? zu PUP.Topckit entfernen

Scheinle · 23.06.2012, 19:05

Hola,

Malwarebytes hat bei einem Scan heut die oben genannte Bedrohung gefunden und in die Quarantäne verschoben.
Was passiert nun damit bzw. wie bekomme ich die Bedrohung endgültig von meinem Sytem?

Hier noch der Auszug des Logfiles:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: NB [Administrator]

Schutz: Aktiviert

23.06.2012 12:55:27
mbam-log-2012-06-23 (12-55-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225998
Laufzeit: 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Topckit (PUP.Topckit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 26.06.2012, 15:04

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Scheinle · 28.06.2012, 21:19

Hallo Arne,
hier die gewünschten Log's:

Der Ordnung halber nochmal das Log des 1. Quickscans mit Malwarebytes als Code:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]

Schutz: Aktiviert

23.06.2012 12:55:27
mbam-log-2012-06-23 (12-55-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225998
Laufzeit: 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Topckit (PUP.Topckit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Nun der vollständige Scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]

Schutz: Aktiviert

23.06.2012 13:01:32
mbam-log-2012-06-23 (13-01-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401566
Laufzeit: 51 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
E:\Downloads\Mauszeigersymbole.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ein weiterer vollständiger Scan auf Bedrohungen heute blieb negativ.

Und hier noch das ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d3537a134c1ca045baeb87fda918aa6d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 07:22:29
# local_time=2012-06-28 09:22:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 71 461803 91567661 0 0
# compatibility_mode=5893 16776574 100 94 460422 92535015 0 0
# compatibility_mode=8192 67108863 100 0 166 166 0 0
# scanned=205616
# found=0
# cleaned=0
# scan_time=6185

Vielleicht noch zu Info:
Auswirkungen hat die Bedrohung soweit ich bisher feststellen konnte auf den Windows-Explorer (stürzt ziemlich oft ab, vor allem beim Scrollen) und auf das Akkuladezustandssymbol (ist ausgeblendet und lässt sich auch nicht mehr aktivieren).

cosinus · 29.06.2012, 11:54

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Scheinle · 29.06.2012, 13:23

Hallo Arne,

hier das aktuelle OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.06.2012 14:05:19 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: *** | Country: *** | Language: *** | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 69,95% Memory free
15,83 Gb Paging File | 13,55 Gb Available in Paging File | 85,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 117,86 Gb Free Space | 63,26% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 231,21 Gb Free Space | 90,86% Space Free | Partition Type: NTFS
Drive E: | 232,87 Gb Total Space | 180,38 Gb Free Space | 77,46% Space Free | Partition Type: NTFS
Drive F: | 232,89 Gb Total Space | 231,30 Gb Free Space | 99,32% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 13:32:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
PRC - [2012.06.27 17:00:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
PRC - [2011.02.08 04:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.10.14 15:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.27 17:00:32 | 002,000,352 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2012.06.27 17:00:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 23:20:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.13 04:33:32 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.08 04:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Disabled | Stopped] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.28 07:58:38 | 000,585,774 | ---- | M] (ZF Electronics GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.22 16:54:51 | 000,090,232 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR162.SYS -- (SMR162)
DRV:64bit: - [2012.05.18 18:04:14 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012.03.29 00:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.03.29 00:28:34 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012.03.29 00:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.03.29 00:28:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2012.03.29 00:06:26 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.29 16:44:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 05:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.08 04:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 00:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.06.29 10:39:33 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\ex64.sys -- (NAVEX15)
DRV - [2012.06.29 10:39:33 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\eng64.sys -- (NAVENG)
DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.06.14 20:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120628.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.06.01 11:14:58 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.05.31 19:32:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{06C659E7-B9F3-4B3A-8BBA-1AF1C0063168}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{40C571BD-AE78-4101-9F37-BB36732A5CAE}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{44A8EAB0-BEA7-465C-8F08-B6B13DCE84BF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{D123367C-4ADE-4047-8D83-43D9C9AC8ACD}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{DEF82946-5D5C-44BC-8B74-CE7749E50B71}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{FDE35139-4A81-4B07-B1E2-F2A2FC2B4A12}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.webradio-bounty.de|chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\***\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012.06.29 09:34:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012.06.23 11:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 17:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:22:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7alg5la9.default\extensions\firejump@firejump.net [2012.06.23 11:39:14 | 000,000,000 | ---D | M]
 
