| |
| |||||||
Log-Analyse und Auswertung: Polizei Virus ÖsterreichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2012, 20:17
| #16 |
 |  Polizei Virus Österreich Hallo! Hier ist das Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2012 20:47:03 - Run 4
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 74,96% Memory free
15,82 Gb Paging File | 13,74 Gb Available in Paging File | 86,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 122,62 Gb Free Space | 51,42% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,09 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive E: | 696,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Martin\Desktop\OTL1.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (papyjoy) -- C:\Windows\SysWOW64\drivers\papyjoy.sys ()
SRV - (papycpu2) -- C:\Windows\SysWOW64\drivers\papycpu2.sys ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
DRV - (papyjoy) -- C:\Windows\SysWOW64\drivers\papyjoy.sys ()
DRV - (papycpu2) -- C:\Windows\SysWOW64\drivers\papycpu2.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.at.msn.com/
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1842581241-129887913-23655209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.31 20:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.31 20:32:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.03 15:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.29 20:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.03 15:35:25 | 000,000,000 | ---D | M]
[2012.05.29 20:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.08.12 13:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\ivq3iq1v.default\extensions
[2012.07.08 20:22:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\ivq3iq1v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.31 20:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.31 20:41:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1842581241-129887913-23655209-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1842581241-129887913-23655209-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1842581241-129887913-23655209-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1842581241-129887913-23655209-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1842581241-129887913-23655209-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1842581241-129887913-23655209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E3CBC8D-8352-44AB-BC99-742CFC6DE11E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D000BF7-F9F2-429E-88EC-A0549CB86220}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.04 17:28:09 | 003,170,304 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.23 14:34:28 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006.03.04 17:28:09 | 003,170,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.09.07 20:45:25 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL1.exe
[2012.09.07 20:45:02 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.09.04 18:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.31 22:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 22:23:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.31 22:03:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Canneverbe Limited
[2012.08.31 22:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.08.31 22:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.08.31 19:40:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2012.08.31 19:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.31 19:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.24 17:08:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Tropico 3
[2012.08.24 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso
[2012.08.22 20:01:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\AMS eJob-Room für BewerberInnen - nicht registriert - Freie Suche - Vollanzeige 3319486_1_25f44218-a25a-4a00-b16b-4eb74c5-Dateien
[2012.08.22 18:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.08.22 07:11:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre
[2012.08.22 07:11:48 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre
[2012.08.22 07:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre
[2012.08.22 07:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre
[2012.08.21 21:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.08.21 19:40:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.21 19:34:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\SoftGrid Client
[2012.08.21 19:34:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SoftGrid Client
[2012.08.21 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.08.21 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.08.21 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.08.21 19:33:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TP
[2012.08.15 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2012.08.15 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WebM Project
[2012.08.15 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Boss Media
[2012.08.15 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Boss Media
[2012.08.15 12:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\win2day Poker
[2012.08.15 12:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\win2day Poker
[2012.08.11 19:28:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.08.11 19:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.08.11 19:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
========== Files - Modified Within 30 Days ==========
[2012.09.07 20:50:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.07 20:45:25 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL1.exe
[2012.09.07 20:45:08 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.09.07 20:42:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 20:42:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 20:35:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.07 20:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 20:33:50 | 2077,249,535 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 06:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 14:22:23 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.09.05 12:23:13 | 000,511,265 | ---- | M] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2012.09.01 07:15:41 | 001,531,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.01 07:15:41 | 000,666,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.01 07:15:41 | 000,628,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.01 07:15:41 | 000,134,186 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.01 07:15:41 | 000,110,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.31 22:37:16 | 007,519,709 | ---- | M] () -- C:\Users\Martin\Desktop\WinRAR-ZIP-Archiv (neu).zip
[2012.08.31 22:23:33 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 22:02:52 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.08.31 20:33:21 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.31 20:33:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.31 19:27:54 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.27 22:09:19 | 001,116,668 | ---- | M] () -- C:\Users\Martin\Desktop\BewerbungZeugnisse.pdf
[2012.08.27 21:02:04 | 000,093,436 | ---- | M] () -- C:\Users\Martin\Desktop\Lebenslauf.pdf
[2012.08.22 22:54:48 | 001,558,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.22 07:25:48 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.08.22 07:11:49 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\PhotoFiltre.lnk
[2012.08.19 18:55:09 | 000,023,872 | ---- | M] () -- C:\Users\Martin\Documents\Buch.odt
[2012.08.19 14:10:53 | 000,395,949 | ---- | M] () -- C:\Users\Martin\Desktop\Flugtickets_20001.pdf
[2012.08.19 14:10:43 | 002,505,864 | ---- | M] () -- C:\Users\Martin\Desktop\Flugtickets_10001.pdf
[2012.08.15 19:40:53 | 000,300,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 12:18:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\win2day Poker.lnk
[2012.08.12 08:17:26 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.08.11 19:28:24 | 000,002,234 | ---- | M] () -- C:\Users\Martin\Desktop\SWAT 4.lnk
========== Files Created - No Company Name ==========
[2012.09.05 12:23:03 | 000,511,265 | ---- | C] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2012.08.31 22:36:03 | 007,519,709 | ---- | C] () -- C:\Users\Martin\Desktop\WinRAR-ZIP-Archiv (neu).zip
[2012.08.31 22:23:33 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 22:02:52 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.08.31 22:02:52 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.08.31 18:54:37 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.27 22:09:19 | 001,116,668 | ---- | C] () -- C:\Users\Martin\Desktop\BewerbungZeugnisse.pdf
[2012.08.27 21:02:03 | 000,093,436 | ---- | C] () -- C:\Users\Martin\Desktop\Lebenslauf.pdf
[2012.08.22 07:25:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.08.22 07:11:49 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\PhotoFiltre.lnk
[2012.08.21 19:33:55 | 001,558,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.19 18:55:07 | 000,023,872 | ---- | C] () -- C:\Users\Martin\Documents\Buch.odt
[2012.08.19 14:10:53 | 000,395,949 | ---- | C] () -- C:\Users\Martin\Desktop\Flugtickets_20001.pdf
[2012.08.19 14:10:43 | 002,505,864 | ---- | C] () -- C:\Users\Martin\Desktop\Flugtickets_10001.pdf
[2012.08.15 12:18:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\win2day Poker.lnk
[2012.08.12 08:17:26 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.08.11 19:28:24 | 000,002,234 | ---- | C] () -- C:\Users\Martin\Desktop\SWAT 4.lnk
[2012.06.03 15:27:43 | 000,234,737 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012.06.03 15:27:43 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2012.05.06 18:09:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.05.06 18:07:27 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.05.02 14:14:48 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.05.02 14:14:48 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.05.02 14:14:48 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.05.02 14:03:22 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\papycpu2.sys
[2012.05.02 14:03:22 | 000,001,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\papyjoy.sys
[2012.05.02 14:00:52 | 000,000,205 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.03.21 18:40:00 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.21 14:26:12 | 000,000,080 | ---- | C] () -- C:\Users\Martin\AppData\Local\X-Plane Installer.prf
[2012.03.20 15:56:55 | 000,024,576 | ---- | C] () -- C:\Windows\UniFISH.exe
[2012.02.04 19:06:39 | 000,073,832 | ---- | C] () -- C:\Windows\SysWow64\SuperFrameSplitter.dll
[2012.02.04 19:06:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RTKDABMWare.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.07 08:12:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.07 08:12:49 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.07 08:12:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2012.02.04 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ASUS WebStorage
[2012.03.21 20:23:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Atari
[2012.05.06 18:25:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Audacity
[2012.08.31 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canneverbe Limited
[2012.07.09 22:09:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.03.14 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.20 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\flightgear.org
[2012.03.21 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\fltk.org
[2012.03.19 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio
[2012.03.21 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Lionhead Studios
[2012.03.04 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MysteryStudio
[2012.02.19 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org
[2012.08.31 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre
[2012.03.20 18:09:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Quest3D
[2012.03.20 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Roaming
[2012.03.12 19:54:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sierra
[2012.03.11 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sierra Entertainment
[2012.08.31 20:30:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SoftGrid Client
[2012.05.14 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony
[2012.03.20 16:25:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Subversion
[2012.08.21 19:34:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TP
[2012.08.26 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 3
[2012.03.06 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2012.07.10 06:25:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.02.08 22:08:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe
[2012.03.09 18:23:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Apple Computer
[2012.02.04 19:11:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ArcSoft
[2012.02.04 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ASUS WebStorage
[2012.03.21 20:23:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Atari
[2012.05.06 18:25:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Audacity
[2012.08.31 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canneverbe Limited
[2012.06.12 20:37:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CyberLink
[2012.07.09 22:09:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.03.14 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.20 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\flightgear.org
[2012.03.21 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\fltk.org
[2012.03.19 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio
[2012.02.04 18:18:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Google
[2012.06.03 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HP
[2012.02.04 18:19:08 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Identities
[2012.02.04 19:05:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InstallShield
[2012.02.04 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Intel
[2012.03.21 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Lionhead Studios
[2012.02.04 18:25:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia
[2012.08.31 19:40:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs
[2012.08.21 19:34:37 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft
[2012.05.29 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla
[2012.03.04 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MysteryStudio
[2012.02.19 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org
[2012.08.31 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre
[2012.03.20 18:09:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Quest3D
[2012.08.16 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Real
[2012.03.20 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Roaming
[2012.03.12 19:54:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sierra
[2012.03.11 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sierra Entertainment
[2012.08.31 20:30:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SoftGrid Client
[2012.05.14 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony
[2012.03.20 16:25:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Subversion
[2012.08.21 19:34:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TP
[2012.08.26 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 3
[2012.03.06 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2012.02.04 18:35:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\vlc
[2012.03.20 13:38:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2012.03.19 15:28:42 | 007,344,984 | ---- | M] (YoYo Games Ltd) -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe
[2012.03.19 15:29:24 | 012,312,576 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio\ffmpeg.exe
[2012.03.19 15:29:24 | 000,102,232 | ---- | M] (YoYo Games Ltd.) -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe
[2012.03.19 15:29:24 | 000,485,208 | ---- | M] (YoYo Games Ltd.) -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio\GMAssetCompiler.exe
[2012.03.19 15:29:26 | 002,492,248 | ---- | M] (XXXXXXXXXXCOMPANYXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA) -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio\Runner.exe
[2012.03.19 15:29:26 | 001,445,888 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\GameMaker-Studio\nginx-1.0.4\nginx.exe
[2012.02.05 13:28:48 | 000,010,134 | R--- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2010.09.13 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys
[2010.09.13 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.13 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< >
< End of report >
|
|
10.09.2012, 14:13
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Polizei Virus Österreich Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1842581241-129887913-23655209-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1842581241-129887913-23655209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006.03.04 17:28:09 | 003,170,304 | R--- | M] ()
:Files
C:\ProgramData\ism_0_llatsni.pad
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
10.09.2012, 17:51
| #18 |
| | Polizei Virus Österreich Hallo!
