|
Plagegeister aller Art und deren Bekämpfung: ? zu PUP.Topckit entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.06.2012, 19:05 | #1 |
| ? zu PUP.Topckit entfernen Hola, Malwarebytes hat bei einem Scan heut die oben genannte Bedrohung gefunden und in die Quarantäne verschoben. Was passiert nun damit bzw. wie bekomme ich die Bedrohung endgültig von meinem Sytem? Hier noch der Auszug des Logfiles: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.23.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: NB [Administrator] Schutz: Aktiviert 23.06.2012 12:55:27 mbam-log-2012-06-23 (12-55-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225998 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\Topckit (PUP.Topckit) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
26.06.2012, 15:04 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
28.06.2012, 21:19 | #3 |
| Scan-Log's Hallo Arne,
__________________hier die gewünschten Log's: Der Ordnung halber nochmal das Log des 1. Quickscans mit Malwarebytes als Code: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.23.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: *** [Administrator] Schutz: Aktiviert 23.06.2012 12:55:27 mbam-log-2012-06-23 (12-55-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225998 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\Topckit (PUP.Topckit) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.23.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: *** [Administrator] Schutz: Aktiviert 23.06.2012 13:01:32 mbam-log-2012-06-23 (13-01-32).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 401566 Laufzeit: 51 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 E:\Downloads\Mauszeigersymbole.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und hier noch das ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d3537a134c1ca045baeb87fda918aa6d # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-28 07:22:29 # local_time=2012-06-28 09:22:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3589 16777213 100 71 461803 91567661 0 0 # compatibility_mode=5893 16776574 100 94 460422 92535015 0 0 # compatibility_mode=8192 67108863 100 0 166 166 0 0 # scanned=205616 # found=0 # cleaned=0 # scan_time=6185 Auswirkungen hat die Bedrohung soweit ich bisher feststellen konnte auf den Windows-Explorer (stürzt ziemlich oft ab, vor allem beim Scrollen) und auf das Akkuladezustandssymbol (ist ausgeblendet und lässt sich auch nicht mehr aktivieren). |
29.06.2012, 11:54 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2012, 13:23 | #5 |
| ? zu PUP.Topckit entfernen Hallo Arne, hier das aktuelle OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.06.2012 14:05:19 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: *** | Country: *** | Language: *** | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 69,95% Memory free 15,83 Gb Paging File | 13,55 Gb Available in Paging File | 85,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 117,86 Gb Free Space | 63,26% Space Free | Partition Type: NTFS Drive D: | 254,45 Gb Total Space | 231,21 Gb Free Space | 90,86% Space Free | Partition Type: NTFS Drive E: | 232,87 Gb Total Space | 180,38 Gb Free Space | 77,46% Space Free | Partition Type: NTFS Drive F: | 232,89 Gb Total Space | 231,30 Gb Free Space | 99,32% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 13:32:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe PRC - [2012.06.27 17:00:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe PRC - [2011.02.08 04:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.10.14 15:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe PRC - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.06.27 17:00:32 | 002,000,352 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV - [2012.06.27 17:00:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.19 23:20:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.13 04:33:32 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.08 04:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Disabled | Stopped] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.28 07:58:38 | 000,585,774 | ---- | M] (ZF Electronics GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.22 16:54:51 | 000,090,232 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR162.SYS -- (SMR162) DRV:64bit: - [2012.05.18 18:04:14 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2012.03.29 00:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS) DRV:64bit: - [2012.03.29 00:28:34 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012.03.29 00:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.03.29 00:28:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS) DRV:64bit: - [2012.03.29 00:06:26 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.29 16:44:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 05:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.02.08 04:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 00:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012.06.29 10:39:33 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\ex64.sys -- (NAVEX15) DRV - [2012.06.29 10:39:33 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\eng64.sys -- (NAVENG) DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.06.14 20:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120628.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.06.01 11:14:58 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.05.31 19:32:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{06C659E7-B9F3-4B3A-8BBA-1AF1C0063168}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{40C571BD-AE78-4101-9F37-BB36732A5CAE}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{44A8EAB0-BEA7-465C-8F08-B6B13DCE84BF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{D123367C-4ADE-4047-8D83-43D9C9AC8ACD}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{DEF82946-5D5C-44BC-8B74-CE7749E50B71}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{FDE35139-4A81-4B07-B1E2-F2A2FC2B4A12}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.webradio-bounty.de|chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\***\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012.06.29 09:34:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012.06.23 11:27:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 17:00:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:22:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7alg5la9.default\extensions\firejump@firejump.net [2012.06.23 11:39:14 | 000,000,000 | ---D | M] [2012.06.23 11:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.11.16 21:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.06.23 11:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7alg5la9.default\extensions [2012.06.23 11:39:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7alg5la9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.06.23 11:39:14 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7alg5la9.default\extensions\firejump@firejump.net [2012.06.23 11:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\extensions [2012.06.23 11:39:19 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.06.23 11:39:25 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2012.06.19 21:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\SimpleClocks\extensions [2012.06.19 20:34:11 | 000,002,101 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7alg5la9.default\searchplugins\googlede.xml [2012.06.23 11:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.27 17:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.12.22 12:06:46 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI [2012.06.05 22:39:51 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.01.05 22:38:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.05 11:55:16 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.01.09 23:30:45 | 000,112,216 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ALG5LA9.DEFAULT\EXTENSIONS\SIMPLECLOCKS@GRBRADT.ORG.XPI [2012.06.27 17:00:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.04 19:30:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.23 12:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 12:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 12:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 12:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 12:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 12:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7562EE05-215F-419F-81F5-78D2711515FC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D405AA01-F4B8-4921-9B93-C3D339FCEB7D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (E:\MaxTube_movie_id73937.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.29 13:32:31 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe [2012.06.29 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4568543D-3C33-46F6-B510-96FA439CC1CC} [2012.06.29 10:30:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F01AA3A-0983-43F0-9576-B0A66321A05A} [2012.06.28 19:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.28 19:36:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\ESET-Scanner.exe [2012.06.28 17:37:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88BF343D-F210-4014-A9B4-47061028744A} [2012.06.28 17:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8FD3CBBB-334A-400C-BAD9-0C716AA94895} [2012.06.27 17:00:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C63E8F24-C63C-40C4-A3C3-AF86AAB2798E} [2012.06.27 16:59:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{931428C4-3359-47E9-A168-8A40A6A430B6} [2012.06.26 17:46:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8F0E7BF8-2ABA-46BB-9E09-0E4E5A93BE1F} [2012.06.26 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A131964-28A9-4501-8037-FC5F341A863D} [2012.06.25 17:26:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8C774328-67A9-463B-AB19-481FFC2B755B} [2012.06.25 17:26:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{531CF139-4E79-4F76-9EF3-F48B79DF0E67} [2012.06.24 11:54:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7AF9EFB1-DCB7-48B1-981C-4D661D76E94C} [2012.06.24 11:54:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FF5326C2-5403-4A1E-AE54-49EB87E0A2F0} [2012.06.24 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{34B493B8-32B8-4BA1-B20B-14DA1A12BB9B} [2012.06.24 11:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1835760D-E217-4E58-B9F7-911A250330B3} [2012.06.23 12:54:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.23 12:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.23 12:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.23 12:54:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.23 12:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.23 12:18:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D353D9F7-C306-4D3B-8EC5-34D14BBF7122} [2012.06.23 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C53C772D-255E-4320-B5A0-4D39896C2AA3} [2012.06.23 12:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1E8DC61E-5524-4C87-BD92-31029404346C} [2012.06.23 12:16:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1FE989E8-3C3A-40B9-8705-C57A750DAE41} [2012.06.23 12:11:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Programme [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.06.23 12:04:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.06.23 11:58:32 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q [2012.06.23 11:52:17 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR [2012.06.23 11:16:49 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2012.06.23 11:16:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2012.06.23 11:16:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2012.06.23 11:16:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2012.06.23 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2012.06.23 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2012.06.23 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.23 11:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.06.23 11:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.06.23 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.06.23 11:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus [2012.06.23 11:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.06.23 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.06.23 11:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.06.23 11:13:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.06.22 18:47:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NeoSmart_Technologies [2012.06.22 18:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies [2012.06.22 16:54:51 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2012.06.22 16:54:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE [2012.06.22 15:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager [2012.06.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cherry [2012.06.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry [2012.06.22 12:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2012 [2012.06.22 11:45:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F524530A-16BF-4267-ADD3-4426314F8842} [2012.06.22 11:45:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3D110B97-F03C-4165-A1D4-FE21E97D86CC} [2012.06.22 11:28:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB DVD-Downloadtool für Windows 7 [2012.06.22 11:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46} [2012.06.22 10:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2012.06.22 10:45:24 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.06.22 10:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Winner [2012.06.22 10:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Winner [2012.06.22 10:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{056E3ED5-C1A8-42B8-A39E-8B3F3AEC818B} [2012.06.22 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47B70BAC-CE09-43B7-B525-D7B57BB8041F} [2012.06.21 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{56BF8A8B-D1EF-4971-A6CE-339EC403BFB4} [2012.06.21 18:14:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1B1E365F-31BB-4B3C-915C-81EC7781DFB3} [2012.06.20 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{65F50E31-D317-42BD-B4F7-5A03173444D4} [2012.06.20 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E3A3E2CA-4058-41BA-A49E-B0CDD6934F1B} [2012.06.19 21:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.19 21:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.06.19 17:14:23 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.06.19 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ Search [2012.06.19 17:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2012.06.19 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2012.06.19 17:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2012.06.19 17:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M [2012.06.19 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E4342085-C362-47F6-9CA4-04F2539B1F4C} [2012.06.19 17:02:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DFC454B3-D3FE-4649-9E97-89EDA54F78AA} [2012.06.18 15:50:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6AC9CF9A-97A6-4FF9-90AA-DDEABF4B4DC2} [2012.06.17 11:41:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2C26F816-7D4A-4F09-9061-2006557FBF8B} [2012.06.16 14:14:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.16 14:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.06.16 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{03462022-98B3-49B8-84A6-AEF07AAFDD4E} [2012.06.16 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9095812F-4DA3-4987-9D27-F7FE586DE224} [2012.06.15 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E24F84FE-FFF9-40AF-826B-2577D1340019} [2012.06.15 