[2012.06.23 11:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.11.16 21:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.06.23 11:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7alg5la9.default\extensions
[2012.06.23 11:39:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7alg5la9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.06.23 11:39:14 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7alg5la9.default\extensions\firejump@firejump.net
[2012.06.23 11:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\extensions
[2012.06.23 11:39:19 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.06.23 11:39:25 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.06.19 21:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\SimpleClocks\extensions
[2012.06.19 20:34:11 | 000,002,101 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7alg5la9.default\searchplugins\googlede.xml
[2012.06.23 11:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.27 17:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.12.22 12:06:46 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.06.05 22:39:51 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.01.05 22:38:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.05 11:55:16 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.01.09 23:30:45 | 000,112,216 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\SIMPLECLOCKS@GRBRADT.ORG.XPI
[2012.06.27 17:00:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.04 19:30:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.23 12:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 12:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 12:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 12:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 12:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 12:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7562EE05-215F-419F-81F5-78D2711515FC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D405AA01-F4B8-4921-9B93-C3D339FCEB7D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (E:\MaxTube_movie_id73937.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 13:32:31 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.06.29 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4568543D-3C33-46F6-B510-96FA439CC1CC}
[2012.06.29 10:30:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F01AA3A-0983-43F0-9576-B0A66321A05A}
[2012.06.28 19:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.28 19:36:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\ESET-Scanner.exe
[2012.06.28 17:37:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88BF343D-F210-4014-A9B4-47061028744A}
[2012.06.28 17:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8FD3CBBB-334A-400C-BAD9-0C716AA94895}
[2012.06.27 17:00:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C63E8F24-C63C-40C4-A3C3-AF86AAB2798E}
[2012.06.27 16:59:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{931428C4-3359-47E9-A168-8A40A6A430B6}
[2012.06.26 17:46:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8F0E7BF8-2ABA-46BB-9E09-0E4E5A93BE1F}
[2012.06.26 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A131964-28A9-4501-8037-FC5F341A863D}
[2012.06.25 17:26:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8C774328-67A9-463B-AB19-481FFC2B755B}
[2012.06.25 17:26:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{531CF139-4E79-4F76-9EF3-F48B79DF0E67}
[2012.06.24 11:54:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7AF9EFB1-DCB7-48B1-981C-4D661D76E94C}
[2012.06.24 11:54:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FF5326C2-5403-4A1E-AE54-49EB87E0A2F0}
[2012.06.24 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{34B493B8-32B8-4BA1-B20B-14DA1A12BB9B}
[2012.06.24 11:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1835760D-E217-4E58-B9F7-911A250330B3}
[2012.06.23 12:54:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.23 12:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.23 12:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.23 12:54:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.23 12:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.23 12:18:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D353D9F7-C306-4D3B-8EC5-34D14BBF7122}
[2012.06.23 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C53C772D-255E-4320-B5A0-4D39896C2AA3}
[2012.06.23 12:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1E8DC61E-5524-4C87-BD92-31029404346C}
[2012.06.23 12:16:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1FE989E8-3C3A-40B9-8705-C57A750DAE41}
[2012.06.23 12:11:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.06.23 11:58:32 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012.06.23 11:52:17 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012.06.23 11:16:49 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.06.23 11:16:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.06.23 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.06.23 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.06.23 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.23 11:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.23 11:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.06.23 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.06.23 11:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012.06.23 11:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.06.23 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.06.23 11:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.06.23 11:13:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.06.22 18:47:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NeoSmart_Technologies
[2012.06.22 18:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2012.06.22 16:54:51 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2012.06.22 16:54:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE
[2012.06.22 15:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
[2012.06.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cherry
[2012.06.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry
[2012.06.22 12:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2012
[2012.06.22 11:45:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F524530A-16BF-4267-ADD3-4426314F8842}
[2012.06.22 11:45:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3D110B97-F03C-4165-A1D4-FE21E97D86CC}
[2012.06.22 11:28:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB DVD-Downloadtool für Windows 7
[2012.06.22 11:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012.06.22 10:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2012.06.22 10:45:24 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.22 10:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Winner
[2012.06.22 10:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Winner
[2012.06.22 10:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{056E3ED5-C1A8-42B8-A39E-8B3F3AEC818B}
[2012.06.22 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47B70BAC-CE09-43B7-B525-D7B57BB8041F}
[2012.06.21 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{56BF8A8B-D1EF-4971-A6CE-339EC403BFB4}
[2012.06.21 18:14:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1B1E365F-31BB-4B3C-915C-81EC7781DFB3}
[2012.06.20 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{65F50E31-D317-42BD-B4F7-5A03173444D4}
[2012.06.20 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E3A3E2CA-4058-41BA-A49E-B0CDD6934F1B}
[2012.06.19 21:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.19 21:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.06.19 17:14:23 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.06.19 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ Search
[2012.06.19 17:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.19 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2012.06.19 17:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.19 17:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.06.19 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E4342085-C362-47F6-9CA4-04F2539B1F4C}
[2012.06.19 17:02:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DFC454B3-D3FE-4649-9E97-89EDA54F78AA}
[2012.06.18 15:50:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6AC9CF9A-97A6-4FF9-90AA-DDEABF4B4DC2}
[2012.06.17 11:41:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2C26F816-7D4A-4F09-9061-2006557FBF8B}
[2012.06.16 14:14:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.16 14:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.06.16 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{03462022-98B3-49B8-84A6-AEF07AAFDD4E}
[2012.06.16 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9095812F-4DA3-4987-9D27-F7FE586DE224}
[2012.06.15 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E24F84FE-FFF9-40AF-826B-2577D1340019}
[2012.06.15 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BC45474F-D79F-4C51-90E9-0E121D1C7A35}
[2012.06.14 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FB6CD13B-2C70-4880-84E3-33AFD0CDA2AC}
[2012.06.14 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3CD8BC67-8898-455A-A407-E7E01BA3F9AD}
[2012.06.13 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83EDBB9E-143C-48AF-A884-D96F4FC6149F}
[2012.06.13 17:13:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EC8DCC1C-9333-471B-8DE3-35309C02487A}
[2012.06.12 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C703C236-314C-40F6-BFB2-E0FE6F45F42C}
[2012.06.12 18:50:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D52B3FF6-3E24-4A44-8C93-86E234840788}
[2012.06.11 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B977BCFD-EB92-498C-A5BD-406A7752DD1C}
[2012.06.11 18:23:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0E0C5CB3-A69C-40B8-A3CB-1599DFC75546}
[2012.06.10 11:12:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A9241A72-2DE0-4D0A-9329-8A70536E2930}
[2012.06.10 11:12:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FAEC90C4-935E-4FF0-B8DB-C90AD0F78804}
[2012.06.10 11:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A7D78C28-FDF7-431B-A318-065A9CC8DCD6}
[2012.06.10 11:11:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9774559E-DFF0-42A7-9415-08CE3CE49756}
[2012.06.09 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B50C6E8B-9744-45A9-83FF-EAC649650082}
[2012.06.09 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A6067E4C-0D94-42ED-B617-1555C23EDAF5}
[2012.06.09 11:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8C5C8FBB-404D-4660-B78C-74E28C2DCFFE}
[2012.06.09 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C6106E54-436F-4111-BA66-CD02994DB27E}
[2012.06.08 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DCCF3FDA-6B56-4CC6-85AE-E50102E9DA91}
[2012.06.08 13:46:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9506B5FF-0DF5-439D-A204-DAD12119C21F}
[2012.06.07 15:53:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1EDEB1F4-1087-4592-B005-CCDC10987C4B}
[2012.06.07 15:53:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1A29FE74-62A8-45CB-9692-0F990DABDEAE}
[2012.06.07 15:52:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{04C96783-0176-4E6F-86B3-15818A2EA123}
[2012.06.07 15:52:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FB40046A-C0BB-48CC-AECA-D1DEF89332E5}
[2012.06.06 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6AC72091-8602-4261-B9E0-8D0C2656704A}
[2012.06.06 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1082114B-7E9E-4F27-BF8B-5D1B5C0C7D92}
[2012.06.05 17:19:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DA9EE34F-5B1D-4FF4-81FB-27AA645BAB05}
[2012.06.05 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E6764D92-7AAF-4953-ADC2-936AF29C3DA1}
[2012.06.04 17:57:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8ABA139A-55FD-4739-8871-872D6B6068CE}
[2012.06.04 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{40A7B7B2-3324-4C26-AFB3-795BC96E350D}
[2012.06.03 21:54:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5107F079-4E78-44BA-AAFF-8C6953175816}