__________________Hier ist das Log nach dem Fix: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1842581241-129887913-23655209-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1842581241-129887913-23655209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1842581241-129887913-23655209-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546c6f8b-0014-11e1-84d9-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
========== FILES ==========
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 72324 bytes
->Temporary Internet Files folder emptied: 29427928 bytes
->Flash cache emptied: 506 bytes
User: Martin
->Temp folder emptied: 60666348 bytes
->Temporary Internet Files folder emptied: 27764170 bytes
->FireFox cache emptied: 22112454 bytes
->Google Chrome cache emptied: 6572453 bytes
->Flash cache emptied: 524 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 537127 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 140,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.1 log created on 09102012_184431
Files\Folders moved on Reboot...
File\Folder E:\Autorun.exe not found!
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
10.09.2012, 20:46
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus Österreich Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.09.2012, 07:00
| #20 |
| | Polizei Virus Österreich Hallo! Hier ist das Log von TDSS Code:
ATTFilter 07:58:22.0771 6784 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:58:24.0061 6784 ============================================================
07:58:24.0061 6784 Current date / time: 2012/09/11 07:58:24.0061
07:58:24.0061 6784 SystemInfo:
07:58:24.0061 6784
07:58:24.0061 6784 OS Version: 6.1.7601 ServicePack: 1.0
07:58:24.0061 6784 Product type: Workstation
07:58:24.0061 6784 ComputerName: MARTIN-PC
07:58:24.0061 6784 UserName: Martin
07:58:24.0061 6784 Windows directory: C:\Windows
07:58:24.0061 6784 System windows directory: C:\Windows
07:58:24.0061 6784 Running under WOW64
07:58:24.0061 6784 Processor architecture: Intel x64
07:58:24.0061 6784 Number of processors: 8
07:58:24.0061 6784 Page size: 0x1000
07:58:24.0061 6784 Boot type: Normal boot
07:58:24.0061 6784 ============================================================
07:58:24.0511 6784 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:58:24.0511 6784 ============================================================
07:58:24.0511 6784 \Device\Harddisk0\DR0:
07:58:24.0511 6784 MBR partitions:
07:58:24.0511 6784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1DCF0000
07:58:24.0511 6784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x20EF0800, BlocksNum 0x29967000
07:58:24.0511 6784 ============================================================
07:58:24.0551 6784 C: <-> \Device\Harddisk0\DR0\Partition1
07:58:24.0601 6784 D: <-> \Device\Harddisk0\DR0\Partition2
07:58:24.0601 6784 ============================================================
07:58:24.0601 6784 Initialize success
07:58:24.0601 6784 ============================================================
07:58:57.0562 3856 ============================================================
07:58:57.0562 3856 Scan started
07:58:57.0562 3856 Mode: Manual; SigCheck; TDLFS;
07:58:57.0562 3856 ============================================================
07:58:57.0922 3856 ================ Scan system memory ========================
07:58:57.0922 3856 System memory - ok
07:58:57.0932 3856 ================ Scan services =============================
07:58:58.0192 3856 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:58:58.0342 3856 1394ohci - ok
07:58:58.0482 3856 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:58:58.0522 3856 ACDaemon - ok
07:58:58.0572 3856 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:58:58.0602 3856 ACPI - ok
07:58:58.0642 3856 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:58:58.0702 3856 AcpiPmi - ok
07:58:58.0832 3856 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:58:58.0852 3856 AdobeARMservice - ok
07:58:59.0052 3856 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:58:59.0092 3856 AdobeFlashPlayerUpdateSvc - ok
07:58:59.0162 3856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:58:59.0192 3856 adp94xx - ok
07:58:59.0222 3856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:58:59.0232 3856 adpahci - ok
07:58:59.0282 3856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:58:59.0312 3856 adpu320 - ok
07:58:59.0362 3856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:58:59.0452 3856 AeLookupSvc - ok
07:58:59.0512 3856 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
07:58:59.0552 3856 AFBAgent - ok
07:58:59.0632 3856 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
07:58:59.0652 3856 Afc - ok
07:58:59.0742 3856 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:58:59.0842 3856 AFD - ok
07:58:59.0882 3856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:58:59.0912 3856 agp440 - ok
07:58:59.0942 3856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:58:59.0992 3856 ALG - ok
07:59:00.0022 3856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:59:00.0042 3856 aliide - ok
07:59:00.0052 3856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:59:00.0072 3856 amdide - ok
07:59:00.0072 3856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:59:00.0142 3856 AmdK8 - ok
07:59:00.0142 3856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
07:59:00.0182 3856 AmdPPM - ok
07:59:00.0222 3856 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:59:00.0262 3856 amdsata - ok
07:59:00.0272 3856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:59:00.0292 3856 amdsbs - ok
07:59:00.0312 3856 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:59:00.0332 3856 amdxata - ok
07:59:00.0442 3856 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
07:59:00.0472 3856 Amsp - ok
07:59:00.0512 3856 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:59:00.0582 3856 AppID - ok
07:59:00.0612 3856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:59:00.0702 3856 AppIDSvc - ok
07:59:00.0722 3856 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:59:00.0772 3856 Appinfo - ok
07:59:00.0782 3856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
07:59:00.0792 3856 arc - ok
07:59:00.0802 3856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:59:00.0812 3856 arcsas - ok
07:59:00.0892 3856 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
07:59:00.0922 3856 ASLDRService - ok
07:59:00.0982 3856 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
07:59:01.0012 3856 ASMMAP64 - ok
07:59:01.0052 3856 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
07:59:01.0092 3856 asmthub3 - ok
07:59:01.0152 3856 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
07:59:01.0212 3856 asmtxhci - ok
07:59:01.0252 3856 [ DF59B8E8DF0BD2E0E303778A3806A17D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
07:59:01.0282 3856 aswFsBlk - ok
07:59:01.0312 3856 [ F8E6AB4F876FEFF69250F2E0C29EF004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:59:01.0342 3856 aswMonFlt - ok
07:59:01.0412 3856 [ AA92BC4BCBA40CA3AA3FFD1BE24F0C09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
07:59:01.0432 3856 aswRdr - ok
07:59:01.0492 3856 [ F06E230E1E8CA9437A6474B7B551CD37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:59:01.0532 3856 aswSnx - ok
07:59:01.0552 3856 [ 3610CA74A69E380424F0452DEC5C1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:59:01.0572 3856 aswSP - ok
07:59:01.0592 3856 [ 87DE3E31CB0091D22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
07:59:01.0602 3856 aswTdi - ok
07:59:01.0612 3856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:59:01.0682 3856 AsyncMac - ok
07:59:01.0742 3856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:59:01.0772 3856 atapi - ok
07:59:01.0842 3856 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
07:59:01.0942 3856 athr - ok
07:59:01.0962 3856 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
07:59:01.0992 3856 ATKGFNEXSrv - ok
07:59:02.0022 3856 [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
07:59:02.0032 3856 ATKWMIACPIIO - ok
07:59:02.0092 3856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:59:02.0182 3856 AudioEndpointBuilder - ok
07:59:02.0192 3856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:59:02.0222 3856 AudioSrv - ok
07:59:02.0322 3856 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:59:02.0352 3856 avast! Antivirus - ok
07:59:02.0392 3856 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:59:02.0462 3856 AxInstSV - ok
07:59:02.0522 3856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:59:02.0572 3856 b06bdrv - ok
07:59:02.0602 3856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:59:02.0652 3856 b57nd60a - ok
07:59:02.0722 3856 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
07:59:02.0752 3856 BBSvc - ok
07:59:02.0802 3856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:59:02.0832 3856 BDESVC - ok
07:59:02.0882 3856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:59:02.0972 3856 Beep - ok
07:59:03.0022 3856 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:59:03.0122 3856 BFE - ok
07:59:03.0162 3856 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
07:59:03.0252 3856 BITS - ok
07:59:03.0292 3856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:59:03.0352 3856 blbdrive - ok
07:59:03.0392 3856 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:59:03.0442 3856 bowser - ok
07:59:03.0482 3856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:59:03.0532 3856 BrFiltLo - ok
07:59:03.0542 3856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:59:03.0582 3856 BrFiltUp - ok
07:59:03.0632 3856 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:59:03.0682 3856 Browser - ok
07:59:03.0702 3856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:59:03.0772 3856 Brserid - ok
07:59:03.0782 3856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:59:03.0822 3856 BrSerWdm - ok
07:59:03.0832 3856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:59:03.0882 3856 BrUsbMdm - ok
07:59:03.0892 3856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:59:03.0912 3856 BrUsbSer - ok
07:59:03.0942 3856 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:59:04.0012 3856 BthEnum - ok
07:59:04.0012 3856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:59:04.0042 3856 BTHMODEM - ok
07:59:04.0052 3856 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:59:04.0092 3856 BthPan - ok
07:59:04.0142 3856 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:59:04.0182 3856 BTHPORT - ok
07:59:04.0232 3856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:59:04.0332 3856 bthserv - ok
07:59:04.0362 3856 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:59:04.0432 3856 BTHUSB - ok
07:59:04.0462 3856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:59:04.0522 3856 cdfs - ok