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BC45474F-D79F-4C51-90E9-0E121D1C7A35} [2012.06.14 18:47:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FB6CD13B-2C70-4880-84E3-33AFD0CDA2AC} [2012.06.14 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3CD8BC67-8898-455A-A407-E7E01BA3F9AD} [2012.06.13 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83EDBB9E-143C-48AF-A884-D96F4FC6149F} [2012.06.13 17:13:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EC8DCC1C-9333-471B-8DE3-35309C02487A} [2012.06.12 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C703C236-314C-40F6-BFB2-E0FE6F45F42C} [2012.06.12 18:50:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D52B3FF6-3E24-4A44-8C93-86E234840788} [2012.06.11 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B977BCFD-EB92-498C-A5BD-406A7752DD1C} [2012.06.11 18:23:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0E0C5CB3-A69C-40B8-A3CB-1599DFC75546} [2012.06.10 11:12:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A9241A72-2DE0-4D0A-9329-8A70536E2930} [2012.06.10 11:12:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FAEC90C4-935E-4FF0-B8DB-C90AD0F78804} [2012.06.10 11:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A7D78C28-FDF7-431B-A318-065A9CC8DCD6} [2012.06.10 11:11:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9774559E-DFF0-42A7-9415-08CE3CE49756} [2012.06.09 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B50C6E8B-9744-45A9-83FF-EAC649650082} [2012.06.09 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A6067E4C-0D94-42ED-B617-1555C23EDAF5} [2012.06.09 11:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8C5C8FBB-404D-4660-B78C-74E28C2DCFFE} [2012.06.09 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C6106E54-436F-4111-BA66-CD02994DB27E} [2012.06.08 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DCCF3FDA-6B56-4CC6-85AE-E50102E9DA91} [2012.06.08 13:46:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9506B5FF-0DF5-439D-A204-DAD12119C21F} [2012.06.07 15:53:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1EDEB1F4-1087-4592-B005-CCDC10987C4B} [2012.06.07 15:53:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1A29FE74-62A8-45CB-9692-0F990DABDEAE} [2012.06.07 15:52:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{04C96783-0176-4E6F-86B3-15818A2EA123} [2012.06.07 15:52:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FB40046A-C0BB-48CC-AECA-D1DEF89332E5} [2012.06.06 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6AC72091-8602-4261-B9E0-8D0C2656704A} [2012.06.06 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1082114B-7E9E-4F27-BF8B-5D1B5C0C7D92} [2012.06.05 17:19:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DA9EE34F-5B1D-4FF4-81FB-27AA645BAB05} [2012.06.05 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E6764D92-7AAF-4953-ADC2-936AF29C3DA1} [2012.06.04 17:57:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8ABA139A-55FD-4739-8871-872D6B6068CE} [2012.06.04 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{40A7B7B2-3324-4C26-AFB3-795BC96E350D} [2012.06.03 21:54:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5107F079-4E78-44BA-AAFF-8C6953175816} [2012.06.03 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{89249301-55B7-4CA0-AF46-82C7B6BF2E31} [2012.06.03 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6BE488B9-BD13-4F10-821C-7BC136030EC8} [2012.06.03 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CAAC5FF6-9A68-4377-9B14-D909AB469CB3} [2012.06.03 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8AAC293C-675E-4EBC-B7AA-698DD1711DCD} [2012.06.03 09:53:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{94230D08-BA74-4C68-849E-82929BC5ABB0} [2012.06.03 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D64F1EB6-6474-4744-94C9-C9CA72349CC2} [2012.06.03 09:52:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D6EE91D5-E7C1-4AFE-BECC-FB5B750B1C50} [2012.06.02 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E6976BFF-79F6-4041-9653-5F5C70AFA5F4} [2012.06.02 21:52:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{96501573-03D8-4AFE-9D31-4BC70D0D0213} [2012.06.02 21:51:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EB454122-0834-41D7-9116-6B7FFBA49DBF} [2012.06.02 21:51:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9EB29EAE-29D6-4001-8EB8-D5587981229F} [2012.06.02 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{810BB60F-3926-41C2-B277-C3DBA55D57F1} [2012.06.02 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{22AF3DEC-336E-487F-BAE9-0CF95FFF5938} [2012.06.01 16:54:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\BackUp [2012.06.01 15:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.06.01 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2012.06.01 15:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012.06.01 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp [2012.06.01 14:58:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32 [2012.06.01 10:56:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6ADECC4D-618E-4FF7-9F5E-B2E778A8D5A2} [2012.06.01 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BC1FBE68-6FE3-4B0C-A312-5A29A8F9913D} [2012.05.31 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{55175381-743B-4519-9861-BC45A6EDB6D2} [2012.05.31 19:10:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4B7885D3-B95D-451B-9532-1621E74C4BB4} [2012.05.30 17:57:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D7AF6F46-0945-4CA7-9D42-1A08286C7F34} [2012.05.30 17:57:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7BF56D7F-5BCB-4610-9701-8DB3F52B3842} ========== Files - Modified Within 30 Days ========== [2012.06.29 14:04:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.29 13:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.29 13:32:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe [2012.06.29 12:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job [2012.06.29 10:33:40 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 10:33:40 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 10:31:53 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.29 10:31:53 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.29 10:31:53 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.29 10:31:53 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.29 10:31:53 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.29 10:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.29 09:32:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.06.29 09:32:45 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.29 09:32:25 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 19:36:15 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\ESET-Scanner.exe [2012.06.26 17:46:57 | 002,043,746 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB [2012.06.25 17:21:21 | 000,369,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.24 23:07:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.24 23:07:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.24 19:37:12 | 000,000,010 | ---- | M] () -- C:\Program Files\Common Files\systemdate.dat [2012.06.23 13:21:07 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.06.23 13:21:07 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.06.23 12:11:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.06.23 11:58:45 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.06.23 11:58:45 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.06.23 11:46:23 | 000,022,960 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat [2012.06.23 11:15:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.06.23 11:15:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.06.22 16:55:47 | 000,000,771 | ---- | M] () -- C:\Users\***\AppData\Roaming\SMRBackup162.dat [2012.06.22 16:54:51 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2012.06.22 11:10:06 | 000,002,317 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.06.01 16:54:11 | 000,011,968 | ---- | M] () -- C:\Users\***\Documents\Kontakte SIII.spb [2012.06.01 15:33:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf ========== Files Created - No Company Name ========== [2012.06.24 23:07:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.24 23:07:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.23 12:06:50 | 000,001,411 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.06.23 12:06:41 | 000,001,445 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.23 11:46:23 | 000,022,960 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat [2012.06.23 11:16:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.06.23 11:16:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.06.23 11:15:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.06.23 11:15:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.06.22 19:31:13 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.06.22 19:31:13 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.06.22 16:55:47 | 000,000,771 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMRBackup162.dat [2012.06.22 10:56:02 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\One-Click Tweak.job [2012.06.19 17:14:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.06.01 16:54:10 | 000,011,968 | ---- | C] () -- C:\Users\***\Documents\Kontakte SIII.spb [2012.06.01 15:33:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.03.30 15:44:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.31 22:06:29 | 000,000,191 | ---- | C] () -- C:\Users\***\.java.policy [2011.11.13 17:44:08 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2011.11.06 10:56:06 | 000,000,063 | ---- | C] () -- C:\Windows\Altair_1.250.INI [2011.11.04 22:38:33 | 000,000,010 | ---- | C] () -- C:\Program Files\Common Files\systemdate.dat [2011.08.23 05:24:52 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.08.23 05:24:49 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2011.08.23 05:24:49 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2011.08.23 05:18:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.05.31 05:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.03.02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012.06.29 12:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job [2009.07.14 07:08:49 | 000,006,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%*. > [2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Antares [2012.06.23 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cherry [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2012.06.27 17:13:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EssentialPIM [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2012.06.23 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon [2012.06.29 13:47:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.06.23 11:38:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Search [2012.06.24 17:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.06.23 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ipswitch [2012.06.23 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth [2012.06.23 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.23 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.23 11:39:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic [2012.06.23 11:46:12 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.06.23 11:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2012.06.23 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS [2012.06.23 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Octoshape [2012.06.23 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.06.23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.06.23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.06.23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.06.23 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.06.23 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2012.06.23 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2012.06.01 16:54:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2012.06.23 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012.06.28 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2012.06.23 11:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp [2012.06.23 11:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.11.06 00:34:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR [2012.06.23 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2012.06.23 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager [2012.06.23 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon < %APPDATA%*.exe /s > [2012.06.19 17:14:18 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2012.06.22 11:28:01 | 000,119,808 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}\icons.exe [2012.06.19 17:14:09 | 000,106,496 | ---- | M] (OCS) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2012.06.19 17:14:09 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011.03.24 17:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Users\***\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2012.05.17 18:46:26 | 000,106,920 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe [2012.05.17 18:46:26 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe [2012.05.17 18:46:26 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe [2012.06.01 14:54:27 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe [2012.04.27 02:13:04 | 000,955,280 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2012.04.27 02:13:08 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2012.04.05 18:41:16 | 000,317,952 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2012.04.27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.10.25 16:01:04 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2012.03.22 23:43:30 | 000,297,984 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2012.04.09 17:16:32 | 000,695,296 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2012.04.27 02:13:12 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2012.05.17 18:46:26 | 000,106,920 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2012.05.17 18:46:26 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2012.04.27 02:13:16 | 000,183,696 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.05.17 18:46:26 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2012.04.27 02:13:22 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2012.03.19 18:53:42 | 024,161,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.04.27 02:13:24 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.05.30 03:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\iaStor.sys [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < CREATESTOREPOINT > < End of report >
__________________ Liebe Grüße Lindsay Charlotta |
29.06.2012, 13:51 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{44A8EAB0-BEA7-465C-8F08-B6B13DCE84BF}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{D123367C-4ADE-4047-8D83-43D9C9AC8ACD}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{DEF82946-5D5C-44BC-8B74-CE7749E50B71}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\SearchScopes\{FDE35139-4A81-4B07-B1E2-F2A2FC2B4A12}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a1c5f50c-f7e4-42f8-9ce5-44649dfaf7fb&pid=murb&mode=bounce&k=0 FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" O3 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-3966522721-1864700456-4269420246-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O20:64bit: - HKLM Winlogon: UserInit - (E:\MaxTube_movie_id73937.exe) - File not found :Files C:\Program Files (x86)\ICQ6Toolbar C:\$WINDOWS.~Q C:\$INPLACE.~TR :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> ? zu PUP.Topckit entfernen |
29.06.2012, 14:42 | #7 |
| Log nach OTL-Fix Hallo Arne, beim 1. Versuch hat sich das OTL "erhängt", aber beim 2. Versuch hat es geklappt. Hier das von Dir gewünschte Log im Anhang. War wohl für den Code einwenig zu lang.