[2012.06.03 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{89249301-55B7-4CA0-AF46-82C7B6BF2E31}
[2012.06.03 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6BE488B9-BD13-4F10-821C-7BC136030EC8}
[2012.06.03 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CAAC5FF6-9A68-4377-9B14-D909AB469CB3}
[2012.06.03 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8AAC293C-675E-4EBC-B7AA-698DD1711DCD}
[2012.06.03 09:53:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{94230D08-BA74-4C68-849E-82929BC5ABB0}
[2012.06.03 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D64F1EB6-6474-4744-94C9-C9CA72349CC2}
[2012.06.03 09:52:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D6EE91D5-E7C1-4AFE-BECC-FB5B750B1C50}
[2012.06.02 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E6976BFF-79F6-4041-9653-5F5C70AFA5F4}
[2012.06.02 21:52:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{96501573-03D8-4AFE-9D31-4BC70D0D0213}
[2012.06.02 21:51:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EB454122-0834-41D7-9116-6B7FFBA49DBF}
[2012.06.02 21:51:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9EB29EAE-29D6-4001-8EB8-D5587981229F}
[2012.06.02 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{810BB60F-3926-41C2-B277-C3DBA55D57F1}
[2012.06.02 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{22AF3DEC-336E-487F-BAE9-0CF95FFF5938}
[2012.06.01 16:54:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\BackUp
[2012.06.01 15:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.06.01 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.06.01 15:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.06.01 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp
[2012.06.01 14:58:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2012.06.01 10:56:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6ADECC4D-618E-4FF7-9F5E-B2E778A8D5A2}
[2012.06.01 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BC1FBE68-6FE3-4B0C-A312-5A29A8F9913D}
[2012.05.31 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{55175381-743B-4519-9861-BC45A6EDB6D2}
[2012.05.31 19:10:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4B7885D3-B95D-451B-9532-1621E74C4BB4}
[2012.05.30 17:57:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D7AF6F46-0945-4CA7-9D42-1A08286C7F34}
[2012.05.30 17:57:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7BF56D7F-5BCB-4610-9701-8DB3F52B3842}
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 14:04:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.29 13:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 13:32:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.06.29 12:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2012.06.29 10:33:40 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 10:33:40 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 10:31:53 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.29 10:31:53 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.29 10:31:53 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.29 10:31:53 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.29 10:31:53 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.29 10:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 09:32:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.06.29 09:32:45 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.29 09:32:25 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 19:36:15 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\ESET-Scanner.exe
[2012.06.26 17:46:57 | 002,043,746 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
[2012.06.25 17:21:21 | 000,369,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.24 23:07:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.24 23:07:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.24 19:37:12 | 000,000,010 | ---- | M] () -- C:\Program Files\Common Files\systemdate.dat
[2012.06.23 13:21:07 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.06.23 13:21:07 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.06.23 12:11:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.06.23 11:58:45 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.06.23 11:58:45 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.06.23 11:46:23 | 000,022,960 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012.06.23 11:15:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.06.23 11:15:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.06.22 16:55:47 | 000,000,771 | ---- | M] () -- C:\Users\***\AppData\Roaming\SMRBackup162.dat
[2012.06.22 16:54:51 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2012.06.22 11:10:06 | 000,002,317 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.06.01 16:54:11 | 000,011,968 | ---- | M] () -- C:\Users\***\Documents\Kontakte SIII.spb
[2012.06.01 15:33:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.06.24 23:07:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.24 23:07:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.23 12:06:50 | 000,001,411 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.23 12:06:41 | 000,001,445 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.23 11:46:23 | 000,022,960 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012.06.23 11:16:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.06.23 11:16:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.06.23 11:15:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.06.23 11:15:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.06.22 19:31:13 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.06.22 19:31:13 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.06.22 16:55:47 | 000,000,771 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMRBackup162.dat
[2012.06.22 10:56:02 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\One-Click Tweak.job
[2012.06.19 17:14:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.06.01 16:54:10 | 000,011,968 | ---- | C] () -- C:\Users\***\Documents\Kontakte SIII.spb
[2012.06.01 15:33:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.03.30 15:44:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.01.31 22:06:29 | 000,000,191 | ---- | C] () -- C:\Users\***\.java.policy
[2011.11.13 17:44:08 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2011.11.06 10:56:06 | 000,000,063 | ---- | C] () -- C:\Windows\Altair_1.250.INI
[2011.11.04 22:38:33 | 000,000,010 | ---- | C] () -- C:\Program Files\Common Files\systemdate.dat
[2011.08.23 05:24:52 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.08.23 05:24:49 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.08.23 05:24:49 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.08.23 05:18:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 05:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.03.02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2012.06.29 12:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job
[2009.07.14 07:08:49 | 000,006,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%*. >
[2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Antares
[2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cherry
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.06.27 17:13:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EssentialPIM
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon
[2012.06.29 13:47:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.06.23 11:38:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Search
[2012.06.24 17:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.06.23 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ipswitch
[2012.06.23 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth
[2012.06.23 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.23 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.23 11:39:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2012.06.23 11:46:12 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.06.23 11:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2012.06.23 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Octoshape
[2012.06.23 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.06.23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.06.23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.06.23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.06.23 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.06.23 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2012.06.23 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2012.06.01 16:54:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.06.23 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2012.06.28 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.06.23 11:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2012.06.23 11:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.11.06 00:34:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.06.23 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.06.23 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager
[2012.06.23 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
< %APPDATA%*.exe /s >
[2012.06.19 17:14:18 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012.06.22 11:28:01 | 000,119,808 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}\icons.exe
[2012.06.19 17:14:09 | 000,106,496 | ---- | M] (OCS) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2012.06.19 17:14:09 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.03.24 17:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Users\***\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2012.05.17 18:46:26 | 000,106,920 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.05.17 18:46:26 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.05.17 18:46:26 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.06.01 14:54:27 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012.04.27 02:13:04 | 000,955,280 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.04.27 02:13:08 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.04.05 18:41:16 | 000,317,952 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.04.27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.10.25 16:01:04 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2012.03.22 23:43:30 | 000,297,984 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012.04.09 17:16:32 | 000,695,296 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.04.27 02:13:12 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.05.17 18:46:26 | 000,106,920 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.05.17 18:46:26 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.04.27 02:13:16 | 000,183,696 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.05.17 18:46:26 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.04.27 02:13:22 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012.03.19 18:53:42 | 024,161,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.04.27 02:13:24 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.05.30 03:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\iaStor.sys
[2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< CREATESTOREPOINT >

< End of report >

--- --- ---

cosinus · 29.06.2012, 13:51

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{44A8EAB0-BEA7-465C-8F08-B6B13DCE84BF}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{D123367C-4ADE-4047-8D83-43D9C9AC8ACD}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{DEF82946-5D5C-44BC-8B74-CE7749E50B71}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{FDE35139-4A81-4B07-B1E2-F2A2FC2B4A12}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
O3 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20:64bit: - HKLM Winlogon: UserInit - (E:\MaxTube_movie_id73937.exe) -  File not found
:Files
C:\Program Files (x86)\ICQ6Toolbar
C:\$WINDOWS.~Q
C:\$INPLACE.~TR
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Scheinle · 29.06.2012, 14:42

Hallo Arne,

beim 1. Versuch hat sich das OTL "erhängt", aber beim 2. Versuch hat es geklappt.