07:59:04.0572 3856 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:59:04.0602 3856 cdrom - ok
07:59:04.0632 3856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:59:04.0692 3856 CertPropSvc - ok
07:59:04.0722 3856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
07:59:04.0762 3856 circlass - ok
07:59:04.0792 3856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:59:04.0812 3856 CLFS - ok
07:59:04.0952 3856 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
07:59:04.0972 3856 CLKMSVC10_38F51D56 - ok
07:59:05.0052 3856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:59:05.0082 3856 clr_optimization_v2.0.50727_32 - ok
07:59:05.0162 3856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:59:05.0192 3856 clr_optimization_v2.0.50727_64 - ok
07:59:05.0282 3856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:59:05.0312 3856 clr_optimization_v4.0.30319_32 - ok
07:59:05.0362 3856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:59:05.0392 3856 clr_optimization_v4.0.30319_64 - ok
07:59:05.0432 3856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:59:05.0492 3856 CmBatt - ok
07:59:05.0512 3856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:59:05.0532 3856 cmdide - ok
07:59:05.0582 3856 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
07:59:05.0642 3856 CNG - ok
07:59:05.0692 3856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:59:05.0722 3856 Compbatt - ok
07:59:05.0762 3856 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:59:05.0842 3856 CompositeBus - ok
07:59:05.0852 3856 COMSysApp - ok
07:59:05.0882 3856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:59:05.0902 3856 crcdisk - ok
07:59:05.0932 3856 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:59:05.0972 3856 CryptSvc - ok
07:59:06.0092 3856 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
07:59:06.0122 3856 cvhsvc - ok
07:59:06.0152 3856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:59:06.0242 3856 DcomLaunch - ok
07:59:06.0272 3856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:59:06.0332 3856 defragsvc - ok
07:59:06.0382 3856 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:59:06.0452 3856 DfsC - ok
07:59:06.0492 3856 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:59:06.0542 3856 Dhcp - ok
07:59:06.0572 3856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:59:06.0632 3856 discache - ok
07:59:06.0672 3856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
07:59:06.0702 3856 Disk - ok
07:59:06.0742 3856 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:59:06.0792 3856 Dnscache - ok
07:59:06.0822 3856 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:59:06.0902 3856 dot3svc - ok
07:59:06.0952 3856 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:59:07.0022 3856 Dot4 - ok
07:59:07.0042 3856 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:59:07.0102 3856 Dot4Print - ok
07:59:07.0132 3856 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:59:07.0192 3856 dot4usb - ok
07:59:07.0212 3856 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:59:07.0302 3856 DPS - ok
07:59:07.0352 3856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:59:07.0432 3856 drmkaud - ok
07:59:07.0482 3856 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:59:07.0522 3856 DXGKrnl - ok
07:59:07.0532 3856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:59:07.0582 3856 EapHost - ok
07:59:07.0682 3856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:59:07.0802 3856 ebdrv - ok
07:59:07.0842 3856 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:59:07.0872 3856 EFS - ok
07:59:07.0972 3856 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:59:08.0062 3856 ehRecvr - ok
07:59:08.0082 3856 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:59:08.0152 3856 ehSched - ok
07:59:08.0212 3856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:59:08.0242 3856 elxstor - ok
07:59:08.0242 3856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:59:08.0272 3856 ErrDev - ok
07:59:08.0322 3856 [ 871AB1BFA00ECA5DFDE99D6EECE1BFD4 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
07:59:08.0342 3856 ETD - ok
07:59:08.0372 3856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:59:08.0442 3856 EventSystem - ok
07:59:08.0572 3856 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
07:59:08.0632 3856 EvtEng - ok
07:59:08.0682 3856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:59:08.0762 3856 exfat - ok
07:59:08.0802 3856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:59:08.0892 3856 fastfat - ok
07:59:08.0952 3856 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:59:09.0042 3856 Fax - ok
07:59:09.0052 3856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
07:59:09.0082 3856 fdc - ok
07:59:09.0112 3856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:59:09.0182 3856 fdPHost - ok
07:59:09.0192 3856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:59:09.0232 3856 FDResPub - ok
07:59:09.0262 3856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:59:09.0282 3856 FileInfo - ok
07:59:09.0282 3856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:59:09.0342 3856 Filetrace - ok
07:59:09.0362 3856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:59:09.0382 3856 flpydisk - ok
07:59:09.0392 3856 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:59:09.0402 3856 FltMgr - ok
07:59:09.0452 3856 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
07:59:09.0552 3856 FontCache - ok
07:59:09.0632 3856 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:59:09.0652 3856 FontCache3.0.0.0 - ok
07:59:09.0672 3856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:59:09.0692 3856 FsDepends - ok
07:59:09.0742 3856 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
07:59:09.0772 3856 fssfltr - ok
07:59:09.0852 3856 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:59:09.0922 3856 fsssvc - ok
07:59:09.0962 3856 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:59:09.0982 3856 Fs_Rec - ok
07:59:10.0042 3856 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:59:10.0082 3856 fvevol - ok
07:59:10.0112 3856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:59:10.0132 3856 gagp30kx - ok
07:59:10.0192 3856 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:59:10.0332 3856 gpsvc - ok
07:59:10.0452 3856 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:59:10.0492 3856 gupdate - ok
07:59:10.0502 3856 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:59:10.0512 3856 gupdatem - ok
07:59:10.0562 3856 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:59:10.0592 3856 gusvc - ok
07:59:10.0632 3856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:59:10.0642 3856 hcw85cir - ok
07:59:10.0682 3856 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:59:10.0722 3856 HdAudAddService - ok
07:59:10.0772 3856 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:59:10.0822 3856 HDAudBus - ok
07:59:10.0822 3856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:59:10.0852 3856 HidBatt - ok
07:59:10.0872 3856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:59:10.0912 3856 HidBth - ok
07:59:10.0932 3856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
07:59:10.0962 3856 HidIr - ok
07:59:10.0982 3856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
07:59:11.0042 3856 hidserv - ok
07:59:11.0082 3856 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:59:11.0112 3856 HidUsb - ok
07:59:11.0132 3856 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:59:11.0212 3856 hkmsvc - ok
07:59:11.0252 3856 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:59:11.0312 3856 HomeGroupListener - ok
07:59:11.0352 3856 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:59:11.0392 3856 HomeGroupProvider - ok
07:59:11.0522 3856 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:59:11.0552 3856 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0552 3856 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
07:59:11.0572 3856 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:59:11.0592 3856 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0592 3856 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
07:59:11.0622 3856 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:59:11.0642 3856 HpSAMD - ok
07:59:11.0702 3856 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
07:59:11.0742 3856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0742 3856 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
07:59:11.0782 3856 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:59:11.0872 3856 HTTP - ok
07:59:11.0922 3856 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:59:11.0952 3856 hwpolicy - ok
07:59:11.0982 3856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:59:12.0022 3856 i8042prt - ok
07:59:12.0072 3856 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:59:12.0092 3856 iaStor - ok
07:59:12.0132 3856 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:59:12.0172 3856 iaStorV - ok
07:59:12.0262 3856 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:59:12.0302 3856 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:59:12.0302 3856 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:59:12.0362 3856 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:59:12.0432 3856 idsvc - ok
07:59:12.0722 3856 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:59:13.0042 3856 igfx - ok
07:59:13.0082 3856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:59:13.0092 3856 iirsp - ok
07:59:13.0152 3856 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:59:13.0252 3856 IKEEXT - ok
07:59:13.0362 3856 [ 9F573C952961F444F400489E81ECA381 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:59:13.0402 3856 IntcAzAudAddService - ok
07:59:13.0472 3856 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:59:13.0522 3856 IntcDAud - ok
07:59:13.0532 3856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:59:13.0552 3856 intelide - ok
07:59:13.0582 3856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:59:13.0642 3856 intelppm - ok
07:59:13.0682 3856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:59:13.0732 3856 IPBusEnum - ok
07:59:13.0742 3856 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:59:13.0772 3856 IpFilterDriver - ok
07:59:13.0812 3856 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:59:13.0872 3856 iphlpsvc - ok
07:59:13.0872 3856 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:59:13.0912 3856 IPMIDRV - ok
07:59:13.0912 3856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:59:13.0942 3856 IPNAT - ok
07:59:13.0972 3856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:59:14.0032 3856 IRENUM - ok
07:59:14.0042 3856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:59:14.0062 3856 isapnp - ok
