29:14.496    Modules scanning

18:29:14.496    Disk 0 trace - called modules:

18:29:14.526    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 

18:29:14.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800496d060]

18:29:14.536    3 CLASSPNP.SYS[fffff88001af343f] -> nt!IofCallDriver -> [0xfffffa8003cf32a0]

18:29:14.556    5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046c0050]

18:29:14.576    Scan finished successfully

18:29:26.308    Disk 0 MBR has been saved successfully to "C:\Users\Adaron\Desktop\MBR.dat"

18:29:26.323    The log file has been saved successfully to "C:\Users\Adaron\Desktop\aswMBR.txt"

Tatsächlich ist mir der ASWMBR abgestürzt und ich habe entsprechend Deiner Anleitung AV SCAN auf NONE gestellt... dann hats geklappt...

Liebe Grüße......
Mojito

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Cosinus...

hier die Logs

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 10/21/2012 at 05:52 PM
 

Application Version : 5.6.1012
 

Core Rules Database Version : 9446

Trace Rules Database Version: 7258
 

Scan type       : Complete Scan

Total Scan Time : 00:27:36
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 608

Memory threats detected   : 0

Registry items scanned    : 71320

Registry threats detected : 0

File items scanned        : 36539

File threats detected     : 0

und

Code:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.10.21.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Adaron :: ADARON-PC [Administrator]
 

21.10.2012 21:01:50

mbam-log-2012-10-21 (21-01-50).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 325844

Laufzeit: 45 Minute(n), 34 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Liebe Grüße
Mojito

Code:

UAC On - Limited User

Wie hast du sasw gestartet? Einfach per Doppelklick?

Bitte so wie es in der Anleitung steht auch ausführen!

Zitat:

Zitat von cosinus (Beitrag 324870)

Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!

Hallo Cosinus...

hast Recht, da war ich zu schnell. Hier das Log mit Adminrechten:

Code:

SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com
 

Generiert 10/24/2012 bei 08:46 PM
 

Version der Applikation : 5.6.1012
 

Version der Kern-Datenbank : 9463

Version der Spur-Datenbank : 7275
 

Scan Art       : kompletter Scann

Totale Scann-Zeit : 01:54:46
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Gescannte Speicherelemente  : 636

Erfasste Speicher-Bedrohungen  : 0

Gescannte Register-Elemente  : 71347

Erfasste Register-Bedrohungen  : 0

Gescannte Datei-Elemente     : 125458

Erfasste Datei-Elemente   : 0

Und was soll ich Dir sagen? Da in Eurer Anleitung zu SuperAntispyware nichts davon steht, dass man andere Virenscanner deaktivieren soll hatte ich im Hintergrund also weiterhin mein G-DATA laufen... Und prompt fängt G-DATA während des Suchlaufs von SuperAntispyware an, herum zu meckern und spuckt mir folgende Warnung aus:

Code:



Beim Öffnen der Datei "C:\Program Files (x86)\ASUS\ASUS LifeFrame3\pcdll.dll" wurde der Virus "Win32:Malware-gen (Engine B)" entdeckt. Zugriff verweigert.
 

Die Datei wurde in die Quarantäne verschoben.
 

Datei: C:\Program Files (x86)\ASUS\ASUS LifeFrame3\pcdll.dll

Virus: Win32:Malware-gen (Engine B)

Ich brech ins Essen... :headbang: :pukeface:

Jetzt vielleicht doch ein Virus oder nur ein "False positive"??? Denn SuperAntiSpyware hat ja auch nix angezeigt...

LG Mojito

Das ist imho eindeutig ein Fehlalarm. Also keine weiteren Funde mehr.

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Cosinus...

nein mein System ist soweit o.k.

Glaubst Du denn, dass auch der allererste Fund von Malwarebytes (weswegen ich den Thread eröffnet habe) ein "False positive" war oder was würdest du abschließend sagen?

Beste Grüße Mojito

Zitat:

C:\Users\Adaron\AppData\Local\Temp\.exe (Trojan.Agent) -> Erfolgreich gelöscht

Du meinst den? Das sieht schon schwer nach Ungeziefer aus ;)

Hi Cosinus...

was schätzt Du welche Art Ungeziefer? Sollte ich irgendwelche Kennwörter etc. pp. besser ändern? Und ist das System jetzt wieder clean?

Beste Grüße

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hallo lieber Cosinus...

vielen herzlichen Dank für Dein tolles Engagement und die Geduld, die mit mir aufgebracht hast.... Du hast mir wirklich sehr geholfen.

Ich wünsch Dir und Deinem Team weiterhin alles Gute und dass Ihr auch weiterhin so motiviert zur Sache geht.

Beste Grüße
Mojito