Hier das von Dir gewünschte Log im Anhang.
War wohl für den Code einwenig zu lang.

cosinus · 29.06.2012, 14:48

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Scheinle · 29.06.2012, 14:59

Code:

ATTFilter

15:53:23.0853 2384	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
15:53:24.0321 2384	============================================================
15:53:24.0321 2384	Current date / time: 2012/06/29 15:53:24.0321
15:53:24.0321 2384	SystemInfo:
15:53:24.0321 2384	
15:53:24.0321 2384	OS Version: 6.1.7601 ServicePack: 1.0
15:53:24.0321 2384	Product type: Workstation
15:53:24.0321 2384	ComputerName: ***
15:53:24.0321 2384	UserName: ***
15:53:24.0321 2384	Windows directory: C:\Windows
15:53:24.0321 2384	System windows directory: C:\Windows
15:53:24.0321 2384	Running under WOW64
15:53:24.0337 2384	Processor architecture: Intel x64
15:53:24.0337 2384	Number of processors: 4
15:53:24.0337 2384	Page size: 0x1000
15:53:24.0337 2384	Boot type: Normal boot
15:53:24.0337 2384	============================================================
15:53:24.0851 2384	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:53:25.0148 2384	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:53:25.0226 2384	============================================================
15:53:25.0226 2384	\Device\Harddisk0\DR0:
15:53:25.0226 2384	MBR partitions:
15:53:25.0226 2384	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
15:53:25.0241 2384	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
15:53:25.0241 2384	\Device\Harddisk1\DR1:
15:53:25.0241 2384	MBR partitions:
15:53:25.0241 2384	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1BE000
15:53:25.0241 2384	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1D1BE800, BlocksNum 0x1D1C7830
15:53:25.0241 2384	============================================================
15:53:25.0273 2384	C: <-> \Device\Harddisk0\DR0\Partition0
15:53:25.0304 2384	D: <-> \Device\Harddisk0\DR0\Partition1
15:53:25.0366 2384	E: <-> \Device\Harddisk1\DR1\Partition0
15:53:25.0413 2384	F: <-> \Device\Harddisk1\DR1\Partition1
15:53:25.0413 2384	============================================================
15:53:25.0413 2384	Initialize success
15:53:25.0413 2384	============================================================
15:55:35.0278 2752	============================================================
15:55:35.0278 2752	Scan started
15:55:35.0278 2752	Mode: Manual; SigCheck; TDLFS; 
15:55:35.0278 2752	============================================================
15:55:36.0089 2752	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:55:36.0167 2752	1394ohci - ok
15:55:36.0230 2752	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:55:36.0261 2752	ACPI - ok
15:55:36.0292 2752	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:55:36.0323 2752	AcpiPmi - ok
15:55:36.0448 2752	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:55:36.0464 2752	AdobeARMservice - ok
15:55:36.0589 2752	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:55:36.0620 2752	AdobeFlashPlayerUpdateSvc - ok
15:55:36.0682 2752	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:55:36.0713 2752	adp94xx - ok
15:55:36.0791 2752	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:55:36.0823 2752	adpahci - ok
15:55:36.0838 2752	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:55:36.0854 2752	adpu320 - ok
15:55:36.0901 2752	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:55:36.0979 2752	AeLookupSvc - ok
15:55:37.0041 2752	AFBAgent        (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe
15:55:37.0072 2752	AFBAgent - ok
15:55:37.0119 2752	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:55:37.0181 2752	AFD - ok
15:55:37.0244 2752	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:55:37.0244 2752	agp440 - ok
15:55:37.0275 2752	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:55:37.0322 2752	ALG - ok
15:55:37.0353 2752	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:55:37.0369 2752	aliide - ok
15:55:37.0384 2752	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:55:37.0400 2752	amdide - ok
15:55:37.0415 2752	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:55:37.0478 2752	AmdK8 - ok
15:55:37.0493 2752	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:55:37.0509 2752	AmdPPM - ok
15:55:37.0571 2752	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:55:37.0603 2752	amdsata - ok
15:55:37.0649 2752	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:55:37.0696 2752	amdsbs - ok
15:55:37.0727 2752	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:55:37.0743 2752	amdxata - ok
15:55:37.0774 2752	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:55:37.0821 2752	AppID - ok
15:55:37.0852 2752	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:55:37.0915 2752	AppIDSvc - ok
15:55:37.0946 2752	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:55:38.0024 2752	Appinfo - ok
15:55:38.0055 2752	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:55:38.0086 2752	arc - ok
15:55:38.0117 2752	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:55:38.0117 2752	arcsas - ok
15:55:38.0258 2752	ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:55:38.0273 2752	ASLDRService - ok
15:55:38.0305 2752	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:55:38.0305 2752	ASMMAP64 - ok
15:55:38.0336 2752	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:38.0383 2752	AsyncMac - ok
15:55:38.0429 2752	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:55:38.0461 2752	atapi - ok
15:55:38.0663 2752	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
15:55:38.0804 2752	athr - ok
15:55:38.0897 2752	ATKGFNEXSrv     (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:55:38.0929 2752	ATKGFNEXSrv - ok
15:55:38.0960 2752	ATKWMIACPIIO    (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:55:38.0975 2752	ATKWMIACPIIO - ok
15:55:39.0131 2752	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:39.0272 2752	AudioEndpointBuilder - ok
15:55:39.0272 2752	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:39.0303 2752	AudioSrv - ok
15:55:39.0412 2752	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:55:39.0475 2752	AxInstSV - ok
15:55:39.0584 2752	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:55:39.0631 2752	b06bdrv - ok
15:55:39.0662 2752	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:55:39.0740 2752	b57nd60a - ok
15:55:39.0802 2752	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:55:39.0865 2752	BDESVC - ok
15:55:39.0911 2752	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:55:39.0989 2752	Beep - ok
15:55:40.0083 2752	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:55:40.0192 2752	BFE - ok
15:55:40.0364 2752	BHDrvx64        (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
15:55:40.0411 2752	BHDrvx64 - ok
15:55:40.0535 2752	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:55:40.0645 2752	BITS - ok
15:55:40.0691 2752	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:55:40.0738 2752	blbdrive - ok
15:55:40.0785 2752	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:55:40.0832 2752	bowser - ok
15:55:40.0863 2752	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:55:40.0910 2752	BrFiltLo - ok
15:55:40.0910 2752	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:55:40.0925 2752	BrFiltUp - ok
15:55:40.0972 2752	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:55:41.0066 2752	Browser - ok
15:55:41.0128 2752	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:55:41.0206 2752	Brserid - ok
15:55:41.0206 2752	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:41.0237 2752	BrSerWdm - ok
15:55:41.0237 2752	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:41.0253 2752	BrUsbMdm - ok
15:55:41.0269 2752	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:41.0300 2752	BrUsbSer - ok
15:55:41.0300 2752	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:55:41.0315 2752	BTHMODEM - ok
15:55:41.0378 2752	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:55:41.0440 2752	BthPan - ok
15:55:41.0471 2752	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:55:41.0518 2752	bthserv - ok
15:55:41.0565 2752	ccSet_N360      (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
15:55:41.0565 2752	ccSet_N360 - ok
15:55:41.0596 2752	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:41.0659 2752	cdfs - ok
15:55:41.0690 2752	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:55:41.0705 2752	cdrom - ok
15:55:41.0768 2752	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:55:41.0846 2752	CertPropSvc - ok
15:55:41.0939 2752	Cherry Device Interface (280969d43fe354f87bed6ee1d5223141) C:\Program Files (x86)\Cherry\CDI\cdi.exe
15:55:42.0002 2752	Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning
15:55:42.0002 2752	Cherry Device Interface - detected UnsignedFile.Multi.Generic (1)
15:55:42.0033 2752	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:55:42.0080 2752	circlass - ok
15:55:42.0158 2752	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:55:42.0173 2752	CLFS - ok
15:55:42.0283 2752	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:42.0314 2752	clr_optimization_v2.0.50727_32 - ok
15:55:42.0392 2752	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:55:42.0407 2752	clr_optimization_v2.0.50727_64 - ok
15:55:42.0454 2752	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:55:42.0485 2752	clr_optimization_v4.0.30319_32 - ok
15:55:42.0517 2752	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:55:42.0517 2752	clr_optimization_v4.0.30319_64 - ok
15:55:42.0548 2752	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:42.0595 2752	CmBatt - ok
15:55:42.0610 2752	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:55:42.0626 2752	cmdide - ok
15:55:42.0688 2752	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:55:42.0751 2752	CNG - ok
15:55:42.0782 2752	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:42.0782 2752	Compbatt - ok
15:55:42.0813 2752	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:55:42.0844 2752	CompositeBus - ok
15:55:42.0860 2752	COMSysApp - ok
15:55:42.0985 2752	cphs            (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:55:43.0000 2752	cphs - ok
15:55:43.0016 2752	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:55:43.0031 2752	crcdisk - ok
15:55:43.0078 2752	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:55:43.0125 2752	CryptSvc - ok
15:55:43.0219 2752	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:55:43.0343 2752	DcomLaunch - ok
15:55:43.0375 2752	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:55:43.0468 2752	defragsvc - ok
15:55:43.0499 2752	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:55:43.0546 2752	DfsC - ok
15:55:43.0593 2752	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:55:43.0687 2752	Dhcp - ok
15:55:43.0718 2752	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:55:43.0780 2752	discache - ok
15:55:43.0811 2752	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:55:43.0843 2752	Disk - ok
15:55:43.0874 2752	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:55:43.0921 2752	Dnscache - ok
15:55:43.0952 2752	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:55:44.0014 2752	dot3svc - ok
15:55:44.0077 2752	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:55:44.0155 2752	DPS - ok
15:55:44.0201 2752	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:55:44.0248 2752	drmkaud - ok
15:55:44.0326 2752	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:44.0357 2752	DXGKrnl - ok
15:55:44.0389 2752	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:55:44.0420 2752	EapHost - ok
15:55:44.0638 2752	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:55:44.0794 2752	ebdrv - ok
15:55:44.0935 2752	eeCtrl          (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:55:44.0950 2752	eeCtrl - ok
15:55:45.0091 2752	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:55:45.0153 2752	EFS - ok
15:55:45.0247 2752	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:55:45.0309 2752	ehRecvr - ok
15:55:45.0325 2752	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:55:45.0371 2752	ehSched - ok
15:55:45.0481 2752	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:55:45.0559 2752	elxstor - ok
15:55:45.0637 2752	EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:55:45.0668 2752	EraserUtilRebootDrv - ok
15:55:45.0668 2752	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:55:45.0699 2752	ErrDev - ok
15:55:45.0761 2752	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:55:45.0839 2752	EventSystem - ok