__________________ Liebe Grüße Lindsay Charlotta |
29.06.2012, 14:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2012, 14:59 | #9 |
| TDSS-Killer LogCode:
ATTFilter 15:53:23.0853 2384 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 15:53:24.0321 2384 ============================================================ 15:53:24.0321 2384 Current date / time: 2012/06/29 15:53:24.0321 15:53:24.0321 2384 SystemInfo: 15:53:24.0321 2384 15:53:24.0321 2384 OS Version: 6.1.7601 ServicePack: 1.0 15:53:24.0321 2384 Product type: Workstation 15:53:24.0321 2384 ComputerName: *** 15:53:24.0321 2384 UserName: *** 15:53:24.0321 2384 Windows directory: C:\Windows 15:53:24.0321 2384 System windows directory: C:\Windows 15:53:24.0321 2384 Running under WOW64 15:53:24.0337 2384 Processor architecture: Intel x64 15:53:24.0337 2384 Number of processors: 4 15:53:24.0337 2384 Page size: 0x1000 15:53:24.0337 2384 Boot type: Normal boot 15:53:24.0337 2384 ============================================================ 15:53:24.0851 2384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:53:25.0148 2384 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:53:25.0226 2384 ============================================================ 15:53:25.0226 2384 \Device\Harddisk0\DR0: 15:53:25.0226 2384 MBR partitions: 15:53:25.0226 2384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000 15:53:25.0241 2384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800 15:53:25.0241 2384 \Device\Harddisk1\DR1: 15:53:25.0241 2384 MBR partitions: 15:53:25.0241 2384 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1BE000 15:53:25.0241 2384 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1D1BE800, BlocksNum 0x1D1C7830 15:53:25.0241 2384 ============================================================ 15:53:25.0273 2384 C: <-> \Device\Harddisk0\DR0\Partition0 15:53:25.0304 2384 D: <-> \Device\Harddisk0\DR0\Partition1 15:53:25.0366 2384 E: <-> \Device\Harddisk1\DR1\Partition0 15:53:25.0413 2384 F: <-> \Device\Harddisk1\DR1\Partition1 15:53:25.0413 2384 ============================================================ 15:53:25.0413 2384 Initialize success 15:53:25.0413 2384 ============================================================ 15:55:35.0278 2752 ============================================================ 15:55:35.0278 2752 Scan started 15:55:35.0278 2752 Mode: Manual; SigCheck; TDLFS; 15:55:35.0278 2752 ============================================================ 15:55:36.0089 2752 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 15:55:36.0167 2752 1394ohci - ok 15:55:36.0230 2752 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 15:55:36.0261 2752 ACPI - ok 15:55:36.0292 2752 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 15:55:36.0323 2752 AcpiPmi - ok 15:55:36.0448 2752 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:55:36.0464 2752 AdobeARMservice - ok 15:55:36.0589 2752 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:55:36.0620 2752 AdobeFlashPlayerUpdateSvc - ok 15:55:36.0682 2752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 15:55:36.0713 2752 adp94xx - ok 15:55:36.0791 2752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 15:55:36.0823 2752 adpahci - ok 15:55:36.0838 2752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 15:55:36.0854 2752 adpu320 - ok 15:55:36.0901 2752 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:55:36.0979 2752 AeLookupSvc - ok 15:55:37.0041 2752 AFBAgent (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe 15:55:37.0072 2752 AFBAgent - ok 15:55:37.0119 2752 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 15:55:37.0181 2752 AFD - ok 15:55:37.0244 2752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 15:55:37.0244 2752 agp440 - ok 15:55:37.0275 2752 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:55:37.0322 2752 ALG - ok 15:55:37.0353 2752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 15:55:37.0369 2752 aliide - ok 15:55:37.0384 2752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 15:55:37.0400 2752 amdide - ok 15:55:37.0415 2752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 15:55:37.0478 2752 AmdK8 - ok 15:55:37.0493 2752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 15:55:37.0509 2752 AmdPPM - ok 15:55:37.0571 2752 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 15:55:37.0603 2752 amdsata - ok 15:55:37.0649 2752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 15:55:37.0696 2752 amdsbs - ok 15:55:37.0727 2752 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 15:55:37.0743 2752 amdxata - ok 15:55:37.0774 2752 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 15:55:37.0821 2752 AppID - ok 15:55:37.0852 2752 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:55:37.0915 2752 AppIDSvc - ok 15:55:37.0946 2752 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 15:55:38.0024 2752 Appinfo - ok 15:55:38.0055 2752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 15:55:38.0086 2752 arc - ok 15:55:38.0117 2752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 15:55:38.0117 2752 arcsas - ok 15:55:38.0258 2752 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 15:55:38.0273 2752 ASLDRService - ok 15:55:38.0305 2752 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 15:55:38.0305 2752 ASMMAP64 - ok 15:55:38.0336 2752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:55:38.0383 2752 AsyncMac - ok 15:55:38.0429 2752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 15:55:38.0461 2752 atapi - ok 15:55:38.0663 2752 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 15:55:38.0804 2752 athr - ok 15:55:38.0897 2752 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 15:55:38.0929 2752 ATKGFNEXSrv - ok 15:55:38.0960 2752 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 15:55:38.0975 2752 ATKWMIACPIIO - ok 15:55:39.0131 2752 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:55:39.0272 2752 AudioEndpointBuilder - ok 15:55:39.0272 2752 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:55:39.0303 2752 AudioSrv - ok 15:55:39.0412 2752 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 15:55:39.0475 2752 AxInstSV - ok 15:55:39.0584 2752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 15:55:39.0631 2752 b06bdrv - ok 15:55:39.0662 2752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:55:39.0740 2752 b57nd60a - ok 15:55:39.0802 2752 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:55:39.0865 2752 BDESVC - ok 15:55:39.0911 2752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:55:39.0989 2752 Beep - ok 15:55:40.0083 2752 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 15:55:40.0192 2752 BFE - ok 15:55:40.0364 2752 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys 15:55:40.0411 2752 BHDrvx64 - ok 15:55:40.0535 2752 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 15:55:40.0645 2752 BITS - ok 15:55:40.0691 2752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:55:40.0738 2752 blbdrive - ok 15:55:40.0785 2752 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 15:55:40.0832 2752 bowser - ok 15:55:40.0863 2752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 15:55:40.0910 2752 BrFiltLo - ok 15:55:40.0910 2752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 15:55:40.0925 2752 BrFiltUp - ok 15:55:40.0972 2752 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 15:55:41.0066 2752 Browser - ok 15:55:41.0128 2752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:55:41.0206 2752 Brserid - ok 15:55:41.0206 2752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:55:41.0237 2752 BrSerWdm - ok 15:55:41.0237 2752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:55:41.0253 2752 BrUsbMdm - ok 15:55:41.0269 2752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:55:41.0300 2752 BrUsbSer - ok 15:55:41.0300 2752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 15:55:41.0315 2752 BTHMODEM - ok 15:55:41.0378 2752 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 15:55:41.0440 2752 BthPan - ok 15:55:41.0471 2752 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:55:41.0518 2752 bthserv - ok 15:55:41.0565 2752 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys 15:55:41.0565 2752 ccSet_N360 - ok 15:55:41.0596 2752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:55:41.0659 2752 cdfs - ok 15:55:41.0690 2752 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 15:55:41.0705 2752 cdrom - ok 15:55:41.0768 2752 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:55:41.0846 2752 CertPropSvc - ok 15:55:41.0939 2752 Cherry Device Interface (280969d43fe354f87bed6ee1d5223141) C:\Program Files (x86)\Cherry\CDI\cdi.exe 15:55:42.0002 2752 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning 15:55:42.0002 2752 Cherry Device Interface - detected UnsignedFile.Multi.Generic (1) 15:55:42.0033 2752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 15:55:42.0080 2752 circlass - ok 15:55:42.0158 2752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:55:42.0173 2752 CLFS - ok 15:55:42.0283 2752 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:55:42.0314 2752 clr_optimization_v2.0.50727_32 - ok 15:55:42.0392 2752 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:55:42.0407 2752 clr_optimization_v2.0.50727_64 - ok 15:55:42.0454 2752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:55:42.0485 2752 clr_optimization_v4.0.30319_32 - ok 15:55:42.0517 2752 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:55:42.0517 2752 clr_optimization_v4.0.30319_64 - ok 15:55:42.0548 2752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:55:42.0595 2752 CmBatt - ok 15:55:42.0610 2752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 15:55:42.0626 2752 cmdide - ok 15:55:42.0688 2752 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 15:55:42.0751 2752 CNG - ok 15:55:42.0782 2752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:55:42.0782 2752 Compbatt - ok 15:55:42.0813 2752 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:55:42.0844 2752 CompositeBus - ok 15:55:42.0860 2752 COMSysApp - ok 15:55:42.0985 2752 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe 15:55:43.0000 2752 cphs - ok 15:55:43.0016 2752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 15:55:43.0031 2752 crcdisk - ok 15:55:43.0078 2752 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 15:55:43.0125 2752 CryptSvc - ok 15:55:43.0219 2752 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:55:43.0343 2752 DcomLaunch - ok 15:55:43.0375 2752 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:55:43.0468 2752 defragsvc - ok 15:55:43.0499 2752 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 15:55:43.0546 2752 DfsC - ok 15:55:43.0593 2752 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 15:55:43.0687 2752 Dhcp - ok 15:55:43.0718 2752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:55:43.0780 2752 discache - ok 15:55:43.0811 2752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 15:55:43.0843 2752 Disk - ok 15:55:43.0874 2752 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 15:55:43.0921 2752 Dnscache - ok 15:55:43.0952 2752 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 15:55:44.0014 