07:59:14.0082 3856 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:59:14.0102 3856 iScsiPrt - ok
07:59:14.0112 3856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:59:14.0122 3856 kbdclass - ok
07:59:14.0152 3856 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:59:14.0182 3856 kbdhid - ok
07:59:14.0212 3856 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
07:59:14.0242 3856 kbfiltr - ok
07:59:14.0282 3856 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:59:14.0312 3856 KeyIso - ok
07:59:14.0342 3856 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:59:14.0352 3856 KSecDD - ok
07:59:14.0382 3856 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:59:14.0422 3856 KSecPkg - ok
07:59:14.0432 3856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:59:14.0512 3856 ksthunk - ok
07:59:14.0542 3856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:59:14.0622 3856 KtmRm - ok
07:59:14.0652 3856 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
07:59:14.0702 3856 L1C - ok
07:59:14.0742 3856 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:59:14.0802 3856 LanmanServer - ok
07:59:14.0832 3856 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:59:14.0892 3856 LanmanWorkstation - ok
07:59:14.0922 3856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:59:15.0002 3856 lltdio - ok
07:59:15.0032 3856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:59:15.0122 3856 lltdsvc - ok
07:59:15.0162 3856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:59:15.0242 3856 lmhosts - ok
07:59:15.0302 3856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:59:15.0342 3856 LSI_FC - ok
07:59:15.0352 3856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:59:15.0362 3856 LSI_SAS - ok
07:59:15.0372 3856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:59:15.0382 3856 LSI_SAS2 - ok
07:59:15.0382 3856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:59:15.0402 3856 LSI_SCSI - ok
07:59:15.0402 3856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:59:15.0442 3856 luafv - ok
07:59:15.0492 3856 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:59:15.0542 3856 Mcx2Svc - ok
07:59:15.0542 3856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
07:59:15.0562 3856 megasas - ok
07:59:15.0582 3856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:59:15.0602 3856 MegaSR - ok
07:59:15.0642 3856 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:59:15.0662 3856 MEIx64 - ok
07:59:15.0702 3856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:59:15.0772 3856 MMCSS - ok
07:59:15.0772 3856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:59:15.0812 3856 Modem - ok
07:59:15.0842 3856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:59:15.0862 3856 monitor - ok
07:59:15.0902 3856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:59:15.0912 3856 mouclass - ok
07:59:15.0952 3856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:59:15.0992 3856 mouhid - ok
07:59:16.0012 3856 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:59:16.0032 3856 mountmgr - ok
07:59:16.0082 3856 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:59:16.0112 3856 MozillaMaintenance - ok
07:59:16.0142 3856 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:59:16.0162 3856 mpio - ok
07:59:16.0162 3856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:59:16.0222 3856 mpsdrv - ok
07:59:16.0272 3856 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:59:16.0322 3856 MpsSvc - ok
07:59:16.0332 3856 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:59:16.0372 3856 MRxDAV - ok
07:59:16.0392 3856 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:59:16.0432 3856 mrxsmb - ok
07:59:16.0442 3856 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:59:16.0472 3856 mrxsmb10 - ok
07:59:16.0502 3856 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:59:16.0532 3856 mrxsmb20 - ok
07:59:16.0552 3856 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:59:16.0562 3856 msahci - ok
07:59:16.0572 3856 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:59:16.0592 3856 msdsm - ok
07:59:16.0602 3856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:59:16.0632 3856 MSDTC - ok
07:59:16.0652 3856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:59:16.0712 3856 Msfs - ok
07:59:16.0742 3856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:59:16.0772 3856 mshidkmdf - ok
07:59:16.0782 3856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:59:16.0792 3856 msisadrv - ok
07:59:16.0812 3856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:59:16.0842 3856 MSiSCSI - ok
07:59:16.0842 3856 msiserver - ok
07:59:16.0912 3856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:59:16.0962 3856 MSKSSRV - ok
07:59:16.0982 3856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:59:17.0012 3856 MSPCLOCK - ok
07:59:17.0022 3856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:59:17.0052 3856 MSPQM - ok
07:59:17.0082 3856 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:59:17.0092 3856 MsRPC - ok
07:59:17.0112 3856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:59:17.0122 3856 mssmbios - ok
07:59:17.0122 3856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:59:17.0202 3856 MSTEE - ok
07:59:17.0212 3856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:59:17.0242 3856 MTConfig - ok
07:59:17.0242 3856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:59:17.0252 3856 Mup - ok
07:59:17.0302 3856 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
07:59:17.0332 3856 MyWiFiDHCPDNS - ok
07:59:17.0372 3856 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:59:17.0412 3856 napagent - ok
07:59:17.0452 3856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:59:17.0532 3856 NativeWifiP - ok
07:59:17.0592 3856 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:59:17.0632 3856 NDIS - ok
07:59:17.0662 3856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:59:17.0692 3856 NdisCap - ok
07:59:17.0732 3856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:59:17.0782 3856 NdisTapi - ok
07:59:17.0822 3856 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:59:17.0872 3856 Ndisuio - ok
07:59:17.0872 3856 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:59:17.0912 3856 NdisWan - ok
07:59:17.0922 3856 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:59:17.0962 3856 NDProxy - ok
07:59:18.0012 3856 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:59:18.0042 3856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:59:18.0042 3856 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:59:18.0072 3856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:59:18.0142 3856 NetBIOS - ok
07:59:18.0152 3856 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:59:18.0192 3856 NetBT - ok
07:59:18.0222 3856 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:59:18.0232 3856 Netlogon - ok
07:59:18.0282 3856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:59:18.0392 3856 Netman - ok
07:59:18.0412 3856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:59:18.0492 3856 netprofm - ok
07:59:18.0532 3856 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:59:18.0562 3856 NetTcpPortSharing - ok
07:59:18.0772 3856 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
07:59:19.0002 3856 NETwNs64 - ok
07:59:19.0042 3856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:59:19.0072 3856 nfrd960 - ok
07:59:19.0112 3856 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:59:19.0172 3856 NlaSvc - ok
07:59:19.0222 3856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:59:19.0292 3856 Npfs - ok
07:59:19.0312 3856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:59:19.0372 3856 nsi - ok
07:59:19.0392 3856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:59:19.0442 3856 nsiproxy - ok
07:59:19.0512 3856 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:59:19.0572 3856 Ntfs - ok
07:59:19.0592 3856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:59:19.0662 3856 Null - ok
07:59:19.0952 3856 [ 07CA1D99512EE5EF99E954A13F3BFFA8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:59:20.0112 3856 nvlddmkm - ok
07:59:20.0122 3856 [ A8DB9EBD9887A9820DBC1878F0301EE7 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
07:59:20.0132 3856 nvpciflt - ok
07:59:20.0162 3856 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:59:20.0172 3856 nvraid - ok
07:59:20.0222 3856 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:59:20.0252 3856 nvstor - ok
07:59:20.0282 3856 [ 9007A22A1938A9EF81CA5122121ECCD8 ] NVSvc C:\Windows\system32\nvvsvc.exe
07:59:20.0322 3856 NVSvc - ok
07:59:20.0392 3856 [ 00572C26C6DCF99362068FB7283B7126 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
07:59:20.0462 3856 nvUpdatusService - ok
07:59:20.0502 3856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:59:20.0512 3856 nv_agp - ok
07:59:20.0512 3856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:59:20.0542 3856 ohci1394 - ok
07:59:20.0582 3856 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:59:20.0592 3856 ose - ok
07:59:20.0762 3856 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:59:20.0912 3856 osppsvc - ok
07:59:20.0952 3856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:59:20.0992 3856 p2pimsvc - ok
07:59:21.0012 3856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:59:21.0062 3856 p2psvc - ok
07:59:21.0092 3856 papycpu2 - ok
07:59:21.0092 3856 papyjoy - ok
07:59:21.0122 3856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
07:59:21.0152 3856 Parport - ok
07:59:21.0182 3856 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:59:21.0192 3856 partmgr - ok
07:59:21.0202 3856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:59:21.0252 3856 PcaSvc - ok
07:59:21.0272 3856 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:59:21.0292 3856 pci - ok
07:59:21.0332 3856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:59:21.0342 3856 pciide - ok
07:59:21.0362 3856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:59:21.0382 3856 pcmcia - ok
07:59:21.0392 3856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:59:21.0402 3856 pcw - ok
07:59:21.0412 3856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:59:21.0462 3856 PEAUTH - ok
07:59:21.0592 3856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:59:21.0642 3856 PerfHost - ok
07:59:21.0722 3856 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:59:21.0872 3856 pla - ok
07:59:21.0912 3856 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:59:21.0942 3856 PlugPlay - ok
07:59:21.0982 3856 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:59:22.0012 3856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:59:22.0012 3856 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:59:22.0032 3856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:59:22.0102 3856 PNRPAutoReg - ok
07:59:22.0122 3856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:59:22.0172 3856 PNRPsvc - ok