15:55:45.0886 2752	ewusbnet        (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys
15:55:45.0933 2752	ewusbnet - ok
15:55:45.0980 2752	ew_hwusbdev     (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
15:55:46.0027 2752	ew_hwusbdev - ok
15:55:46.0089 2752	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:55:46.0183 2752	exfat - ok
15:55:46.0198 2752	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:55:46.0261 2752	fastfat - ok
15:55:46.0370 2752	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:55:46.0432 2752	Fax - ok
15:55:46.0479 2752	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:55:46.0510 2752	fdc - ok
15:55:46.0557 2752	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:55:46.0619 2752	fdPHost - ok
15:55:46.0651 2752	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:55:46.0713 2752	FDResPub - ok
15:55:46.0744 2752	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:55:46.0760 2752	FileInfo - ok
15:55:46.0775 2752	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:55:46.0838 2752	Filetrace - ok
15:55:46.0869 2752	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:55:46.0885 2752	flpydisk - ok
15:55:46.0916 2752	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:55:46.0931 2752	FltMgr - ok
15:55:47.0025 2752	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:55:47.0119 2752	FontCache - ok
15:55:47.0212 2752	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:55:47.0228 2752	FontCache3.0.0.0 - ok
15:55:47.0290 2752	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:55:47.0306 2752	FsDepends - ok
15:55:47.0337 2752	fssfltr         (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
15:55:47.0337 2752	fssfltr - ok
15:55:47.0477 2752	fsssvc          (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:55:47.0540 2752	fsssvc - ok
15:55:47.0649 2752	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:47.0680 2752	Fs_Rec - ok
15:55:47.0727 2752	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:47.0774 2752	fvevol - ok
15:55:47.0805 2752	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:55:47.0821 2752	gagp30kx - ok
15:55:47.0899 2752	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:55:47.0977 2752	gpsvc - ok
15:55:48.0055 2752	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:55:48.0070 2752	gupdate - ok
15:55:48.0086 2752	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:55:48.0086 2752	gupdatem - ok
15:55:48.0117 2752	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:55:48.0133 2752	hcw85cir - ok
15:55:48.0179 2752	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:55:48.0226 2752	HDAudBus - ok
15:55:48.0242 2752	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:55:48.0273 2752	HidBatt - ok
15:55:48.0273 2752	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:55:48.0304 2752	HidBth - ok
15:55:48.0351 2752	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:55:48.0382 2752	HidIr - ok
15:55:48.0413 2752	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:55:48.0476 2752	hidserv - ok
15:55:48.0491 2752	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:48.0507 2752	HidUsb - ok
15:55:48.0538 2752	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:55:48.0569 2752	hkmsvc - ok
15:55:48.0616 2752	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:55:48.0679 2752	HomeGroupListener - ok
15:55:48.0725 2752	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:55:48.0757 2752	HomeGroupProvider - ok
15:55:48.0803 2752	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:55:48.0835 2752	HpSAMD - ok
15:55:48.0897 2752	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:55:48.0991 2752	HTTP - ok
15:55:49.0037 2752	hwdatacard      (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:55:49.0084 2752	hwdatacard - ok
15:55:49.0131 2752	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:55:49.0162 2752	hwpolicy - ok
15:55:49.0178 2752	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:55:49.0193 2752	i8042prt - ok
15:55:49.0256 2752	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
15:55:49.0287 2752	iaStor - ok
15:55:49.0365 2752	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:55:49.0396 2752	iaStorV - ok
15:55:49.0537 2752	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:55:49.0599 2752	idsvc - ok
15:55:49.0786 2752	IDSVia64        (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120628.001\IDSvia64.sys
15:55:49.0817 2752	IDSVia64 - ok
15:55:50.0738 2752	igfx            (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:55:51.0206 2752	igfx - ok
15:55:51.0409 2752	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:55:51.0440 2752	iirsp - ok
15:55:51.0502 2752	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:55:51.0596 2752	IKEEXT - ok
15:55:51.0767 2752	IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys
15:55:51.0799 2752	IntcAzAudAddService - ok
15:55:51.0939 2752	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:55:51.0986 2752	IntcDAud - ok
15:55:52.0033 2752	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:55:52.0048 2752	intelide - ok
15:55:52.0079 2752	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:52.0111 2752	intelppm - ok
15:55:52.0157 2752	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:55:52.0220 2752	IPBusEnum - ok
15:55:52.0267 2752	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:52.0298 2752	IpFilterDriver - ok
15:55:52.0345 2752	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:55:52.0469 2752	iphlpsvc - ok
15:55:52.0485 2752	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:55:52.0485 2752	IPMIDRV - ok
15:55:52.0501 2752	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:55:52.0547 2752	IPNAT - ok
15:55:52.0579 2752	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:55:52.0610 2752	IRENUM - ok
15:55:52.0625 2752	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:55:52.0625 2752	isapnp - ok
15:55:52.0657 2752	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:55:52.0703 2752	iScsiPrt - ok
15:55:52.0735 2752	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:55:52.0750 2752	kbdclass - ok
15:55:52.0781 2752	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:55:52.0813 2752	kbdhid - ok
15:55:52.0844 2752	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:55:52.0875 2752	kbfiltr - ok
15:55:52.0906 2752	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:52.0937 2752	KeyIso - ok
15:55:53.0000 2752	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:55:53.0031 2752	KSecDD - ok
15:55:53.0047 2752	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:53.0062 2752	KSecPkg - ok
15:55:53.0109 2752	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:55:53.0187 2752	ksthunk - ok
15:55:53.0265 2752	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:55:53.0327 2752	KtmRm - ok
15:55:53.0374 2752	L1C             (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:55:53.0390 2752	L1C - ok
15:55:53.0452 2752	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:55:53.0546 2752	LanmanServer - ok
15:55:53.0593 2752	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:55:53.0639 2752	LanmanWorkstation - ok
15:55:53.0686 2752	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:53.0764 2752	lltdio - ok
15:55:53.0827 2752	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:55:53.0905 2752	lltdsvc - ok
15:55:53.0936 2752	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:55:53.0983 2752	lmhosts - ok
15:55:54.0076 2752	LMS             (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:55:54.0107 2752	LMS - ok
15:55:54.0139 2752	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:55:54.0154 2752	LSI_FC - ok
15:55:54.0185 2752	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:55:54.0185 2752	LSI_SAS - ok
15:55:54.0201 2752	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:55:54.0217 2752	LSI_SAS2 - ok
15:55:54.0232 2752	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:55:54.0248 2752	LSI_SCSI - ok
15:55:54.0279 2752	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:55:54.0341 2752	luafv - ok
15:55:54.0404 2752	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:55:54.0419 2752	MBAMProtector - ok
15:55:54.0482 2752	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:55:54.0560 2752	MBAMService - ok
15:55:54.0607 2752	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:55:54.0653 2752	Mcx2Svc - ok
15:55:54.0700 2752	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:55:54.0731 2752	megasas - ok
15:55:54.0794 2752	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:55:54.0841 2752	MegaSR - ok
15:55:54.0872 2752	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:55:54.0887 2752	MEIx64 - ok
15:55:54.0934 2752	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:55:54.0997 2752	MMCSS - ok
15:55:55.0028 2752	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:55:55.0106 2752	Modem - ok
15:55:55.0121 2752	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:55:55.0153 2752	monitor - ok
15:55:55.0184 2752	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:55:55.0184 2752	mouclass - ok
15:55:55.0231 2752	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:55.0277 2752	mouhid - ok
15:55:55.0309 2752	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:55:55.0340 2752	mountmgr - ok
15:55:55.0402 2752	MozillaMaintenance (03de7c5fc16862b325b0e22e3c0bb63a) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:55:55.0465 2752	MozillaMaintenance - ok
15:55:55.0496 2752	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:55:55.0511 2752	mpio - ok
15:55:55.0527 2752	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:55:55.0558 2752	mpsdrv - ok
15:55:55.0621 2752	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:55:55.0667 2752	MpsSvc - ok
15:55:55.0683 2752	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:55:55.0714 2752	MRxDAV - ok
15:55:55.0761 2752	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:55.0792 2752	mrxsmb - ok
15:55:55.0839 2752	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:55.0886 2752	mrxsmb10 - ok
15:55:55.0917 2752	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:55.0933 2752	mrxsmb20 - ok
15:55:55.0964 2752	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:55:55.0979 2752	msahci - ok
15:55:56.0011 2752	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:55:56.0026 2752	msdsm - ok
15:55:56.0057 2752	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:55:56.0104 2752	MSDTC - ok
15:55:56.0135 2752	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:55:56.0198 2752	Msfs - ok
15:55:56.0229 2752	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:55:56.0276 2752	mshidkmdf - ok
15:55:56.0307 2752	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:55:56.0307 2752	msisadrv - ok
15:55:56.0354 2752	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:55:56.0385 2752	MSiSCSI - ok
15:55:56.0385 2752	msiserver - ok
15:55:56.0416 2752	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:56.0494 2752	MSKSSRV - ok
15:55:56.0541 2752	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:56.0603 2752	MSPCLOCK - ok
15:55:56.0635 2752	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:55:56.0681 2752	MSPQM - ok
15:55:56.0713 2752	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:55:56.0759 2752	MsRPC - ok
15:55:56.0775 2752	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:55:56.0791 2752	mssmbios - ok
15:55:56.0822 2752	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:55:56.0853 2752	MSTEE - ok
15:55:56.0853 2752	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:55:56.0853 2752	MTConfig - ok
15:55:56.0884 2752	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:55:56.0884 2752	Mup - ok
15:55:57.0009 2752	N360            (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
15:55:57.0009 2752	N360 - ok
15:55:57.0056 2752	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:55:57.0134 2752	napagent - ok
15:55:57.0212 2752	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:57.0290 2752	NativeWifiP - ok
15:55:57.0399 2752	NAVENG          (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\ENG64.SYS
15:55:57.0415 2752	NAVENG - ok
15:55:57.0555 2752	NAVEX15         (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\EX64.SYS
15:55:57.0602 2752	NAVEX15 - ok
15:55:57.0805 2752	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:55:57.0836 2752	NDIS - ok
15:55:57.0867 2752	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:55:57.0914 2752	NdisCap - ok
15:55:57.0945 2752	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:57.0976 2752	NdisTapi - ok