2752 dot3svc - ok 15:55:44.0077 2752 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 15:55:44.0155 2752 DPS - ok 15:55:44.0201 2752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:55:44.0248 2752 drmkaud - ok 15:55:44.0326 2752 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 15:55:44.0357 2752 DXGKrnl - ok 15:55:44.0389 2752 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:55:44.0420 2752 EapHost - ok 15:55:44.0638 2752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 15:55:44.0794 2752 ebdrv - ok 15:55:44.0935 2752 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 15:55:44.0950 2752 eeCtrl - ok 15:55:45.0091 2752 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 15:55:45.0153 2752 EFS - ok 15:55:45.0247 2752 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 15:55:45.0309 2752 ehRecvr - ok 15:55:45.0325 2752 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:55:45.0371 2752 ehSched - ok 15:55:45.0481 2752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 15:55:45.0559 2752 elxstor - ok 15:55:45.0637 2752 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:55:45.0668 2752 EraserUtilRebootDrv - ok 15:55:45.0668 2752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 15:55:45.0699 2752 ErrDev - ok 15:55:45.0761 2752 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:55:45.0839 2752 EventSystem - ok 15:55:45.0886 2752 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys 15:55:45.0933 2752 ewusbnet - ok 15:55:45.0980 2752 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 15:55:46.0027 2752 ew_hwusbdev - ok 15:55:46.0089 2752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:55:46.0183 2752 exfat - ok 15:55:46.0198 2752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:55:46.0261 2752 fastfat - ok 15:55:46.0370 2752 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 15:55:46.0432 2752 Fax - ok 15:55:46.0479 2752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 15:55:46.0510 2752 fdc - ok 15:55:46.0557 2752 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:55:46.0619 2752 fdPHost - ok 15:55:46.0651 2752 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:55:46.0713 2752 FDResPub - ok 15:55:46.0744 2752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:55:46.0760 2752 FileInfo - ok 15:55:46.0775 2752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:55:46.0838 2752 Filetrace - ok 15:55:46.0869 2752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 15:55:46.0885 2752 flpydisk - ok 15:55:46.0916 2752 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 15:55:46.0931 2752 FltMgr - ok 15:55:47.0025 2752 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 15:55:47.0119 2752 FontCache - ok 15:55:47.0212 2752 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:55:47.0228 2752 FontCache3.0.0.0 - ok 15:55:47.0290 2752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:55:47.0306 2752 FsDepends - ok 15:55:47.0337 2752 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys 15:55:47.0337 2752 fssfltr - ok 15:55:47.0477 2752 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 15:55:47.0540 2752 fsssvc - ok 15:55:47.0649 2752 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 15:55:47.0680 2752 Fs_Rec - ok 15:55:47.0727 2752 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:55:47.0774 2752 fvevol - ok 15:55:47.0805 2752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 15:55:47.0821 2752 gagp30kx - ok 15:55:47.0899 2752 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 15:55:47.0977 2752 gpsvc - ok 15:55:48.0055 2752 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:55:48.0070 2752 gupdate - ok 15:55:48.0086 2752 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:55:48.0086 2752 gupdatem - ok 15:55:48.0117 2752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:55:48.0133 2752 hcw85cir - ok 15:55:48.0179 2752 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:55:48.0226 2752 HDAudBus - ok 15:55:48.0242 2752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 15:55:48.0273 2752 HidBatt - ok 15:55:48.0273 2752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 15:55:48.0304 2752 HidBth - ok 15:55:48.0351 2752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 15:55:48.0382 2752 HidIr - ok 15:55:48.0413 2752 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 15:55:48.0476 2752 hidserv - ok 15:55:48.0491 2752 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 15:55:48.0507 2752 HidUsb - ok 15:55:48.0538 2752 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 15:55:48.0569 2752 hkmsvc - ok 15:55:48.0616 2752 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 15:55:48.0679 2752 HomeGroupListener - ok 15:55:48.0725 2752 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 15:55:48.0757 2752 HomeGroupProvider - ok 15:55:48.0803 2752 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 15:55:48.0835 2752 HpSAMD - ok 15:55:48.0897 2752 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 15:55:48.0991 2752 HTTP - ok 15:55:49.0037 2752 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys 15:55:49.0084 2752 hwdatacard - ok 15:55:49.0131 2752 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 15:55:49.0162 2752 hwpolicy - ok 15:55:49.0178 2752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 15:55:49.0193 2752 i8042prt - ok 15:55:49.0256 2752 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 15:55:49.0287 2752 iaStor - ok 15:55:49.0365 2752 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 15:55:49.0396 2752 iaStorV - ok 15:55:49.0537 2752 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:55:49.0599 2752 idsvc - ok 15:55:49.0786 2752 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120628.001\IDSvia64.sys 15:55:49.0817 2752 IDSVia64 - ok 15:55:50.0738 2752 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys 15:55:51.0206 2752 igfx - ok 15:55:51.0409 2752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 15:55:51.0440 2752 iirsp - ok 15:55:51.0502 2752 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 15:55:51.0596 2752 IKEEXT - ok 15:55:51.0767 2752 IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys 15:55:51.0799 2752 IntcAzAudAddService - ok 15:55:51.0939 2752 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 15:55:51.0986 2752 IntcDAud - ok 15:55:52.0033 2752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 15:55:52.0048 2752 intelide - ok 15:55:52.0079 2752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:55:52.0111 2752 intelppm - ok 15:55:52.0157 2752 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:55:52.0220 2752 IPBusEnum - ok 15:55:52.0267 2752 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:55:52.0298 2752 IpFilterDriver - ok 15:55:52.0345 2752 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 15:55:52.0469 2752 iphlpsvc - ok 15:55:52.0485 2752 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 15:55:52.0485 2752 IPMIDRV - ok 15:55:52.0501 2752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:55:52.0547 2752 IPNAT - ok 15:55:52.0579 2752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:55:52.0610 2752 IRENUM - ok 15:55:52.0625 2752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 15:55:52.0625 2752 isapnp - ok 15:55:52.0657 2752 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 15:55:52.0703 2752 iScsiPrt - ok 15:55:52.0735 2752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 15:55:52.0750 2752 kbdclass - ok 15:55:52.0781 2752 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 15:55:52.0813 2752 kbdhid - ok 15:55:52.0844 2752 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 15:55:52.0875 2752 kbfiltr - ok 15:55:52.0906 2752 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:55:52.0937 2752 KeyIso - ok 15:55:53.0000 2752 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 15:55:53.0031 2752 KSecDD - ok 15:55:53.0047 2752 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 15:55:53.0062 2752 KSecPkg - ok 15:55:53.0109 2752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:55:53.0187 2752 ksthunk - ok 15:55:53.0265 2752 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:55:53.0327 2752 KtmRm - ok 15:55:53.0374 2752 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys 15:55:53.0390 2752 L1C - ok 15:55:53.0452 2752 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 15:55:53.0546 2752 LanmanServer - ok 15:55:53.0593 2752 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 15:55:53.0639 2752 LanmanWorkstation - ok 15:55:53.0686 2752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:55:53.0764 2752 lltdio - ok 15:55:53.0827 2752 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:55:53.0905 2752 lltdsvc - ok 15:55:53.0936 2752 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:55:53.0983 2752 lmhosts - ok 15:55:54.0076 2752 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:55:54.0107 2752 LMS - ok 15:55:54.0139 2752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 15:55:54.0154 2752 LSI_FC - ok 15:55:54.0185 2752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 15:55:54.0185 2752 LSI_SAS - ok 15:55:54.0201 2752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 15:55:54.0217 2752 LSI_SAS2 - ok 15:55:54.0232 2752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 15:55:54.0248 2752 LSI_SCSI - ok 15:55:54.0279 2752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:55:54.0341 2752 luafv - ok 15:55:54.0404 2752 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 15:55:54.0419 2752 MBAMProtector - ok 15:55:54.0482 2752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:55:54.0560 2752 MBAMService - ok 15:55:54.0607 2752 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 15:55:54.0653 2752 Mcx2Svc - ok 15:55:54.0700 2752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 15:55:54.0731 2752 megasas - ok 15:55:54.0794 2752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 15:55:54.0841 2752 MegaSR - ok 15:55:54.0872 2752 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 15:55:54.0887 2752 MEIx64 - ok 15:55:54.0934 2752 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:55:54.0997 2752 MMCSS - ok 15:55:55.0028 2752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:55:55.0106 2752 Modem - ok 15:55:55.0121 2752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:55:55.0153 2752 monitor - ok 15:55:55.0184 2752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 15:55:55.0184 2752 mouclass - ok 15:55:55.0231 2752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:55:55.0277 2752 mouhid - ok 15:55:55.0309 2752 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 15:55:55.0340 2752 mountmgr - ok 15:55:55.0402 2752 MozillaMaintenance (03de7c5fc16862b325b0e22e3c0bb63a) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:55:55.0465 2752 MozillaMaintenance - ok 15:55:55.0496 2752 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 15:55:55.0511 2752 mpio - ok 15:55:55.0527 2752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:55:55.0558 2752 mpsdrv - ok 15:55:55.0621 2752 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 15:55:55.0667 2752 MpsSvc - ok 15:55:55.0683 2752 