07:59:22.0202 3856 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:59:22.0282 3856 PolicyAgent - ok
07:59:22.0312 3856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:59:22.0402 3856 Power - ok
07:59:22.0452 3856 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:59:22.0542 3856 PptpMiniport - ok
07:59:22.0572 3856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
07:59:22.0602 3856 Processor - ok
07:59:22.0642 3856 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:59:22.0702 3856 ProfSvc - ok
07:59:22.0722 3856 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:59:22.0742 3856 ProtectedStorage - ok
07:59:22.0782 3856 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:59:22.0862 3856 Psched - ok
07:59:22.0932 3856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:59:23.0002 3856 ql2300 - ok
07:59:23.0002 3856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:59:23.0022 3856 ql40xx - ok
07:59:23.0042 3856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:59:23.0062 3856 QWAVE - ok
07:59:23.0072 3856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:59:23.0092 3856 QWAVEdrv - ok
07:59:23.0102 3856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:59:23.0142 3856 RasAcd - ok
07:59:23.0182 3856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:59:23.0252 3856 RasAgileVpn - ok
07:59:23.0272 3856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:59:23.0332 3856 RasAuto - ok
07:59:23.0352 3856 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:59:23.0432 3856 Rasl2tp - ok
07:59:23.0472 3856 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:59:23.0542 3856 RasMan - ok
07:59:23.0552 3856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:59:23.0602 3856 RasPppoe - ok
07:59:23.0602 3856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:59:23.0652 3856 RasSstp - ok
07:59:23.0662 3856 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:59:23.0702 3856 rdbss - ok
07:59:23.0732 3856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
07:59:23.0792 3856 rdpbus - ok
07:59:23.0822 3856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:59:23.0872 3856 RDPCDD - ok
07:59:23.0872 3856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:59:23.0922 3856 RDPENCDD - ok
07:59:23.0932 3856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:59:23.0972 3856 RDPREFMP - ok
07:59:24.0012 3856 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:59:24.0082 3856 RDPWD - ok
07:59:24.0122 3856 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:59:24.0142 3856 rdyboost - ok
07:59:24.0222 3856 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:59:24.0262 3856 RegSrvc - ok
07:59:24.0282 3856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:59:24.0332 3856 RemoteAccess - ok
07:59:24.0382 3856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:59:24.0492 3856 RemoteRegistry - ok
07:59:24.0532 3856 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:59:24.0602 3856 RFCOMM - ok
07:59:24.0622 3856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:59:24.0702 3856 RpcEptMapper - ok
07:59:24.0722 3856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:59:24.0772 3856 RpcLocator - ok
07:59:24.0802 3856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:59:24.0862 3856 RpcSs - ok
07:59:24.0872 3856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:59:24.0932 3856 rspndr - ok
07:59:24.0972 3856 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
07:59:24.0982 3856 RSUSBVSTOR - ok
07:59:25.0022 3856 [ B88880586ACD3EDEFCD0F9C2A6C1EE27 ] RTL2832UBDA C:\Windows\system32\drivers\RTL2832UBDA.sys
07:59:25.0032 3856 RTL2832UBDA - ok
07:59:25.0112 3856 [ 4C04300EE6A5E780FD4E2F0806AECA0E ] RTL2832UUSB C:\Windows\system32\Drivers\RTL2832UUSB.sys
07:59:25.0142 3856 RTL2832UUSB - ok
07:59:25.0202 3856 [ 19FAA5E7CF3D5263F4E79450A03E50CA ] RTL2832U_IRHID C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
07:59:25.0232 3856 RTL2832U_IRHID - ok
07:59:25.0302 3856 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:59:25.0332 3856 RTL8167 - ok
07:59:25.0362 3856 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:59:25.0402 3856 SamSs - ok
07:59:25.0422 3856 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:59:25.0462 3856 sbp2port - ok
07:59:25.0532 3856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:59:25.0592 3856 SCardSvr - ok
07:59:25.0602 3856 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:59:25.0642 3856 scfilter - ok
07:59:25.0672 3856 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:59:25.0722 3856 Schedule - ok
07:59:25.0762 3856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:59:25.0822 3856 SCPolicySvc - ok
07:59:25.0832 3856 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:59:25.0862 3856 SDRSVC - ok
07:59:25.0932 3856 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
07:59:25.0942 3856 SeaPort - ok
07:59:25.0992 3856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:59:26.0072 3856 secdrv - ok
07:59:26.0092 3856 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:59:26.0132 3856 seclogon - ok
07:59:26.0182 3856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
07:59:26.0312 3856 SENS - ok
07:59:26.0352 3856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:59:26.0422 3856 SensrSvc - ok
07:59:26.0442 3856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
07:59:26.0492 3856 Serenum - ok
07:59:26.0512 3856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
07:59:26.0542 3856 Serial - ok
07:59:26.0562 3856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:59:26.0592 3856 sermouse - ok
07:59:26.0612 3856 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:59:26.0662 3856 SessionEnv - ok
07:59:26.0672 3856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:59:26.0692 3856 sffdisk - ok
07:59:26.0692 3856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:59:26.0732 3856 sffp_mmc - ok
07:59:26.0732 3856 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:59:26.0752 3856 sffp_sd - ok
07:59:26.0762 3856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:59:26.0792 3856 sfloppy - ok
07:59:26.0842 3856 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
07:59:26.0872 3856 Sftfs - ok
07:59:26.0942 3856 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:59:26.0962 3856 sftlist - ok
07:59:27.0002 3856 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:59:27.0032 3856 Sftplay - ok
07:59:27.0062 3856 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:59:27.0072 3856 Sftredir - ok
07:59:27.0092 3856 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
07:59:27.0102 3856 Sftvol - ok
07:59:27.0142 3856 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:59:27.0172 3856 sftvsa - ok
07:59:27.0212 3856 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:59:27.0292 3856 SharedAccess - ok
07:59:27.0332 3856 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:59:27.0412 3856 ShellHWDetection - ok
07:59:27.0442 3856 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
07:59:27.0462 3856 SiSGbeLH - ok
07:59:27.0492 3856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:59:27.0502 3856 SiSRaid2 - ok
07:59:27.0502 3856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:59:27.0522 3856 SiSRaid4 - ok
07:59:27.0542 3856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:59:27.0572 3856 Smb - ok
07:59:27.0602 3856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:59:27.0642 3856 SNMPTRAP - ok
07:59:27.0662 3856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:59:27.0672 3856 spldr - ok
07:59:27.0702 3856 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:59:27.0772 3856 Spooler - ok
07:59:27.0882 3856 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:59:27.0962 3856 sppsvc - ok
07:59:27.0972 3856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:59:28.0032 3856 sppuinotify - ok
07:59:28.0072 3856 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:59:28.0102 3856 srv - ok
07:59:28.0132 3856 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:59:28.0152 3856 srv2 - ok
07:59:28.0162 3856 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:59:28.0192 3856 srvnet - ok
07:59:28.0232 3856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:59:28.0302 3856 SSDPSRV - ok
07:59:28.0322 3856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:59:28.0362 3856 SstpSvc - ok
07:59:28.0402 3856 Steam Client Service - ok
07:59:28.0422 3856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:59:28.0432 3856 stexstor - ok
07:59:28.0492 3856 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:59:28.0562 3856 stisvc - ok
07:59:28.0582 3856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:59:28.0602 3856 swenum - ok
07:59:28.0622 3856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:59:28.0702 3856 swprv - ok
07:59:28.0752 3856 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:59:28.0812 3856 SysMain - ok
07:59:28.0832 3856 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:59:28.0852 3856 TabletInputService - ok
07:59:28.0862 3856 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:59:28.0912 3856 TapiSrv - ok
07:59:28.0932 3856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:59:28.0982 3856 TBS - ok
07:59:29.0062 3856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:59:29.0172 3856 Tcpip - ok
07:59:29.0242 3856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:59:29.0292 3856 TCPIP6 - ok
07:59:29.0312 3856 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:59:29.0392 3856 tcpipreg - ok
07:59:29.0412 3856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:59:29.0422 3856 TDPIPE - ok
07:59:29.0452 3856 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:59:29.0482 3856 TDTCP - ok
07:59:29.0502 3856 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:59:29.0542 3856 tdx - ok
07:59:29.0542 3856 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:59:29.0552 3856 TermDD - ok
07:59:29.0592 3856 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:59:29.0642 3856 TermService - ok
07:59:29.0662 3856 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:59:29.0682 3856 Themes - ok
07:59:29.0722 3856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:59:29.0782 3856 THREADORDER - ok
07:59:29.0862 3856 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
07:59:29.0882 3856 TiMiniService - ok
07:59:29.0912 3856 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
07:59:29.0932 3856 tmactmon - ok
07:59:29.0952 3856 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
07:59:29.0972 3856 tmcomm - ok
07:59:29.0982 3856 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
07:59:29.0992 3856 tmevtmgr - ok
07:59:30.0032 3856 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
07:59:30.0042 3856 tmtdi - ok