15:55:58.0007 2752	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:58.0054 2752	Ndisuio - ok
15:55:58.0085 2752	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:58.0163 2752	NdisWan - ok
15:55:58.0210 2752	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:55:58.0241 2752	NDProxy - ok
15:55:58.0273 2752	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:55:58.0366 2752	NetBIOS - ok
15:55:58.0397 2752	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:55:58.0460 2752	NetBT - ok
15:55:58.0507 2752	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:58.0507 2752	Netlogon - ok
15:55:58.0585 2752	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:55:58.0647 2752	Netman - ok
15:55:58.0694 2752	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:55:58.0741 2752	netprofm - ok
15:55:58.0850 2752	netr28x         (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys
15:55:58.0881 2752	netr28x - ok
15:55:58.0959 2752	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:58.0975 2752	NetTcpPortSharing - ok
15:55:59.0021 2752	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:55:59.0037 2752	nfrd960 - ok
15:55:59.0084 2752	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:55:59.0146 2752	NlaSvc - ok
15:55:59.0177 2752	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:55:59.0209 2752	Npfs - ok
15:55:59.0209 2752	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:55:59.0255 2752	nsi - ok
15:55:59.0287 2752	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:55:59.0349 2752	nsiproxy - ok
15:55:59.0521 2752	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:55:59.0614 2752	Ntfs - ok
15:55:59.0739 2752	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:55:59.0817 2752	Null - ok
15:56:00.0503 2752	nvlddmkm        (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:56:00.0893 2752	nvlddmkm - ok
15:56:01.0003 2752	nvpciflt        (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:56:01.0034 2752	nvpciflt - ok
15:56:01.0065 2752	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:56:01.0081 2752	nvraid - ok
15:56:01.0112 2752	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:56:01.0127 2752	nvstor - ok
15:56:01.0221 2752	NVSvc           (558490b65557a15193e56c44dcf67b64) C:\Windows\system32\nvvsvc.exe
15:56:01.0283 2752	NVSvc - ok
15:56:01.0471 2752	nvUpdatusService (fc968ef459601bb3d18a40bb85ec5193) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:56:01.0595 2752	nvUpdatusService - ok
15:56:01.0736 2752	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:56:01.0767 2752	nv_agp - ok
15:56:01.0876 2752	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:56:01.0907 2752	odserv - ok
15:56:01.0954 2752	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:56:01.0954 2752	ohci1394 - ok
15:56:02.0017 2752	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:02.0017 2752	ose - ok
15:56:02.0360 2752	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:02.0438 2752	osppsvc - ok
15:56:02.0547 2752	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:56:02.0609 2752	p2pimsvc - ok
15:56:02.0672 2752	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:56:02.0734 2752	p2psvc - ok
15:56:02.0797 2752	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:56:02.0843 2752	Parport - ok
15:56:02.0875 2752	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:56:02.0906 2752	partmgr - ok
15:56:02.0984 2752	Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
15:56:02.0999 2752	Partner Service - ok
15:56:03.0046 2752	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:56:03.0093 2752	PcaSvc - ok
15:56:03.0124 2752	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:56:03.0155 2752	pccsmcfd - ok
15:56:03.0280 2752	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:56:03.0311 2752	pci - ok
15:56:03.0327 2752	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:56:03.0327 2752	pciide - ok
15:56:03.0374 2752	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:56:03.0389 2752	pcmcia - ok
15:56:03.0421 2752	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:56:03.0421 2752	pcw - ok
15:56:03.0530 2752	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:56:03.0592 2752	PEAUTH - ok
15:56:03.0686 2752	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:56:03.0717 2752	PerfHost - ok
15:56:03.0826 2752	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:56:03.0982 2752	pla - ok
15:56:04.0060 2752	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:56:04.0091 2752	PlugPlay - ok
15:56:04.0107 2752	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:56:04.0154 2752	PNRPAutoReg - ok
15:56:04.0201 2752	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:56:04.0216 2752	PNRPsvc - ok
15:56:04.0263 2752	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:56:04.0310 2752	PolicyAgent - ok
15:56:04.0357 2752	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:56:04.0403 2752	Power - ok
15:56:04.0466 2752	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:56:04.0544 2752	PptpMiniport - ok
15:56:04.0591 2752	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:56:04.0622 2752	Processor - ok
15:56:04.0684 2752	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:56:04.0731 2752	ProfSvc - ok
15:56:04.0762 2752	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:04.0778 2752	ProtectedStorage - ok
15:56:04.0840 2752	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:56:04.0903 2752	Psched - ok
15:56:05.0012 2752	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:56:05.0090 2752	ql2300 - ok
15:56:05.0199 2752	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:56:05.0230 2752	ql40xx - ok
15:56:05.0277 2752	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:56:05.0324 2752	QWAVE - ok
15:56:05.0355 2752	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:56:05.0371 2752	QWAVEdrv - ok
15:56:05.0371 2752	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:56:05.0402 2752	RasAcd - ok
15:56:05.0433 2752	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:05.0464 2752	RasAgileVpn - ok
15:56:05.0480 2752	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:56:05.0542 2752	RasAuto - ok
15:56:05.0573 2752	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:05.0620 2752	Rasl2tp - ok
15:56:05.0683 2752	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:56:05.0761 2752	RasMan - ok
15:56:05.0792 2752	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:05.0823 2752	RasPppoe - ok
15:56:05.0870 2752	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:56:05.0948 2752	RasSstp - ok
15:56:05.0979 2752	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:56:06.0073 2752	rdbss - ok
15:56:06.0088 2752	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:56:06.0119 2752	rdpbus - ok
15:56:06.0135 2752	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:06.0166 2752	RDPCDD - ok
15:56:06.0182 2752	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:56:06.0213 2752	RDPENCDD - ok
15:56:06.0244 2752	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:56:06.0260 2752	RDPREFMP - ok
15:56:06.0307 2752	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:56:06.0322 2752	RDPWD - ok
15:56:06.0447 2752	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:56:06.0494 2752	rdyboost - ok
15:56:06.0525 2752	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:56:06.0572 2752	RemoteAccess - ok
15:56:06.0634 2752	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:56:06.0712 2752	RemoteRegistry - ok
15:56:06.0759 2752	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:56:06.0775 2752	RFCOMM - ok
15:56:06.0806 2752	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:56:06.0853 2752	RpcEptMapper - ok
15:56:06.0884 2752	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:56:06.0931 2752	RpcLocator - ok
15:56:06.0977 2752	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:56:07.0024 2752	RpcSs - ok
15:56:07.0087 2752	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:56:07.0102 2752	rspndr - ok
15:56:07.0133 2752	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:07.0149 2752	SamSs - ok
15:56:07.0165 2752	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:56:07.0165 2752	sbp2port - ok
15:56:07.0243 2752	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:56:07.0289 2752	SCardSvr - ok
15:56:07.0305 2752	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:56:07.0383 2752	scfilter - ok
15:56:07.0477 2752	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:56:07.0617 2752	Schedule - ok
15:56:07.0648 2752	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:56:07.0679 2752	SCPolicySvc - ok
15:56:07.0695 2752	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:56:07.0711 2752	SDRSVC - ok
15:56:07.0789 2752	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:56:07.0851 2752	secdrv - ok
15:56:07.0882 2752	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:56:07.0913 2752	seclogon - ok
15:56:07.0945 2752	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:56:07.0991 2752	SENS - ok
15:56:08.0007 2752	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:56:08.0038 2752	SensrSvc - ok
15:56:08.0069 2752	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:56:08.0085 2752	Serenum - ok
15:56:08.0132 2752	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:56:08.0163 2752	Serial - ok
15:56:08.0210 2752	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:56:08.0241 2752	sermouse - ok
15:56:08.0366 2752	ServiceLayer    (c15b813f2fdb44f87f23312472c6e790) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:56:08.0444 2752	ServiceLayer - ok
15:56:08.0491 2752	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:56:08.0569 2752	SessionEnv - ok
15:56:08.0600 2752	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:56:08.0631 2752	sffdisk - ok
15:56:08.0631 2752	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:56:08.0647 2752	sffp_mmc - ok
15:56:08.0662 2752	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:56:08.0678 2752	sffp_sd - ok
15:56:08.0693 2752	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:56:08.0725 2752	sfloppy - ok
15:56:08.0771 2752	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:56:08.0881 2752	SharedAccess - ok
15:56:08.0943 2752	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:56:09.0021 2752	ShellHWDetection - ok
15:56:09.0068 2752	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:56:09.0099 2752	SiSGbeLH - ok
15:56:09.0146 2752	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:56:09.0177 2752	SiSRaid2 - ok
15:56:09.0177 2752	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:56:09.0193 2752	SiSRaid4 - ok
15:56:09.0271 2752	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:56:09.0302 2752	SkypeUpdate - ok
15:56:09.0333 2752	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:56:09.0395 2752	Smb - ok
15:56:09.0427 2752	SMR162          (367bc6cd6c781b56fcf6218cd5999dc3) C:\Windows\system32\drivers\SMR162.SYS
15:56:09.0442 2752	SMR162 - ok
15:56:09.0473 2752	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:56:09.0505 2752	SNMPTRAP - ok
15:56:09.0583 2752	speedfan        (7455ed832a33fef453407f5411c3342d) C:\Windows\syswow64\speedfan.sys
15:56:09.0614 2752	speedfan - ok
15:56:09.0629 2752	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:56:09.0645 2752	spldr - ok
15:56:09.0692 2752	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:56:09.0754 2752	Spooler - ok
15:56:09.0926 2752	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:56:10.0051 2752	sppsvc - ok
15:56:10.0175 2752	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:56:10.0269 2752	sppuinotify - ok
15:56:10.0363 2752	SRTSP           (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
15:56:10.0409 2752	SRTSP - ok
15:56:10.0425 2752	SRTSPX          (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
15:56:10.0425 2752	SRTSPX - ok
15:56:10.0472 2752	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:56:10.0534 2752	srv - ok
15:56:10.0581 2752	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:56:10.0643 2752	srv2 - ok
15:56:10.0690 2752	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:56:10.0706 2752	srvnet - ok
15:56:10.0737 2752	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:56:10.0768 2752	SSDPSRV - ok
15:56:10.0784 2752	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:56:10.0815 2752	SstpSvc - ok
15:56:10.0831 2752	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:56:10.0846 2752	stexstor - ok