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 15:55:55.0714 2752 MRxDAV - ok 15:55:55.0761 2752 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:55:55.0792 2752 mrxsmb - ok 15:55:55.0839 2752 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:55:55.0886 2752 mrxsmb10 - ok 15:55:55.0917 2752 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:55:55.0933 2752 mrxsmb20 - ok 15:55:55.0964 2752 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 15:55:55.0979 2752 msahci - ok 15:55:56.0011 2752 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 15:55:56.0026 2752 msdsm - ok 15:55:56.0057 2752 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:55:56.0104 2752 MSDTC - ok 15:55:56.0135 2752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:55:56.0198 2752 Msfs - ok 15:55:56.0229 2752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:55:56.0276 2752 mshidkmdf - ok 15:55:56.0307 2752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 15:55:56.0307 2752 msisadrv - ok 15:55:56.0354 2752 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:55:56.0385 2752 MSiSCSI - ok 15:55:56.0385 2752 msiserver - ok 15:55:56.0416 2752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:55:56.0494 2752 MSKSSRV - ok 15:55:56.0541 2752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:55:56.0603 2752 MSPCLOCK - ok 15:55:56.0635 2752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:55:56.0681 2752 MSPQM - ok 15:55:56.0713 2752 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 15:55:56.0759 2752 MsRPC - ok 15:55:56.0775 2752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 15:55:56.0791 2752 mssmbios - ok 15:55:56.0822 2752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:55:56.0853 2752 MSTEE - ok 15:55:56.0853 2752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 15:55:56.0853 2752 MTConfig - ok 15:55:56.0884 2752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:55:56.0884 2752 Mup - ok 15:55:57.0009 2752 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe 15:55:57.0009 2752 N360 - ok 15:55:57.0056 2752 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 15:55:57.0134 2752 napagent - ok 15:55:57.0212 2752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:55:57.0290 2752 NativeWifiP - ok 15:55:57.0399 2752 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\ENG64.SYS 15:55:57.0415 2752 NAVENG - ok 15:55:57.0555 2752 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120628.024\EX64.SYS 15:55:57.0602 2752 NAVEX15 - ok 15:55:57.0805 2752 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 15:55:57.0836 2752 NDIS - ok 15:55:57.0867 2752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:55:57.0914 2752 NdisCap - ok 15:55:57.0945 2752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:55:57.0976 2752 NdisTapi - ok 15:55:58.0007 2752 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 15:55:58.0054 2752 Ndisuio - ok 15:55:58.0085 2752 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 15:55:58.0163 2752 NdisWan - ok 15:55:58.0210 2752 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 15:55:58.0241 2752 NDProxy - ok 15:55:58.0273 2752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:55:58.0366 2752 NetBIOS - ok 15:55:58.0397 2752 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 15:55:58.0460 2752 NetBT - ok 15:55:58.0507 2752 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:55:58.0507 2752 Netlogon - ok 15:55:58.0585 2752 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:55:58.0647 2752 Netman - ok 15:55:58.0694 2752 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:55:58.0741 2752 netprofm - ok 15:55:58.0850 2752 netr28x (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys 15:55:58.0881 2752 netr28x - ok 15:55:58.0959 2752 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:55:58.0975 2752 NetTcpPortSharing - ok 15:55:59.0021 2752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 15:55:59.0037 2752 nfrd960 - ok 15:55:59.0084 2752 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 15:55:59.0146 2752 NlaSvc - ok 15:55:59.0177 2752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:55:59.0209 2752 Npfs - ok 15:55:59.0209 2752 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:55:59.0255 2752 nsi - ok 15:55:59.0287 2752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:55:59.0349 2752 nsiproxy - ok 15:55:59.0521 2752 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 15:55:59.0614 2752 Ntfs - ok 15:55:59.0739 2752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:55:59.0817 2752 Null - ok 15:56:00.0503 2752 nvlddmkm (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:56:00.0893 2752 nvlddmkm - ok 15:56:01.0003 2752 nvpciflt (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys 15:56:01.0034 2752 nvpciflt - ok 15:56:01.0065 2752 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 15:56:01.0081 2752 nvraid - ok 15:56:01.0112 2752 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 15:56:01.0127 2752 nvstor - ok 15:56:01.0221 2752 NVSvc (558490b65557a15193e56c44dcf67b64) C:\Windows\system32\nvvsvc.exe 15:56:01.0283 2752 NVSvc - ok 15:56:01.0471 2752 nvUpdatusService (fc968ef459601bb3d18a40bb85ec5193) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 15:56:01.0595 2752 nvUpdatusService - ok 15:56:01.0736 2752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 15:56:01.0767 2752 nv_agp - ok 15:56:01.0876 2752 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:56:01.0907 2752 odserv - ok 15:56:01.0954 2752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 15:56:01.0954 2752 ohci1394 - ok 15:56:02.0017 2752 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:56:02.0017 2752 ose - ok 15:56:02.0360 2752 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:56:02.0438 2752 osppsvc - ok 15:56:02.0547 2752 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:56:02.0609 2752 p2pimsvc - ok 15:56:02.0672 2752 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:56:02.0734 2752 p2psvc - ok 15:56:02.0797 2752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 15:56:02.0843 2752 Parport - ok 15:56:02.0875 2752 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 15:56:02.0906 2752 partmgr - ok 15:56:02.0984 2752 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe 15:56:02.0999 2752 Partner Service - ok 15:56:03.0046 2752 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:56:03.0093 2752 PcaSvc - ok 15:56:03.0124 2752 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 15:56:03.0155 2752 pccsmcfd - ok 15:56:03.0280 2752 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 15:56:03.0311 2752 pci - ok 15:56:03.0327 2752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 15:56:03.0327 2752 pciide - ok 15:56:03.0374 2752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 15:56:03.0389 2752 pcmcia - ok 15:56:03.0421 2752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:56:03.0421 2752 pcw - ok 15:56:03.0530 2752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:56:03.0592 2752 PEAUTH - ok 15:56:03.0686 2752 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:56:03.0717 2752 PerfHost - ok 15:56:03.0826 2752 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 15:56:03.0982 2752 pla - ok 15:56:04.0060 2752 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 15:56:04.0091 2752 PlugPlay - ok 15:56:04.0107 2752 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:56:04.0154 2752 PNRPAutoReg - ok 15:56:04.0201 2752 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:56:04.0216 2752 PNRPsvc - ok 15:56:04.0263 2752 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 15:56:04.0310 2752 PolicyAgent - ok 15:56:04.0357 2752 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:56:04.0403 2752 Power - ok 15:56:04.0466 2752 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 15:56:04.0544 2752 PptpMiniport - ok 15:56:04.0591 2752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 15:56:04.0622 2752 Processor - ok 15:56:04.0684 2752 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 15:56:04.0731 2752 ProfSvc - ok 15:56:04.0762 2752 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:56:04.0778 2752 ProtectedStorage - ok 15:56:04.0840 2752 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 15:56:04.0903 2752 Psched - ok 15:56:05.0012 2752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 15:56:05.0090 2752 ql2300 - ok 15:56:05.0199 2752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 15:56:05.0230 2752 ql40xx - ok 15:56:05.0277 2752 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:56:05.0324 2752 QWAVE - ok 15:56:05.0355 2752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:56:05.0371 2752 QWAVEdrv - ok 15:56:05.0371 2752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:56:05.0402 2752 RasAcd - ok 15:56:05.0433 2752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:56:05.0464 2752 RasAgileVpn - ok 15:56:05.0480 2752 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:56:05.0542 2752 RasAuto - ok 15:56:05.0573 2752 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:56:05.0620 2752 Rasl2tp - ok 15:56:05.0683 2752 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 15:56:05.0761 2752 RasMan - ok 15:56:05.0792 2752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:56:05.0823 2752 RasPppoe - ok 15:56:05.0870 2752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:56:05.0948 2752 RasSstp - ok 15:56:05.0979 2752 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 15:56:06.0073 2752 rdbss - ok 15:56:06.0088 2752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 15:56:06.0119 2752 rdpbus - ok 15:56:06.0135 2752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:56:06.0166 2752 RDPCDD - ok 15:56:06.0182 2752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:56:06.0213 2752 RDPENCDD - ok 15:56:06.0244 2752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:56:06.0260 2752 RDPREFMP - ok 15:56:06.0307 2752 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 15:56:06.0322 2752 RDPWD - ok 15:56:06.0447 2752 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 15:56:06.0494 2752 rdyboost - ok 15:56:06.0525 2752 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:56:06.0572 2752 RemoteAccess - ok 15:56:06.0634 2752 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:56:06.0712 2752 RemoteRegistry - ok 15:56:06.0759 2752 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 15:56:06.0775 2752 RFCOMM - ok 15:56:06.0806 2752 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:56:06.0853 2752 RpcEptMapper - ok 15:56:06.0884 2752 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:56:06.0931 2752 RpcLocator - ok 15:56:06.0977 2752 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:56:07.0024 2752 RpcSs - ok 15:56:07.0087 2752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:56:07.0102 2752 rspndr - ok 15:56:07.0133 2752 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:56:07.0149 2752 SamSs - ok 15:56:07.0165 2752 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 15:56:07.0165 2752 sbp2port - ok 15:56:07.0243 2752 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:56:07.0289 2752 SCardSvr - ok 15:56:07.0305 2752 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 15:56:07.0383 2752 scfilter - ok 15:56:07.0477 2752 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 15:56:07.0617 2752 Schedule - ok 15:56:07.0648 2752 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:56:07.0679 2752 SCPolicySvc - ok 15:56:07.0695 2752 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 15:56:07.0711 2752 SDRSVC - ok 15:56:07.0789 2752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:56:07.0851 2752 secdrv - ok 15:56:07.0882 2752 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 15:56:07.0913 2752 seclogon - ok 15:56:07.0945 2752 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:56:07.0991 2752 SENS - ok 15:56:08.0007 2752 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:56:08.0038 2752 SensrSvc - ok 15:56:08.0069 2752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 15:56:08.0085 2752 Serenum - ok 15:56:08.0132 2752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 15:56:08.0163 2752 Serial - ok 15:56:08.0210 2752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 15:56:08.0241 2752 sermouse - ok 15:56:08.0366 2752 ServiceLayer (c15b813f2fdb44f87f23312472c6e790) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 15:56:08.0444 2752 ServiceLayer - ok 15:56:08.0491 2752 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 15:56:08.0569 2752 SessionEnv - ok 15:56:08.0600 2752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 15:56:08.0631 2752 sffdisk - ok 15:56:08.0631 2752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 15:56:08.0647 2752 sffp_mmc - ok 15:56:08.0662 2752 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 15:56:08.0678 2752 sffp_sd - ok 15:56:08.0693 2752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 15:56:08.0725 2752 sfloppy - ok 15:56:08.0771 2752 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 15:56:08.0881 2752 SharedAccess - ok 15:56:08.0943 2752 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 15:56:09.0021 2752 ShellHWDetection - ok 15:56:09.0068 2752 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 15:56:09.0099 2752 SiSGbeLH - ok 15:56:09.0146 2752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 15:56:09.0177 2752 SiSRaid2 - ok 15:56:09.0177 2752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 15:56:09.0193 2752 SiSRaid4 - ok 15:56:09.0271 2752 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe 15:56:09.0302 2752 SkypeUpdate - ok 15:56:09.0333 2752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:56:09.0395 2752 Smb - ok 15:56:09.0427 2752 SMR162 (367bc6cd6c781b56fcf6218cd5999dc3) C:\Windows\system32\drivers\SMR162.SYS 15:56:09.0442 2752 SMR162 - ok 15:56:09.0473 2752 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:56:09.0505 2752 SNMPTRAP - ok 15:56:09.0583 2752 speedfan (7455ed832a33fef453407f5411c3342d) C:\Windows\syswow64\speedfan.sys 15:56:09.0614 2752 speedfan - ok 15:56:09.0629 2752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:56:09.0645 2752 spldr - ok 15:56:09.0692 2752 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 15:56:09.0754 2752 Spooler - ok 15:56:09.0926 2752 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 15:56:10.0051 2752 sppsvc - ok 15:56:10.0175 2752 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:56:10.0269 2752 sppuinotify - ok 15:56:10.0363 2752 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS 15:56:10.0409 2752 SRTSP - ok 15:56:10.0425 2752 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS 15:56:10.0425 2752 SRTSPX - ok 15:56:10.0472 2752 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 15:56:10.0534 2752 srv - ok 15:56:10.0581 2752 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 15:56:10.0643 2752 srv2 - ok 15:56:10.0690 2752 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 15:56:10.0706 2752 srvnet - ok 15:56:10.0737 2752 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:56:10.0768 2752 SSDPSRV - ok 15:56:10.0784 2752 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:56:10.0815 2752 SstpSvc - ok 15:56:10.0831 2752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 15:56:10.0846 2752 stexstor - ok 15:56:10.0924 2752 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 15:56:11.0018 2752 stisvc - ok 15:56:11.0033 2752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 15:56:11.0049 2752 swenum - ok 15:56:11.0096 2752 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:56:11.0189 2752 swprv - ok 15:56:11.0267 2752 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS 15:56:11.0299 2752 SymDS - ok 15:56:11.0361 2752 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS 15:56:11.0423 2752 SymEFA - ok 15:56:11.0470 2752 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 15:56:11.0470 2752 SymEvent - ok 15:56:11.0517 2752 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys 15:56:11.0548 2752 SymIM - ok 15:56:11.0611 2752 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS 15:56:11.0626 2752 SymIRON - ok 15:56:11.0657 2752 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS 15:56:11.0673 2752 SymNetS - ok 15:56:11.0782 2752 SynTP (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys 15:56:11.0829 2752 SynTP - ok 15:56:12.0032 2752 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 15:56:12.0110 2752 SysMain - ok 15:56:12.0172 2752 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 15:56:12.0203 2752 TabletInputService - ok 15:56:12.0266 2752 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 15:56:12.0328 2752 TapiSrv - ok 15:56:12.0359 2752 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:56:12.0391 2752 TBS - ok 15:56:12.0640 2752 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 15:56:12.0718 2752 Tcpip - ok 15:56:12.0968 2752 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 15:56:13.0015 2752 TCPIP6 - ok 15:56:13.0139 2752 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 15:56:13.0202 2752 tcpipreg - ok 15:56:13.0202 2752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:56:13.0217 2752 TDPIPE - ok 15:56:13.0249 2752 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 15:56:13.0295 2752 TDTCP - ok 15:56:13.0327 2752 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 15:56:13.0373 2752 tdx - ok 15:56:13.0389 2752 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 15:56:13.0389 2752 TermDD - ok 15:56:13.0451 2752 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 15:56:13.0529 2752 TermService - ok 15:56:13.0607 2752 TGCM_ImportWiFiSvc (46b389e1a1c8e66d877402fc0821a371) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe 15:56:13.0654 2752 TGCM_ImportWiFiSvc - ok 15:56:13.0685 2752 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:56:13.0717 2752 Themes - ok 15:56:13.0763 2752 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:56:13.0779 2752 THREADORDER - ok 15:56:13.0841 2752 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 15:56:13.0873 2752 TomTomHOMEService - ok 15:56:13.0904 2752 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:56:13.0966 2752 TrkWks - ok 15:56:14.0029 2752 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 15:56:14.0122 2752 TrustedInstaller - ok 15:56:14.0185 2752 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:56:14.0247 2752 tssecsrv - ok 15:56:14.0278 2752 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 15:56:14.0294 2752 TsUsbFlt - ok 15:56:14.0309 2752 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 15:56:14.0309 2752 TsUsbGD - ok 15:56:14.0341 2752 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 15:56:14.0387 2752 tunnel - ok 15:56:14.0419 2752 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys 15:56:14.0434 2752 TurboB - ok 15:56:14.0543 2752 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 15:56:14.0590 2752 TurboBoost - ok 15:56:14.0621 2752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 15:56:14.0637 2752 uagp35 - ok 15:56:14.0668 2752 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 15:56:14.0746 2752 udfs - ok 15:56:14.0793 2752 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:56:14.0824 2752 UI0Detect - ok 15:56:14.0887 2752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 15:56:14.0933 2752 uliagpkx - ok 15:56:14.0980 2752 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 15:56:15.0027 2752 umbus - ok 15:56:15.0058 2752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 15:56:15.0105 2752 UmPass - ok 15:56:15.0355 2752 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:56:15.0417 2752 UNS - ok 15:56:15.0511 2752 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:56:15.0620 2752 upnphost - ok 15:56:15.0667 2752 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 15:56:15.0698 2752 usbccgp - ok 15:56:15.0776 2752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 15:56:15.0807 2752 usbcir - ok 15:56:15.0838 2752 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 15:56:15.0869 2752 usbehci - ok 15:56:15.0916 2752 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 15:56:15.0979 2752 usbhub - ok 15:56:16.0041 2752 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 15:56:16.0072 2752 usbohci - ok 15:56:16.0150 2752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 15:56:16.0166 2752 usbprint - ok 15:56:16.0228 2752 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 15:56:16.0259 2752 USBSTOR - ok 15:56:16.0291 2752 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 15:56:16.0337 2752 usbuhci - ok 15:56:16.0384 2752 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 15:56:16.0447 2752 usbvideo - ok 15:56:16.0493 2752 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:56:16.0571 2752 UxSms - ok 15:56:16.0603 2752 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:56:16.0618 2752 VaultSvc - ok 15:56:16.0665 2752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 15:56:16.0681 2752 vdrvroot - ok 15:56:16.0712 2752 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 15:56:16.0821 2752 vds - ok 15:56:16.0837 2752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:56:16.0852 2752 vga - ok 15:56:16.0868 2752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:56:16.0915 2752 VgaSave - ok 15:56:16.0930 2752 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 15:56:16.0961 2752 vhdmp - ok 15:56:16.0977 2752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 15:56:16.0977 2752 viaide - ok 15:56:17.0008 2752 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 15:56:17.0024 2752 volmgr - ok 15:56:17.0071 2752 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 15:56:17.0086 2752 volmgrx - ok 15:56:17.0133 2752 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 15:56:17.0180 2752 volsnap - ok 15:56:17.0242 2752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 15:56:17.0273 2752 vsmraid - ok 15:56:17.0367 2752 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 15:56:17.0461 2752 VSS - ok 15:56:17.0585 2752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 15:56:17.0632 2752 vwifibus - ok 15:56:17.0648 2752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 15:56:17.0679 2752 vwififlt - ok 15:56:17.0741 2752 