07:59:30.0082 3856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:59:30.0172 3856 TrkWks - ok
07:59:30.0242 3856 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:59:30.0332 3856 TrustedInstaller - ok
07:59:30.0372 3856 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:59:30.0422 3856 tssecsrv - ok
07:59:30.0452 3856 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:59:30.0492 3856 TsUsbFlt - ok
07:59:30.0502 3856 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
07:59:30.0532 3856 TsUsbGD - ok
07:59:30.0562 3856 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:59:30.0612 3856 tunnel - ok
07:59:30.0632 3856 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
07:59:30.0642 3856 TurboB - ok
07:59:30.0722 3856 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
07:59:30.0752 3856 TurboBoost - ok
07:59:30.0772 3856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:59:30.0802 3856 uagp35 - ok
07:59:30.0802 3856 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:59:30.0852 3856 udfs - ok
07:59:30.0882 3856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:59:30.0922 3856 UI0Detect - ok
07:59:30.0932 3856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:59:30.0942 3856 uliagpkx - ok
07:59:30.0952 3856 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:59:30.0972 3856 umbus - ok
07:59:30.0982 3856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
07:59:31.0012 3856 UmPass - ok
07:59:31.0032 3856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:59:31.0092 3856 upnphost - ok
07:59:31.0132 3856 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:59:31.0182 3856 usbccgp - ok
07:59:31.0252 3856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:59:31.0312 3856 usbcir - ok
07:59:31.0332 3856 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:59:31.0362 3856 usbehci - ok
07:59:31.0392 3856 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:59:31.0452 3856 usbhub - ok
07:59:31.0482 3856 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:59:31.0502 3856 usbohci - ok
07:59:31.0502 3856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:59:31.0542 3856 usbprint - ok
07:59:31.0582 3856 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:59:31.0632 3856 usbscan - ok
07:59:31.0672 3856 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:59:31.0732 3856 USBSTOR - ok
07:59:31.0762 3856 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:59:31.0802 3856 usbuhci - ok
07:59:31.0832 3856 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
07:59:31.0862 3856 usbvideo - ok
07:59:31.0892 3856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:59:31.0932 3856 UxSms - ok
07:59:31.0962 3856 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:59:31.0972 3856 VaultSvc - ok
07:59:31.0982 3856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:59:31.0992 3856 vdrvroot - ok
07:59:32.0022 3856 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:59:32.0092 3856 vds - ok
07:59:32.0112 3856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:59:32.0132 3856 vga - ok
07:59:32.0152 3856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:59:32.0182 3856 VgaSave - ok
07:59:32.0182 3856 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:59:32.0202 3856 vhdmp - ok
07:59:32.0222 3856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:59:32.0232 3856 viaide - ok
07:59:32.0242 3856 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:59:32.0252 3856 volmgr - ok
07:59:32.0262 3856 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:59:32.0272 3856 volmgrx - ok
07:59:32.0292 3856 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:59:32.0332 3856 volsnap - ok
07:59:32.0362 3856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:59:32.0382 3856 vsmraid - ok
07:59:32.0442 3856 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:59:32.0582 3856 VSS - ok
07:59:32.0592 3856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:59:32.0622 3856 vwifibus - ok
07:59:32.0622 3856 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:59:32.0652 3856 vwififlt - ok
07:59:32.0692 3856 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
07:59:32.0722 3856 vwifimp - ok
07:59:32.0762 3856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:59:32.0812 3856 W32Time - ok
07:59:32.0832 3856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:59:32.0862 3856 WacomPen - ok
07:59:32.0892 3856 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:59:32.0932 3856 WANARP - ok
07:59:32.0942 3856 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:59:32.0972 3856 Wanarpv6 - ok
07:59:33.0052 3856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:59:33.0112 3856 WatAdminSvc - ok
07:59:33.0162 3856 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:59:33.0262 3856 wbengine - ok
07:59:33.0272 3856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:59:33.0302 3856 WbioSrvc - ok
07:59:33.0312 3856 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:59:33.0352 3856 wcncsvc - ok
07:59:33.0362 3856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:59:33.0392 3856 WcsPlugInService - ok
07:59:33.0422 3856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
07:59:33.0432 3856 Wd - ok
07:59:33.0462 3856 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:59:33.0482 3856 Wdf01000 - ok
07:59:33.0482 3856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:59:33.0522 3856 WdiServiceHost - ok
07:59:33.0522 3856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:59:33.0542 3856 WdiSystemHost - ok
07:59:33.0562 3856 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:59:33.0602 3856 WebClient - ok
07:59:33.0622 3856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:59:33.0682 3856 Wecsvc - ok
07:59:33.0702 3856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:59:33.0752 3856 wercplsupport - ok
07:59:33.0772 3856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:59:33.0812 3856 WerSvc - ok
07:59:33.0822 3856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:59:33.0872 3856 WfpLwf - ok
07:59:33.0942 3856 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
07:59:33.0982 3856 WimFltr - ok
07:59:34.0012 3856 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:59:34.0042 3856 WIMMount - ok
07:59:34.0062 3856 WinDefend - ok
07:59:34.0072 3856 WinHttpAutoProxySvc - ok
07:59:34.0132 3856 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:59:34.0212 3856 Winmgmt - ok
07:59:34.0292 3856 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:59:34.0412 3856 WinRM - ok
07:59:34.0462 3856 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:59:34.0492 3856 WinUsb - ok
07:59:34.0532 3856 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:59:34.0572 3856 Wlansvc - ok
07:59:34.0632 3856 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:59:34.0652 3856 wlcrasvc - ok
07:59:34.0782 3856 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:59:34.0852 3856 wlidsvc - ok
07:59:34.0882 3856 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:59:34.0902 3856 WmiAcpi - ok
07:59:34.0952 3856 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:59:35.0012 3856 wmiApSrv - ok
07:59:35.0042 3856 WMPNetworkSvc - ok
07:59:35.0082 3856 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:59:35.0112 3856 WPCSvc - ok
07:59:35.0122 3856 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:59:35.0142 3856 WPDBusEnum - ok
07:59:35.0162 3856 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:59:35.0242 3856 ws2ifsl - ok
07:59:35.0262 3856 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
07:59:35.0302 3856 wscsvc - ok
07:59:35.0302 3856 WSearch - ok
07:59:35.0402 3856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:59:35.0512 3856 wuauserv - ok
07:59:35.0532 3856 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:59:35.0612 3856 WudfPf - ok
07:59:35.0652 3856 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:59:35.0732 3856 WUDFRd - ok
07:59:35.0752 3856 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:59:35.0782 3856 wudfsvc - ok
07:59:35.0802 3856 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:59:35.0832 3856 WwanSvc - ok
07:59:35.0872 3856 ================ Scan global ===============================
07:59:35.0902 3856 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:59:35.0942 3856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
07:59:35.0952 3856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
07:59:35.0972 3856 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:59:36.0002 3856 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:59:36.0022 3856 [Global] - ok
07:59:36.0032 3856 ================ Scan MBR ==================================
07:59:36.0042 3856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:59:36.0522 3856 \Device\Harddisk0\DR0 - ok
07:59:36.0532 3856 ================ Scan VBR ==================================
07:59:36.0532 3856 [ ED7CCB7E27EA8A9C890D6D7033D508AF ] \Device\Harddisk0\DR0\Partition1
07:59:36.0532 3856 \Device\Harddisk0\DR0\Partition1 - ok
07:59:36.0562 3856 [ 15F12D17561DA2F72BBD1628C36F2502 ] \Device\Harddisk0\DR0\Partition2
07:59:36.0562 3856 \Device\Harddisk0\DR0\Partition2 - ok
07:59:36.0562 3856 ============================================================
07:59:36.0562 3856 Scan finished
07:59:36.0562 3856 ============================================================
07:59:36.0572 6568 Detected object count: 6
07:59:36.0572 6568 Actual detected object count: 6
07:59:45.0882 6568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:45.0882 6568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:59:45.0882 6568 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:45.0882 6568 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:59:45.0882 6568 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:45.0882 6568 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:59:45.0892 6568 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:45.0892 6568 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:59:45.0892 6568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:45.0892 6568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:59:45.0892 6568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:45.0892 6568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.09.2012, 16:01
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus Österreich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Polizei Virus Österreich |
|
11.09.2012, 18:09
| #22 |
| | Polizei Virus Österreich Hallo! Hier ist die Logdatei: Code:
ATTFilter ComboFix 12-09-11.02 - Martin 11.09.2012 18:54:51.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8103.6129 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\users\Martin\AppData\Roaming\Roaming
c:\users\Martin\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-11 bis 2012-09-11 ))))))))))))))))))))))))))))))
.