15:56:10.0924 2752	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:56:11.0018 2752	stisvc - ok
15:56:11.0033 2752	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:56:11.0049 2752	swenum - ok
15:56:11.0096 2752	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:56:11.0189 2752	swprv - ok
15:56:11.0267 2752	SymDS           (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
15:56:11.0299 2752	SymDS - ok
15:56:11.0361 2752	SymEFA          (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
15:56:11.0423 2752	SymEFA - ok
15:56:11.0470 2752	SymEvent        (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:56:11.0470 2752	SymEvent - ok
15:56:11.0517 2752	SymIM           (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys
15:56:11.0548 2752	SymIM - ok
15:56:11.0611 2752	SymIRON         (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
15:56:11.0626 2752	SymIRON - ok
15:56:11.0657 2752	SymNetS         (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
15:56:11.0673 2752	SymNetS - ok
15:56:11.0782 2752	SynTP           (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys
15:56:11.0829 2752	SynTP - ok
15:56:12.0032 2752	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:56:12.0110 2752	SysMain - ok
15:56:12.0172 2752	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:56:12.0203 2752	TabletInputService - ok
15:56:12.0266 2752	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:56:12.0328 2752	TapiSrv - ok
15:56:12.0359 2752	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:56:12.0391 2752	TBS - ok
15:56:12.0640 2752	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:56:12.0718 2752	Tcpip - ok
15:56:12.0968 2752	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:56:13.0015 2752	TCPIP6 - ok
15:56:13.0139 2752	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:56:13.0202 2752	tcpipreg - ok
15:56:13.0202 2752	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:56:13.0217 2752	TDPIPE - ok
15:56:13.0249 2752	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:56:13.0295 2752	TDTCP - ok
15:56:13.0327 2752	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:56:13.0373 2752	tdx - ok
15:56:13.0389 2752	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:56:13.0389 2752	TermDD - ok
15:56:13.0451 2752	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:56:13.0529 2752	TermService - ok
15:56:13.0607 2752	TGCM_ImportWiFiSvc (46b389e1a1c8e66d877402fc0821a371) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
15:56:13.0654 2752	TGCM_ImportWiFiSvc - ok
15:56:13.0685 2752	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:56:13.0717 2752	Themes - ok
15:56:13.0763 2752	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:56:13.0779 2752	THREADORDER - ok
15:56:13.0841 2752	TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
15:56:13.0873 2752	TomTomHOMEService - ok
15:56:13.0904 2752	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:56:13.0966 2752	TrkWks - ok
15:56:14.0029 2752	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:56:14.0122 2752	TrustedInstaller - ok
15:56:14.0185 2752	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:14.0247 2752	tssecsrv - ok
15:56:14.0278 2752	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:56:14.0294 2752	TsUsbFlt - ok
15:56:14.0309 2752	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:56:14.0309 2752	TsUsbGD - ok
15:56:14.0341 2752	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:56:14.0387 2752	tunnel - ok
15:56:14.0419 2752	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
15:56:14.0434 2752	TurboB - ok
15:56:14.0543 2752	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:56:14.0590 2752	TurboBoost - ok
15:56:14.0621 2752	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:56:14.0637 2752	uagp35 - ok
15:56:14.0668 2752	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:56:14.0746 2752	udfs - ok
15:56:14.0793 2752	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:56:14.0824 2752	UI0Detect - ok
15:56:14.0887 2752	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:56:14.0933 2752	uliagpkx - ok
15:56:14.0980 2752	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:56:15.0027 2752	umbus - ok
15:56:15.0058 2752	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:56:15.0105 2752	UmPass - ok
15:56:15.0355 2752	UNS             (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:56:15.0417 2752	UNS - ok
15:56:15.0511 2752	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:56:15.0620 2752	upnphost - ok
15:56:15.0667 2752	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:15.0698 2752	usbccgp - ok
15:56:15.0776 2752	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:56:15.0807 2752	usbcir - ok
15:56:15.0838 2752	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:56:15.0869 2752	usbehci - ok
15:56:15.0916 2752	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:56:15.0979 2752	usbhub - ok
15:56:16.0041 2752	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:56:16.0072 2752	usbohci - ok
15:56:16.0150 2752	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:56:16.0166 2752	usbprint - ok
15:56:16.0228 2752	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:56:16.0259 2752	USBSTOR - ok
15:56:16.0291 2752	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:56:16.0337 2752	usbuhci - ok
15:56:16.0384 2752	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:56:16.0447 2752	usbvideo - ok
15:56:16.0493 2752	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:56:16.0571 2752	UxSms - ok
15:56:16.0603 2752	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:16.0618 2752	VaultSvc - ok
15:56:16.0665 2752	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:56:16.0681 2752	vdrvroot - ok
15:56:16.0712 2752	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:56:16.0821 2752	vds - ok
15:56:16.0837 2752	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:16.0852 2752	vga - ok
15:56:16.0868 2752	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:56:16.0915 2752	VgaSave - ok
15:56:16.0930 2752	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:56:16.0961 2752	vhdmp - ok
15:56:16.0977 2752	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:56:16.0977 2752	viaide - ok
15:56:17.0008 2752	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:56:17.0024 2752	volmgr - ok
15:56:17.0071 2752	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:56:17.0086 2752	volmgrx - ok
15:56:17.0133 2752	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:56:17.0180 2752	volsnap - ok
15:56:17.0242 2752	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:56:17.0273 2752	vsmraid - ok
15:56:17.0367 2752	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:56:17.0461 2752	VSS - ok
15:56:17.0585 2752	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:56:17.0632 2752	vwifibus - ok
15:56:17.0648 2752	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:56:17.0679 2752	vwififlt - ok
15:56:17.0741 2752	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:56:17.0757 2752	vwifimp - ok
15:56:17.0804 2752	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:56:17.0866 2752	W32Time - ok
15:56:17.0882 2752	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:56:17.0897 2752	WacomPen - ok
15:56:17.0944 2752	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:18.0007 2752	WANARP - ok
15:56:18.0007 2752	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:18.0038 2752	Wanarpv6 - ok
15:56:18.0147 2752	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:56:18.0241 2752	WatAdminSvc - ok
15:56:18.0412 2752	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:56:18.0521 2752	wbengine - ok
15:56:18.0646 2752	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:56:18.0677 2752	WbioSrvc - ok
15:56:18.0724 2752	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:56:18.0755 2752	wcncsvc - ok
15:56:18.0787 2752	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:56:18.0833 2752	WcsPlugInService - ok
15:56:18.0911 2752	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:56:18.0943 2752	Wd - ok
15:56:19.0005 2752	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:56:19.0036 2752	Wdf01000 - ok
15:56:19.0052 2752	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:56:19.0083 2752	WdiServiceHost - ok
15:56:19.0083 2752	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:56:19.0099 2752	WdiSystemHost - ok
15:56:19.0161 2752	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:56:19.0192 2752	WebClient - ok
15:56:19.0208 2752	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:56:19.0270 2752	Wecsvc - ok
15:56:19.0286 2752	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:56:19.0317 2752	wercplsupport - ok
15:56:19.0348 2752	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:56:19.0364 2752	WerSvc - ok
15:56:19.0426 2752	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:19.0489 2752	WfpLwf - ok
15:56:19.0535 2752	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:56:19.0567 2752	WimFltr - ok
15:56:19.0629 2752	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:56:19.0645 2752	WIMMount - ok
15:56:19.0676 2752	WinDefend - ok
15:56:19.0691 2752	WinHttpAutoProxySvc - ok
15:56:19.0754 2752	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:56:19.0816 2752	Winmgmt - ok
15:56:19.0972 2752	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:56:20.0081 2752	WinRM - ok
15:56:20.0237 2752	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:56:20.0269 2752	WinUSB - ok
15:56:20.0409 2752	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:56:20.0503 2752	Wlansvc - ok
15:56:20.0596 2752	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:56:20.0627 2752	wlcrasvc - ok
15:56:20.0815 2752	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:56:20.0861 2752	wlidsvc - ok
15:56:20.0986 2752	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:56:21.0049 2752	WmiAcpi - ok
15:56:21.0111 2752	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:56:21.0158 2752	wmiApSrv - ok
15:56:21.0189 2752	WMPNetworkSvc - ok
15:56:21.0220 2752	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:56:21.0251 2752	WPCSvc - ok
15:56:21.0283 2752	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:56:21.0298 2752	WPDBusEnum - ok
15:56:21.0314 2752	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:56:21.0361 2752	ws2ifsl - ok
15:56:21.0376 2752	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:56:21.0407 2752	wscsvc - ok
15:56:21.0407 2752	WSearch - ok
15:56:21.0485 2752	WTGService      (624809fe31f0ebba33fd4c98e016dd83) C:\Program Files (x86)\XSManager\WTGService.exe
15:56:21.0532 2752	WTGService - ok
15:56:21.0719 2752	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:56:21.0797 2752	wuauserv - ok
15:56:21.0922 2752	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:56:22.0000 2752	WudfPf - ok
15:56:22.0031 2752	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:22.0063 2752	WUDFRd - ok
15:56:22.0094 2752	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:56:22.0125 2752	wudfsvc - ok
15:56:22.0156 2752	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:56:22.0219 2752	WwanSvc - ok
15:56:22.0250 2752	XS Stick Service (c2f3d4b5ba078eb6cb08300990304f39) C:\Windows\service4g.exe
15:56:22.0281 2752	XS Stick Service - ok
15:56:22.0297 2752	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:56:22.0999 2752	\Device\Harddisk0\DR0 - ok
15:56:23.0295 2752	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk1\DR1
15:56:23.0467 2752	\Device\Harddisk1\DR1 - ok
15:56:23.0529 2752	Boot (0x1200)   (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0
15:56:23.0545 2752	\Device\Harddisk0\DR0\Partition0 - ok
15:56:23.0560 2752	Boot (0x1200)   (3c676b34236236eab891b5c815f1ad42) \Device\Harddisk0\DR0\Partition1
15:56:23.0576 2752	\Device\Harddisk0\DR0\Partition1 - ok
15:56:23.0576 2752	Boot (0x1200)   (b1f4d14cbcb1a9517810f24ef71b5002) \Device\Harddisk1\DR1\Partition0
15:56:23.0576 2752	\Device\Harddisk1\DR1\Partition0 - ok
15:56:23.0576 2752	Boot (0x1200)   (2555bea6f5052abb2abaa738131b25b6) \Device\Harddisk1\DR1\Partition1
15:56:23.0591 2752	\Device\Harddisk1\DR1\Partition1 - ok
15:56:23.0591 2752	============================================================
15:56:23.0591 2752	Scan finished
15:56:23.0591 2752	============================================================
15:56:23.0607 4972	Detected object count: 1
15:56:23.0607 4972	Actual detected object count: 1
15:56:39.0956 4972	Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:39.0956 4972	Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.06.2012, 22:24