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 15:56:17.0757 2752 vwifimp - ok 15:56:17.0804 2752 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:56:17.0866 2752 W32Time - ok 15:56:17.0882 2752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 15:56:17.0897 2752 WacomPen - ok 15:56:17.0944 2752 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:56:18.0007 2752 WANARP - ok 15:56:18.0007 2752 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:56:18.0038 2752 Wanarpv6 - ok 15:56:18.0147 2752 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 15:56:18.0241 2752 WatAdminSvc - ok 15:56:18.0412 2752 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 15:56:18.0521 2752 wbengine - ok 15:56:18.0646 2752 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:56:18.0677 2752 WbioSrvc - ok 15:56:18.0724 2752 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 15:56:18.0755 2752 wcncsvc - ok 15:56:18.0787 2752 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:56:18.0833 2752 WcsPlugInService - ok 15:56:18.0911 2752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 15:56:18.0943 2752 Wd - ok 15:56:19.0005 2752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:56:19.0036 2752 Wdf01000 - ok 15:56:19.0052 2752 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:56:19.0083 2752 WdiServiceHost - ok 15:56:19.0083 2752 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:56:19.0099 2752 WdiSystemHost - ok 15:56:19.0161 2752 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 15:56:19.0192 2752 WebClient - ok 15:56:19.0208 2752 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:56:19.0270 2752 Wecsvc - ok 15:56:19.0286 2752 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:56:19.0317 2752 wercplsupport - ok 15:56:19.0348 2752 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:56:19.0364 2752 WerSvc - ok 15:56:19.0426 2752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:56:19.0489 2752 WfpLwf - ok 15:56:19.0535 2752 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 15:56:19.0567 2752 WimFltr - ok 15:56:19.0629 2752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:56:19.0645 2752 WIMMount - ok 15:56:19.0676 2752 WinDefend - ok 15:56:19.0691 2752 WinHttpAutoProxySvc - ok 15:56:19.0754 2752 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:56:19.0816 2752 Winmgmt - ok 15:56:19.0972 2752 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 15:56:20.0081 2752 WinRM - ok 15:56:20.0237 2752 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 15:56:20.0269 2752 WinUSB - ok 15:56:20.0409 2752 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:56:20.0503 2752 Wlansvc - ok 15:56:20.0596 2752 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 15:56:20.0627 2752 wlcrasvc - ok 15:56:20.0815 2752 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:56:20.0861 2752 wlidsvc - ok 15:56:20.0986 2752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:56:21.0049 2752 WmiAcpi - ok 15:56:21.0111 2752 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:56:21.0158 2752 wmiApSrv - ok 15:56:21.0189 2752 WMPNetworkSvc - ok 15:56:21.0220 2752 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:56:21.0251 2752 WPCSvc - ok 15:56:21.0283 2752 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 15:56:21.0298 2752 WPDBusEnum - ok 15:56:21.0314 2752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:56:21.0361 2752 ws2ifsl - ok 15:56:21.0376 2752 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 15:56:21.0407 2752 wscsvc - ok 15:56:21.0407 2752 WSearch - ok 15:56:21.0485 2752 WTGService (624809fe31f0ebba33fd4c98e016dd83) C:\Program Files (x86)\XSManager\WTGService.exe 15:56:21.0532 2752 WTGService - ok 15:56:21.0719 2752 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 15:56:21.0797 2752 wuauserv - ok 15:56:21.0922 2752 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 15:56:22.0000 2752 WudfPf - ok 15:56:22.0031 2752 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:56:22.0063 2752 WUDFRd - ok 15:56:22.0094 2752 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 15:56:22.0125 2752 wudfsvc - ok 15:56:22.0156 2752 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:56:22.0219 2752 WwanSvc - ok 15:56:22.0250 2752 XS Stick Service (c2f3d4b5ba078eb6cb08300990304f39) C:\Windows\service4g.exe 15:56:22.0281 2752 XS Stick Service - ok 15:56:22.0297 2752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:56:22.0999 2752 \Device\Harddisk0\DR0 - ok 15:56:23.0295 2752 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk1\DR1 15:56:23.0467 2752 \Device\Harddisk1\DR1 - ok 15:56:23.0529 2752 Boot (0x1200) (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0 15:56:23.0545 2752 \Device\Harddisk0\DR0\Partition0 - ok 15:56:23.0560 2752 Boot (0x1200) (3c676b34236236eab891b5c815f1ad42) \Device\Harddisk0\DR0\Partition1 15:56:23.0576 2752 \Device\Harddisk0\DR0\Partition1 - ok 15:56:23.0576 2752 Boot (0x1200) (b1f4d14cbcb1a9517810f24ef71b5002) \Device\Harddisk1\DR1\Partition0 15:56:23.0576 2752 \Device\Harddisk1\DR1\Partition0 - ok 15:56:23.0576 2752 Boot (0x1200) (2555bea6f5052abb2abaa738131b25b6) \Device\Harddisk1\DR1\Partition1 15:56:23.0591 2752 \Device\Harddisk1\DR1\Partition1 - ok 15:56:23.0591 2752 ============================================================ 15:56:23.0591 2752 Scan finished 15:56:23.0591 2752 ============================================================ 15:56:23.0607 4972 Detected object count: 1 15:56:23.0607 4972 Actual detected object count: 1 15:56:39.0956 4972 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user 15:56:39.0956 4972 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________ Liebe Grüße Lindsay Charlotta |
29.06.2012, 22:24 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
30.06.2012, 08:24 | #11 |
| ComboFix-LogCode:
ATTFilter ComboFix 12-06-28.03 - *** 30.06.2012 9:03.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8104.6376 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0407.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-30 )))))))))))))))))))))))))))))) . . 2012-06-30 07:08 . 2012-06-30 07:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-29 13:36 . 2012-06-29 13:36 -------- d-----w- c:\program files (x86)\7-Zip 2012-06-29 13:16 . 2012-06-29 13:16 -------- d-----w- C:\_OTL 2012-06-28 17:36 . 2012-06-28 17:36 -------- d-----w- c:\program files (x86)\ESET 2012-06-25 18:45 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-06-25 18:45 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-06-25 18:45 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-06-25 18:45 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-06-25 18:45 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-06-25 18:45 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-06-25 18:45 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-06-25 15:18 . 2012-06-25 15:18 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-06-25 15:18 . 2012-06-25 15:18 -------- d-----w- c:\windows\system32\wbem\en-US 2012-06-24 21:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-24 21:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-06-24 21:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-24 21:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-24 21:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-06-24 21:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-06-24 21:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-06-24 10:05 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-06-24 10:03 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-06-24 10:03 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-06-24 10:03 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys 2012-06-24 10:03 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-06-24 10:03 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-06-24 10:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2012-06-24 10:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2012-06-24 10:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2012-06-24 10:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2012-06-24 10:03 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-24 10:00 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe 2012-06-24 09:59 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-06-24 09:59 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-06-24 09:59 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-06-24 09:59 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-06-24 09:59 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-06-24 09:59 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-06-24 09:59 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-06-24 09:59 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-06-24 09:59 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-06-24 09:59 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-06-24 07:19 . 2009-07-14 05:07 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-06-23 10:54 . 2012-06-23 10:54 -------- d-----w- c:\programdata\Malwarebytes 2012-06-23 10:54 . 2012-06-23 10:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-23 10:54 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 10:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 10:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 10:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 10:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 10:16 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 10:16 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 10:16 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 10:16 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 10:16 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-23 10:11 . 2012-06-23 10:04 -------- d-----w- c:\windows\Panther 2012-06-23 10:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-06-23 10:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-06-23 10:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-06-23 09:40 . 2012-06-23 09:40 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-06-23 09:16 . 2012-06-24 08:59 -------- d-----w- c:\users\UpdatusUser 2012-06-23 09:16 . 2012-06-23 17:57 -------- d-----w- c:\users\*** 2012-06-23 09:15 . 2012-06-23 09:15 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-06-23 09:15 . 2012-06-23 09:22 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-06-23 09:15 . 2012-06-23 09:19 -------- d-----w- c:\program files\NVIDIA Corporation 2012-06-23 09:15 . 2012-06-23 09:15 -------- d-----w- c:\programdata\SonicFocus 2012-06-23 09:15 . 2012-06-23 09:15 -------- d-----w- c:\program files\Realtek 2012-06-23 09:15 . 2012-06-23 09:15 -------- d-----w- c:\windows\SysWow64\RTCOM 2012-06-23 09:15 . 2012-06-23 09:15 -------- d-----w- c:\program files\Synaptics 2012-06-22 16:45 . 2012-06-22 18:22 -------- d-----w- c:\program files (x86)\NeoSmart Technologies 2012-06-22 14:54 . 2012-06-22 14:54 90232 ----a-w- c:\windows\system32\drivers\SMR162.SYS 2012-06-22 13:03 . 2012-06-23 09:20 -------- d-----w- c:\program files (x86)\Common Files\Cherry 2012-06-22 13:03 . 2012-06-23 09:20 -------- d-----w- c:\program files (x86)\Cherry 2012-06-22 10:41 . 2012-06-23 09:20 -------- d-----w- c:\program files (x86)\Advanced Fix 2012 2012-06-22 09:11 . 2012-06-23 09:27 -------- d-----w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46} 2012-06-22 08:15 . 2012-06-23 09:23 -------- d-----w- c:\program files (x86)\Registry Winner 2012-06-19 19:14 . 2012-06-23 09:20 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-19 19:13 . 2012-06-19 19:13 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-19 19:13 . 2012-06-23 09:21 -------- d-----w- c:\program files (x86)\Java 2012-06-19 19:01 . 2012-06-19 19:01 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 15:14 . 2011-05-13 11:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll 2012-06-19 15:14 . 2011-03-25 19:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll 2012-06-19 15:07 . 2012-06-23 09:26 -------- d-----w- c:\programdata\ICQ 2012-06-19 15:06 . 2012-06-23 09:21 -------- d-----w- c:\program files (x86)\ICQ7M 2012-06-16 12:14 . 2012-06-23 09:26 -------- d-----w- c:\programdata\McAfee 2012-06-01 13:30 . 2012-06-23 09:20 -------- d-----w- c:\program files (x86)\Common Files\Nokia 2012-06-01 13:29 . 2012-06-23 09:23 -------- d-----w- c:\program files (x86)\PC Connectivity Solution 2012-06-01 12:58 . 2012-06-23 09:29 -------- d-----w- c:\windows\SysWow64\System32 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-30 07:09 . 2011-11-04 14:14 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-06-19 21:20 . 2012-04-02 14:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-19 21:20 . 2011-11-30 16:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-19 19:13 . 2011-11-11 15:13 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-29 07:38 . 2011-03-02 05:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-18 16:04 . 2011-12-04 09:27 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-05-05 16:42 . 2012-04-02 15:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-22 11:51 . 2012-04-22 11:51 2152176 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2012-04-22 11:51 . 2012-04-22 11:51 759296 ----a-w- c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll 2012-04-22 11:51 . 2011-11-04 19:50 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736] R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520] R4 Cherry Device Interface;Cherry Device Interface;c:\program files (x86)\Cherry\CDI\cdi.exe [2009-05-28 585774] R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-13 332272] R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] R4 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168] R4 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-08 25960] S0 SMR162;Symantec SMR Utility Service 1.6.2;c:\windows\System32\drivers\SMR162.SYS [2012-06-22 90232] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-28 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-28 1092728] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120628.001\IDSvia64.sys [2012-06-14 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-28 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-28 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:20] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 18:52] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 18:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2011-04-13 02:33 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "Ocs_SM"="c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-06-19 106496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a4vl02em.default-1340304824526\ FF - prefs.js: browser.startup.homepage - hxxp://www.webradio-bounty.de/hitparade.php?vo=116|https://www.facebook.com/?sk=h_chr|chrome://speeddial/content/speeddial.xul . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3966522721-1864700456-4269420246-1001\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels] @Denied: (C D) (Everyone) "ccSvcHst_UserSession2_2244"="{24A5BDC2-419C-47D8-87A7-7626071B5363}" "ccSvcHst_UserSession2_2372"="{53F283D7-3FAC-4A6B-ABBE-AEE12D962B02}" "ccSvcHst_N360"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ccSvcHst_UserSession2_1996"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "ccGenericEvent_Global_EM"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ccGenericEvent_Global_LM"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ccGenericLog_Manager"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "SNDServiceRequestChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "SymRedirSvcRequestChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "SNDLocationChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "NortonNetServiceIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "NetMapServiceIPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_isDataPrComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "g_coVistaProxyChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ipcChannel_ShastaServer"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "ncw_performance_IPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_NCWSvcComm_NortonCommunityWatchConfiguration"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_ProcessDetection_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "isError_Service_IPC"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_AvProdSvcComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "BashIPCChannel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_buSvcComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "Tuneup_Context_Switch_Channel"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_ISPOCClient_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_IDataStoreMgr_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_NortonOnlineCommFeatureRequest_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_buVssComm_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "_HSPlayerCommand_"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "FWAlert"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "IPS_COMMAND_CHANNEL"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" "AvProdSession_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "AvProdSession_Options_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "AvProdSession_MessageCenter_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "AvProdSession_Scanless_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "AvProdSession_IPUA_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "AvProdSession_CanIRun_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "_buUIComm_S-1-5-21-3966522721-1864700456-4269420246-1001"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "clt::AlertChannel2_01"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "g_coUserCommandChannel_S-1-5-21-3966522721-1864700456-4269420246-1001"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "TRUSTCHANNEL"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "SDKCHANNEL1"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "ToasterNotify\\SessionID_1"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "_IPCChannel_PerformAutoLogin_1_"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{E9549EE1-582E-4796-A87D-4DA359635D88}" "{A1B48937-0778-4e7c-885B-271F65B485D2}"="{979D5F13-825C-4A6F-8A3D-746A5B1C3097}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints] @Denied: (C D) (Everyone) "{9A4CC712-1307-482B-92D5-F5118B3BB31C}"="" "{E3C78739-C135-4595-A467-6459F2FAA69A}"="" "{AF09F7A5-99EA-4A84-836B-BCFE9ECAE17E}"="" "{BC306143-6543-47BD-AD06-436C8E2E09A1}"="" "{DF8AB7CB-F802-4A9F-A5F1-B76186451D2E}"="" "{0969C658-E0C2-40B1-8AA3-6D76892EDC47}"="" "{E6C557E8-0B35-4213-8689-CF40844F9513}"="" "{7F23F45D-964F-46BF-944D-7D18B589FA99}"="" "{7A8C101A-B7CF-4F4A-9F1D-165FFEAED664}"="" "{B880BBC6-B3B7-4F0E-84CC-E95F3B13D4AF}"="" "{4DFE6380-DDF8-4945-80F0-E4F8E2488D64}"="" "{596EC78A-4E30-49A6-BFE2-05C8E79DC71B}"="" "{37532AC0-742C-4679-BC3B-76D7D8882D08}"="" "{0E11476A-F623-4C13-91CB-9AD1EABADD4C}"="" "{B3AE662C-9BC8-44F4-B407-5B394EB59858}"="" "{A17D1029-B7B2-4FC2-9A6A-E1F41F883573}"="" "{24A5BDC2-419C-47D8-87A7-7626071B5363}"="" "{5380CBC7-3AE8-4554-BF40-5AA01D71E868}"="" "{C47D1BF5-FF2C-4065-86E1-E00F38A98C94}"="" "{E40FF90B-E7F9-4866-AE4C-CC1B53BE73E5}"="" "{00E1518F-6A9B-40A9-BB91-35076FB3A8AC}"="" "{EF85F397-E6CE-4CCA-A542-0F84CC469B03}"="" "{E557B26B-B069-4468-A204-72828C02EF48}"="" "{1ED7BED7-2C6B-4DE3-89DF-2D9F914BF5D1}"="" "{3C697B04-AC92-418C-ABB4-D43421F9B157}"="" "{475A16E5-BFCE-4B0C-8C6A-2066AE4FC0BF}"="" "{7B315508-467F-439F-8EBB-6A4EF211F7E1}"="" "{D16CA249-C03A-4A32-9D8D-F6A1FC6E283F}"="" "{908372AA-2CD6-43B7-A94D-C95D6BA24670}"="" "{1D730565-B68A-4463-8ECC-D54ED4F3A094}"="" "{CB208D3D-9063-4BC9-8268-F38304D8201B}"="" "{EF720B15-E492-4C34-AFCE-88F87DDFFA52}"="" "{D689CB87-00FC-4080-9627-54D759FF486B}"="" "{402751A8-19F2-425A-B482-730942FBBFE9}"="" "{53F283D7-3FAC-4A6B-ABBE-AEE12D962B02}"="" "{C11326C6-76FB-4B99-A32D-131979AC014F}"="" "{8475AE0F-09A1-40CB-B815-463C550BEF74}"="" "{A7CF1CDD-545D-4EDA-A2E0-439CFD57DBC8}"="" "{68C2A563-CDED-44B2-AAB9-D331F4A8D221}"="" "{03813315-C030-41E4-9A8F-572C11A25532}"="" "{274CC7D2-D4AA-4AE9-A99A-562D6E619E82}"="" "{979D5F13-825C-4A6F-8A3D-746A5B1C3097}"="" "{E9549EE1-582E-4796-A87D-4DA359635D88}"="" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-30 09:14:08 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-30 07:14 . Vor Suchlauf: 13 Verzeichnis(se), 128.115.535.872 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 127.810.392.064 Bytes frei . - - End Of File - - 5F4BB0498A082C6E7796E3CAD8A504AF
__________________ Liebe Grüße Lindsay Charlotta |
01.07.2012, 09:29 | #12 |
| Zwischenfrage Inzwischen hat Malwarebytes eine neue Bedrohung gefunden. Lohnt es sich an dieser Stelle noch weiterzumachen oder muss ich am Ende das BS sowieso neu aufsetzen, sprich C:/ formatieren und neu installieren? Wären die Bedrohungen danach weg oder würden sie sich trotz Formatierung irgendwo anders "verstecken" und danach wieder auftauchen?
__________________ Liebe Grüße Lindsay Charlotta |
01.07.2012, 16:01 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Nein es wäre schön wenn du gleich bei sowas mal das Log posten könntest
__________________ Logfiles bitte immer in CODE-Tags posten |
01.07.2012, 16:41 | #14 |
| Neues Malwarebyte-Log Okey, denn hier das neue Log: Malwarebytes-Scan: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Aktiviert 30.06.2012 21:15:50 mbam-log-2012-06-30 (21-15-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 423752 Laufzeit: 52 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Die "Symptome" treten nämlich immer noch auf, sprich Windows-Explorer und Akkuladestandsanzeige ....
__________________ Liebe Grüße Lindsay Charlotta |
02.07.2012, 09:35 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ? zu PUP.Topckit entfernen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu ? zu PUP.Topckit entfernen |
administrator, anti-malware, auszug, autostart, bedrohung, bösartige, dateien, dateisystem, endgültig, entfernen, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, logfiles, program, pup.topckit, quarantäne, registrierung, scan, service, speicher, sytem, test, version, verzeichnisse |