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Scheinle · 30.06.2012, 08:24

Code:

ATTFilter

ComboFix 12-06-28.03 - *** 30.06.2012   9:03.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8104.6376 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-30  ))))))))))))))))))))))))))))))
.
.
2012-06-30 07:08 . 2012-06-30 07:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-29 13:36 . 2012-06-29 13:36	--------	d-----w-	c:\program files (x86)\7-Zip
2012-06-29 13:16 . 2012-06-29 13:16	--------	d-----w-	C:\_OTL
2012-06-28 17:36 . 2012-06-28 17:36	--------	d-----w-	c:\program files (x86)\ESET
2012-06-25 18:45 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-06-25 18:45 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-06-25 18:45 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-06-25 18:45 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-06-25 18:45 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2012-06-25 18:45 . 2011-03-25 03:29	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-06-25 18:45 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-06-25 15:18 . 2012-06-25 15:18	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-06-25 15:18 . 2012-06-25 15:18	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-06-24 21:03 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-06-24 21:03 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-06-24 21:03 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-06-24 21:03 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-06-24 21:03 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-06-24 21:03 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-06-24 21:03 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-06-24 10:05 . 2011-03-11 06:34	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2012-06-24 10:03 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-06-24 10:03 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-06-24 10:03 . 2011-04-29 03:06	467456	----a-w-	c:\windows\system32\drivers\srv.sys
2012-06-24 10:03 . 2011-04-29 03:05	410112	----a-w-	c:\windows\system32\drivers\srv2.sys
2012-06-24 10:03 . 2011-04-29 03:05	168448	----a-w-	c:\windows\system32\drivers\srvnet.sys
2012-06-24 10:03 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2012-06-24 10:03 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2012-06-24 10:03 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2012-06-24 10:03 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2012-06-24 10:03 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-24 10:00 . 2011-02-12 11:34	267776	----a-w-	c:\windows\system32\FXSCOVER.exe
2012-06-24 09:59 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-06-24 09:59 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-06-24 09:59 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-06-24 09:59 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-24 09:59 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-06-24 09:59 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-24 09:59 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-06-24 09:59 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-06-24 09:59 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-06-24 09:59 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-06-24 07:19 . 2009-07-14 05:07	1002728	----a-w-	c:\windows\system32\WinUSBCoInstaller2.dll
2012-06-23 10:54 . 2012-06-23 10:54	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-23 10:54 . 2012-06-23 10:54	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 10:54 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-23 10:16 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-23 10:16 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-23 10:16 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-23 10:16 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-23 10:16 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-23 10:16 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-23 10:16 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-23 10:16 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-23 10:16 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-23 10:11 . 2012-06-23 10:04	--------	d-----w-	c:\windows\Panther
2012-06-23 10:09 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-06-23 10:09 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-06-23 10:09 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-06-23 09:40 . 2012-06-23 09:40	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-06-23 09:16 . 2012-06-24 08:59	--------	d-----w-	c:\users\UpdatusUser
2012-06-23 09:16 . 2012-06-23 17:57	--------	d-----w-	c:\users\***
2012-06-23 09:15 . 2012-06-23 09:15	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-06-23 09:15 . 2012-06-23 09:22	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-06-23 09:15 . 2012-06-23 09:19	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-06-23 09:15 . 2012-06-23 09:15	--------	d-----w-	c:\programdata\SonicFocus
2012-06-23 09:15 . 2012-06-23 09:15	--------	d-----w-	c:\program files\Realtek
2012-06-23 09:15 . 2012-06-23 09:15	--------	d-----w-	c:\windows\SysWow64\RTCOM
2012-06-23 09:15 . 2012-06-23 09:15	--------	d-----w-	c:\program files\Synaptics
2012-06-22 16:45 . 2012-06-22 18:22	--------	d-----w-	c:\program files (x86)\NeoSmart Technologies
2012-06-22 14:54 . 2012-06-22 14:54	90232	----a-w-	c:\windows\system32\drivers\SMR162.SYS
2012-06-22 13:03 . 2012-06-23 09:20	--------	d-----w-	c:\program files (x86)\Common Files\Cherry
2012-06-22 13:03 . 2012-06-23 09:20	--------	d-----w-	c:\program files (x86)\Cherry
2012-06-22 10:41 . 2012-06-23 09:20	--------	d-----w-	c:\program files (x86)\Advanced Fix 2012
2012-06-22 09:11 . 2012-06-23 09:27	--------	d-----w-	c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-22 08:15 . 2012-06-23 09:23	--------	d-----w-	c:\program files (x86)\Registry Winner
2012-06-19 19:14 . 2012-06-23 09:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-19 19:13 . 2012-06-19 19:13	772592	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-19 19:13 . 2012-06-23 09:21	--------	d-----w-	c:\program files (x86)\Java
2012-06-19 19:01 . 2012-06-19 19:01	955840	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-19 15:14 . 2011-05-13 11:16	493056	----a-w-	c:\windows\SysWow64\dhRichClient3.dll
2012-06-19 15:14 . 2011-03-25 19:42	338432	----a-w-	c:\windows\SysWow64\sqlite36_engine.dll
2012-06-19 15:07 . 2012-06-23 09:26	--------	d-----w-	c:\programdata\ICQ
2012-06-19 15:06 . 2012-06-23 09:21	--------	d-----w-	c:\program files (x86)\ICQ7M
2012-06-16 12:14 . 2012-06-23 09:26	--------	d-----w-	c:\programdata\McAfee
2012-06-01 13:30 . 2012-06-23 09:20	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-06-01 13:29 . 2012-06-23 09:23	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2012-06-01 12:58 . 2012-06-23 09:29	--------	d-----w-	c:\windows\SysWow64\System32
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 07:09 . 2011-11-04 14:14	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-06-19 21:20 . 2012-04-02 14:42	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 21:20 . 2011-11-30 16:46	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 19:13 . 2011-11-11 15:13	687600	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-29 07:38 . 2011-03-02 05:57	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-05-18 16:04 . 2011-12-04 09:27	175736	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-05 16:42 . 2012-04-02 15:42	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 11:51 . 2012-04-22 11:51	2152176	----a-w-	c:\windows\system32\WUDFUpdate_01009.dll
2012-04-22 11:51 . 2012-04-22 11:51	759296	----a-w-	c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
2012-04-22 11:51 . 2011-11-04 19:50	25600	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
R4 Cherry Device Interface;Cherry Device Interface;c:\program files (x86)\Cherry\CDI\cdi.exe [2009-05-28 585774]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-13 332272]
R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
R4 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-08 25960]
S0 SMR162;Symantec SMR Utility Service 1.6.2;c:\windows\System32\drivers\SMR162.SYS [2012-06-22 90232]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-28 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-28 1092728]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120628.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-28 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-28 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:20]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 18:52]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 18:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-04-13 02:33	750064	----a-w-	c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Ocs_SM"="c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-06-19 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\
FF - prefs.js: browser.startup.homepage - hxxp://www.webradio-bounty.de/hitparade.php?vo=116|https://www.facebook.com/?sk=h_chr|chrome://speeddial/content/speeddial.xul
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3966522721-1864700456-4269420246-1001\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession2_2244"="{24A5BDC2-419C-47D8-87A7-7626071B5363}"
"ccSvcHst_UserSession2_2372"="{53F283D7-3FAC-4A6B-ABBE-AEE12D962B02}"
"ccSvcHst_N360"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ccSvcHst_UserSession2_1996"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"ccGenericEvent_Global_EM"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ccGenericEvent_Global_LM"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ccGenericLog_Manager"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"SNDServiceRequestChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"SymRedirSvcRequestChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"SNDLocationChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"NortonNetServiceIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"NetMapServiceIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_isDataPrComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"g_coVistaProxyChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ipcChannel_ShastaServer"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"ncw_performance_IPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_ProcessDetection_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"isError_Service_IPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_AvProdSvcComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"BashIPCChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_buSvcComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"Tuneup_Context_Switch_Channel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_ISPOCClient_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_IDataStoreMgr_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_NortonOnlineCommFeatureRequest_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_buVssComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"_HSPlayerCommand_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"FWAlert"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"IPS_COMMAND_CHANNEL"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
"AvProdSession_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"AvProdSession_Options_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"AvProdSession_MessageCenter_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"AvProdSession_Scanless_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"AvProdSession_IPUA_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"AvProdSession_CanIRun_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"_buUIComm_S-1-5-21-3966522721-1864700456-4269420246-1001"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"clt::AlertChannel2_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"g_coUserCommandChannel_S-1-5-21-3966522721-1864700456-4269420246-1001"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"TRUSTCHANNEL"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"SDKCHANNEL1"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"ToasterNotify\\SessionID_1"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"_IPCChannel_PerformAutoLogin_1_"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{E9549EE1-582E-4796-A87D-4DA359635D88}"
"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{9A4CC712-1307-482B-92D5-F5118B3BB31C}"=""
"{E3C78739-C135-4595-A467-6459F2FAA69A}"=""
"{AF09F7A5-99EA-4A84-836B-BCFE9ECAE17E}"=""
"{BC306143-6543-47BD-AD06-436C8E2E09A1}"=""
"{DF8AB7CB-F802-4A9F-A5F1-B76186451D2E}"=""
"{0969C658-E0C2-40B1-8AA3-6D76892EDC47}"=""
"{E6C557E8-0B35-4213-8689-CF40844F9513}"=""
"{7F23F45D-964F-46BF-944D-7D18B589FA99}"=""
"{7A8C101A-B7CF-4F4A-9F1D-165FFEAED664}"=""
"{B880BBC6-B3B7-4F0E-84CC-E95F3B13D4AF}"=""
"{4DFE6380-DDF8-4945-80F0-E4F8E2488D64}"=""
"{596EC78A-4E30-49A6-BFE2-05C8E79DC71B}"=""
"{37532AC0-742C-4679-BC3B-76D7D8882D08}"=""
"{0E11476A-F623-4C13-91CB-9AD1EABADD4C}"=""
"{B3AE662C-9BC8-44F4-B407-5B394EB59858}"=""
"{A17D1029-B7B2-4FC2-9A6A-E1F41F883573}"=""
"{24A5BDC2-419C-47D8-87A7-7626071B5363}"=""
"{5380CBC7-3AE8-4554-BF40-5AA01D71E868}"=""
"{C47D1BF5-FF2C-4065-86E1-E00F38A98C94}"=""
"{E40FF90B-E7F9-4866-AE4C-CC1B53BE73E5}"=""
"{00E1518F-6A9B-40A9-BB91-35076FB3A8AC}"=""
"{EF85F397-E6CE-4CCA-A542-0F84CC469B03}"=""
"{E557B26B-B069-4468-A204-72828C02EF48}"=""
"{1ED7BED7-2C6B-4DE3-89DF-2D9F914BF5D1}"=""
"{3C697B04-AC92-418C-ABB4-D43421F9B157}"=""
"{475A16E5-BFCE-4B0C-8C6A-2066AE4FC0BF}"=""
"{7B315508-467F-439F-8EBB-6A4EF211F7E1}"=""
"{D16CA249-C03A-4A32-9D8D-F6A1FC6E283F}"=""
"{908372AA-2CD6-43B7-A94D-C95D6BA24670}"=""
"{1D730565-B68A-4463-8ECC-D54ED4F3A094}"=""
"{CB208D3D-9063-4BC9-8268-F38304D8201B}"=""
"{EF720B15-E492-4C34-AFCE-88F87DDFFA52}"=""
"{D689CB87-00FC-4080-9627-54D759FF486B}"=""
"{402751A8-19F2-425A-B482-730942FBBFE9}"=""
"{53F283D7-3FAC-4A6B-ABBE-AEE12D962B02}"=""
"{C11326C6-76FB-4B99-A32D-131979AC014F}"=""
"{8475AE0F-09A1-40CB-B815-463C550BEF74}"=""
"{A7CF1CDD-545D-4EDA-A2E0-439CFD57DBC8}"=""
"{68C2A563-CDED-44B2-AAB9-D331F4A8D221}"=""
"{03813315-C030-41E4-9A8F-572C11A25532}"=""
"{274CC7D2-D4AA-4AE9-A99A-562D6E619E82}"=""
"{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"=""
"{E9549EE1-582E-4796-A87D-4DA359635D88}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-30  09:14:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-30 07:14
.
Vor Suchlauf: 13 Verzeichnis(se), 128.115.535.872 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 127.810.392.064 Bytes frei
.
- - End Of File - - 5F4BB0498A082C6E7796E3CAD8A504AF

Scheinle · 01.07.2012, 09:29

Inzwischen hat Malwarebytes eine neue Bedrohung gefunden.

Lohnt es sich an dieser Stelle noch weiterzumachen oder muss ich am Ende das BS sowieso neu aufsetzen, sprich C:/ formatieren und neu installieren?

Wären die Bedrohungen danach weg oder würden sie sich trotz Formatierung irgendwo anders "verstecken" und danach wieder auftauchen?

cosinus · 01.07.2012, 16:01

Nein es wäre schön wenn du gleich bei sowas mal das Log posten könntest

Scheinle · 01.07.2012, 16:41

Okey, denn hier das neue Log:
Malwarebytes-Scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

30.06.2012 21:15:50
mbam-log-2012-06-30 (21-15-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423752
Laufzeit: 52 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ist die PUP.Topckit-Bedrohung nach den Scan's / Killern nun eigentlich abgeschlossen?
Die "Symptome" treten nämlich immer noch auf, sprich Windows-Explorer und Akkuladestandsanzeige ....

cosinus · 02.07.2012, 09:35

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

01.07.2012, 16:01	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	? zu PUP.Topckit entfernen Nein es wäre schön wenn du gleich bei sowas mal das Log posten könntest __________________ Logfiles bitte immer in CODE-Tags posten

? zu PUP.Topckit entfernen

Plagegeister aller Art und deren Bekämpfung: ? zu PUP.Topckit entfernen