.
2012-09-11 17:04 . 2012-09-11 17:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-11 17:04 . 2012-09-11 17:04 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-09-11 17:04 . 2012-09-11 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-11 17:01 . 2012-09-11 17:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FFA7946-66C0-4F58-A0BC-1782FD13A1AF}\offreg.dll
2012-09-10 16:44 . 2012-09-10 16:44 -------- d-----w- C:\_OTL
2012-09-08 04:11 . 2012-08-27 23:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FFA7946-66C0-4F58-A0BC-1782FD13A1AF}\mpengine.dll
2012-09-04 16:57 . 2012-09-04 16:57 -------- d-----w- c:\program files (x86)\ESET
2012-09-02 06:25 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-31 20:23 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 20:03 . 2012-08-31 20:03 -------- d-----w- c:\users\Martin\AppData\Roaming\Canneverbe Limited
2012-08-31 20:03 . 2012-08-31 20:03 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-31 20:02 . 2012-08-31 20:02 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-08-31 18:41 . 2012-08-31 18:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 17:40 . 2012-08-31 17:40 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-08-31 17:40 . 2012-08-31 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 17:40 . 2012-08-31 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-24 15:08 . 2012-08-26 08:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Tropico 3
2012-08-24 14:45 . 2009-03-09 13:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2012-08-24 14:37 . 2012-08-24 14:37 -------- d-----w- c:\program files (x86)\Kalypso
2012-08-22 05:11 . 2012-08-31 18:31 -------- d-----w- c:\users\Martin\AppData\Roaming\PhotoFiltre
2012-08-22 05:11 . 2012-08-22 05:11 -------- d-----w- c:\program files (x86)\PhotoFiltre
2012-08-21 19:44 . 2012-08-22 05:25 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-21 17:40 . 2012-08-21 17:40 -------- d-----r- C:\MSOCache
2012-08-21 17:34 . 2012-08-31 18:30 -------- d-----w- c:\users\Martin\AppData\Roaming\SoftGrid Client
2012-08-21 17:34 . 2012-08-21 17:34 -------- d-----w- c:\users\Martin\AppData\Local\SoftGrid Client
2012-08-21 17:33 . 2012-08-22 20:54 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-21 17:33 . 2012-08-21 17:33 -------- d-----w- c:\program files\Microsoft Office
2012-08-21 17:33 . 2012-08-21 17:34 -------- d-----w- c:\users\Martin\AppData\Roaming\TP
2012-08-15 19:35 . 2012-08-15 19:35 -------- d-----w- c:\program files\Common Files\WebM Project
2012-08-15 19:35 . 2012-08-15 19:35 -------- d-----w- c:\program files (x86)\Common Files\WebM Project
2012-08-15 14:47 . 2012-06-29 03:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 14:47 . 2012-06-29 03:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 14:47 . 2012-06-29 03:44 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-15 14:47 . 2012-06-29 00:10 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-15 14:47 . 2012-06-29 00:10 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-15 14:47 . 2012-06-29 04:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-15 14:47 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-15 10:19 . 2012-08-15 10:19 -------- d-----w- c:\users\Martin\AppData\Local\Boss Media
2012-08-15 10:19 . 2012-08-15 10:19 -------- d-----w- c:\programdata\Boss Media
2012-08-15 10:18 . 2012-08-31 18:31 -------- d-----w- c:\program files (x86)\win2day Poker
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 19:19 . 2012-02-04 16:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-09-04 05:59 . 2012-04-09 19:55 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 05:59 . 2012-02-13 21:50 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 18:41 . 2012-02-19 18:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 14:45 . 2012-04-16 04:11 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-12 06:17 . 2012-08-12 06:17 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-07-03 16:21 . 2012-02-26 21:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-02-04 16:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-04 16:30 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-02-04 16:30 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-02-04 16:30 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-02-04 16:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-02-04 16:30 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-02-04 16:30 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-02-04 16:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 14:32 . 2012-07-08 18:22 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-11 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-10-26 12862]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-2-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/26 14:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 44320]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 224488]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 39016]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 05:59]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 06:30]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 06:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ivq3iq1v.default\
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-IR_SERVER - c:\progra~2\Realtek\REALTE~1\IR_SERVER.exe
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-11 19:07:56
ComboFix-quarantined-files.txt 2012-09-11 17:07
.
Vor Suchlauf: 13 Verzeichnis(se), 132.535.615.488 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 132.003.115.008 Bytes frei
.
- - End Of File - - 8B14D8C94E52ABBCE0A708E8E205A75E
|
|
11.09.2012, 22:30
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus ÖsterreichCode:
ATTFilter AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 17:40
| #24 |
| | Polizei Virus Österreich Avast ist noch installiert. Trend Micro hab ich nie benutzt. LG Barney |
|
12.09.2012, 20:30
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus Österreich Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Seccenter::
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 05:32
| #26 |
| | Polizei Virus Österreich Hallo! Hier ist die neue Logdatei, ich wurde aber nicht gefragt ob ich neu starten will: Code:
ATTFilter ComboFix 12-09-12.03 - Martin 13.09.2012 6:17.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8103.5924 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-13 bis 2012-09-13 ))))))))))))))))))))))))))))))
.
.
2012-09-13 04:27 . 2012-09-13 04:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-13 04:27 . 2012-09-13 04:27 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-09-13 04:27 . 2012-09-13 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 16:42 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:42 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:42 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:42 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:42 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:42 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:42 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 20:31 . 2012-08-27 23:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B6A13B8-79B2-47B2-99D6-0A29EDDEA4D2}\mpengine.dll
2012-09-10 16:44 . 2012-09-10 16:44 -------- d-----w- C:\_OTL
2012-09-04 16:57 . 2012-09-04 16:57 -------- d-----w- c:\program files (x86)\ESET
2012-09-02 06:25 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-31 20:23 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 20:03 . 2012-08-31 20:03 -------- d-----w- c:\users\Martin\AppData\Roaming\Canneverbe Limited
2012-08-31 20:03 . 2012-08-31 20:03 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-31 20:02 . 2012-08-31 20:02 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-08-31 18:41 . 2012-08-31 18:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 17:40 . 2012-08-31 17:40 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-08-31 17:40 . 2012-08-31 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 17:40 . 2012-08-31 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-24 15:08 . 2012-08-26 08:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Tropico 3
2012-08-24 14:45 . 2009-03-09 13:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2012-08-24 14:37 . 2012-08-24 14:37 -------- d-----w- c:\program files (x86)\Kalypso
2012-08-22 05:11 . 2012-08-31 18:31 -------- d-----w- c:\users\Martin\AppData\Roaming\PhotoFiltre
2012-08-22 05:11 . 2012-08-22 05:11 -------- d-----w- c:\program files (x86)\PhotoFiltre
2012-08-21 19:44 . 2012-08-22 05:25 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-21 17:40 . 2012-08-21 17:40 -------- d-----r- C:\MSOCache
2012-08-21 17:34 . 2012-08-31 18:30 -------- d-----w- c:\users\Martin\AppData\Roaming\SoftGrid Client
2012-08-21 17:34 . 2012-08-21 17:34 -------- d-----w- c:\users\Martin\AppData\Local\SoftGrid Client
2012-08-21 17:33 . 2012-08-22 20:54 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-21 17:33 . 2012-08-21 17:33 -------- d-----w- c:\program files\Microsoft Office
2012-08-21 17:33 . 2012-08-21 17:34 -------- d-----w- c:\users\Martin\AppData\Roaming\TP
2012-08-15 19:35 . 2012-08-15 19:35 -------- d-----w- c:\program files\Common Files\WebM Project
2012-08-15 19:35 . 2012-08-15 19:35 -------- d-----w- c:\program files (x86)\Common Files\WebM Project
2012-08-15 14:47 . 2012-06-29 03:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 14:47 . 2012-06-29 03:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 14:47 . 2012-06-29 03:44 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-15 14:47 . 2012-06-29 00:10 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-15 14:47 . 2012-06-29 00:10 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-15 14:47 . 2012-06-29 04:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-15 14:47 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-15 10:19 . 2012-08-15 10:19 -------- d-----w- c:\users\Martin\AppData\Local\Boss Media
2012-08-15 10:19 . 2012-08-15 10:19 -------- d-----w- c:\programdata\Boss Media
2012-08-15 10:18 . 2012-08-31 18:31 -------- d-----w- c:\program files (x86)\win2day Poker
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 17:12 . 2012-04-16 04:11 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 19:19 . 2012-02-04 16:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-09-04 05:59 . 2012-04-09 19:55 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 05:59 . 2012-02-13 21:50 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 18:41 . 2012-02-19 18:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 09:13 . 2012-02-04 16:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-04 16:30 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-04 16:30 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-26 21:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-02-04 16:30 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-02-04 16:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-02-04 16:30 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-04 16:30 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-02-04 16:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-12 06:17 . 2012-08-12 06:17 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-06-22 14:32 . 2012-07-08 18:22 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-11_17.04.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-09-11 06:10 . 2012-09-11 06:10 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-09-12 17:13 . 2012-09-12 17:13 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-09-13 04:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-11 16:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-13 04:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 16:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-13 04:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 16:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 20:13 . 2012-09-11 18:32 53970 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-12 16:37 39362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-04 16:19 . 2012-09-12 16:37 11620 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1842581241-129887913-23655209-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-09-13 04:08 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-08-15 17:38 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys
+ 2012-09-12 16:42 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys
+ 2012-09-12 16:42 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys
+ 2009-07-14 04:46 . 2012-09-13 04:13 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-09-11 16:29 . 2012-09-11 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-13 04:06 . 2012-09-13 04:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-13 04:06 . 2012-09-13 04:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-11 16:29 . 2012-09-11 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-05 10:40 . 2012-09-11 20:30 268782 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-09-13 04:15 628106 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-01 05:15 628106 c:\windows\system32\perfh009.dat
+ 2011-02-19 04:24 . 2012-09-13 04:15 666264 c:\windows\system32\perfh007.dat
- 2011-02-19 04:24 . 2012-09-01 05:15 666264 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-09-01 05:15 110568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-13 04:15 110568 c:\windows\system32\perfc009.dat
+ 2011-02-19 04:24 . 2012-09-13 04:15 134186 c:\windows\system32\perfc007.dat
- 2011-02-19 04:24 . 2012-09-01 05:15 134186 c:\windows\system32\perfc007.dat
- 2009-07-14 05:30 . 2012-08-15 17:38 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-13 04:08 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-15 17:38 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-09-13 04:08 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:31 . 2012-09-13 04:08 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2012-08-15 17:38 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:01 . 2012-09-12 17:13 287672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-11 06:10 287672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-09-13 04:13 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-15 17:44 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-10-26 06:23 . 2012-09-11 06:10 1381208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-26 06:23 . 2012-09-12 17:13 1381208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-04 16:37 . 2012-09-12 17:13 7722472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1842581241-129887913-23655209-1001-8192.dat
+ 2009-07-14 02:34 . 2012-09-13 04:08 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-08-15 17:39 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2012-02-04 16:37 . 2012-09-11 06:10 36081508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1842581241-129887913-23655209-1001-4096.dat
+ 2012-02-04 16:37 . 2012-09-11 17:11 36081508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1842581241-129887913-23655209-1001-4096.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-11 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-10-26 12862]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-2-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/26 14:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 44320]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 224488]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 39016]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 05:59]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 06:30]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 06:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ivq3iq1v.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-13 06:31:12
ComboFix-quarantined-files.txt 2012-09-13 04:31
ComboFix2.txt 2012-09-11 17:07
.
Vor Suchlauf: 18 Verzeichnis(se), 131.675.193.344 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 131.671.552.000 Bytes frei
.
- - End Of File - - 10DF6BD9D164013E2D6A7E3DF2E18333
|
|
13.09.2012, 16:00
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus Österreich Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 18:19
| #28 |
| | Polizei Virus Österreich Hallo! Hier sind die Logfiles: GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-13 19:01:28
Windows 6.1.7601 Service Pack 1
Running: lx8wudqt.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Windows\Temp\TMP000001B2A9FCE9B3FAFC77AD 0 bytes
File Q:\$RECYCLE.BIN 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-1842581241-129887913-23655209-1001 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-1842581241-129887913-23655209-1001\desktop.ini 129 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-1842581241-129887913-23655209-501 0 bytes
File Q:\FsPassengersX_setup.exe 88536024 bytes executable
File Q:\System Volume Information 0 bytes
File Q:\System Volume Information\tracking.log 20480 bytes
---- EOF - GMER 1.0.15 ----
Osam: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:08:58 on 13.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "ATKWMIACPI Driver" (ATKWMIACPIIO) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\SysWOW64\drivers\Afc.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmtdi.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll {0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files (x86)\Real\RealPlayer\rpshell.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\SysWow64\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} "TmBpIeBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll {1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} "{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" - ? - (File not found | COM-object registry key not found) [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "AsusVibeLauncher.lnk" - ? - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FancyStart daemon.lnk" - "ASUSTeK Computer Inc." - C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe (Shortcut exists | File exists) "TMMonitor.lnk" - "ArcSoft, Inc." - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe "Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "ASUSPRP" - "ASUSTek Computer Inc." - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ASUSWebStorage" - "ecareme" - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S "ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe "ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe "HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe "Nuance PDF Reader-reminder" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "RemoteControl10" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "SonicMasterTray" - "Virage Logic Corporation / Sonic Focus" - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "Wireless Console 3" - ? - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "CyberLink Product - 2011/10/26 14:14:17" (CLKMSVC10_38F51D56) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Intel(R) Turbo Boost Technology Monitor" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TiMiniService" (TiMiniService) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe "Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-13 19:09:54
-----------------------------
19:09:54.297 OS Version: Windows x64 6.1.7601 Service Pack 1
19:09:54.297 Number of processors: 8 586 0x2A07
19:09:54.297 ComputerName: MARTIN-PC UserName: Martin
19:09:54.983 Initialize success
19:09:55.015 AVAST engine defs: 12091300
19:10:10.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:10:10.755 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
19:10:11.051 Disk 0 MBR read successfully
19:10:11.051 Disk 0 MBR scan
19:10:11.067 Disk 0 Windows 7 default MBR code
19:10:11.067 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
19:10:11.083 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 244192 MB offset 52430848
19:10:11.098 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 340686 MB offset 552536064
19:10:11.129 Disk 0 scanning C:\Windows\system32\drivers
19:10:16.777 Service scanning
19:10:35.559 Modules scanning
19:10:35.575 Disk 0 trace - called modules:
19:10:35.606 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:10:36.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080dc790]
19:10:36.136 3 CLASSPNP.SYS[fffff88000db643f] -> nt!IofCallDriver -> [0xfffffa8007b3f710]
19:10:36.152 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007ea4050]
19:10:37.026 AVAST engine scan C:\Windows
19:10:39.849 AVAST engine scan C:\Windows\system32
19:12:14.510 AVAST engine scan C:\Windows\system32\drivers
19:12:21.546 AVAST engine scan C:\Users\Martin
19:16:00.726 AVAST engine scan C:\ProgramData
19:17:04.749 Scan finished successfully
19:17:38.554 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
19:17:38.554 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"
LG Barney |
|
14.09.2012, 11:16
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus Österreich Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2012, 07:03
| #30 |
| | Polizei Virus Österreich Hallo! Hier ist das Malewarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Martin :: MARTIN-PC [Administrator] 14.09.2012 18:59:54 mbam-log-2012-09-14 (18-59-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 595869 Laufzeit: 1 Stunde(n), 15 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und hier das Super AntiSpyware Log, hier gab es einige Meldungen über infizierte Software: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/15/2012 at 07:26 AM
Application Version : 5.5.1016
Core Rules Database Version : 9231
Trace Rules Database Version: 7043
Scan type : Complete Scan
Total Scan Time : 10:51:29
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 728
Memory threats detected : 0
Registry items scanned : 71614
Registry threats detected : 0
File items scanned : 358596
File threats detected : 24
Adware.Tracking Cookie
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\ZSCV8ZRX.txt [ /serving-sys.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\HCV0PX4X.txt [ /track.adform.net ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\K8YMD9R0.txt [ /c.atdmt.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\NOI2G3YC.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\M1RW11PP.txt [ /doubleclick.net ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\GOZLW6KH.txt [ /bs.serving-sys.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\WLBSICG8.txt [ /adfarm1.adition.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\LV5Z7KGK.txt [ /apmebf.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\BGN8RWO5.txt [ /adform.net ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\5WDR98NF.txt [ /atdmt.com ]
C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNMB7RD3.txt [ Cookie:gast@c.atdmt.com/ ]
C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\QENB8U2M.txt [ Cookie:gast@doubleclick.net/ ]
C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\31X62VFU.txt [ Cookie:gast@apmebf.com/ ]
C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\W10PECC2.txt [ Cookie:gast@a.revenuemax.de/ ]
C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\82M9CK9V.txt [ Cookie:gast@webmasterplan.com/ ]
C:\USERS\MARTIN\Cookies\HCV0PX4X.txt [ Cookie:martin@track.adform.net/ ]
C:\USERS\MARTIN\Cookies\K8YMD9R0.txt [ Cookie:martin@c.atdmt.com/ ]
C:\USERS\MARTIN\Cookies\M1RW11PP.txt [ Cookie:martin@doubleclick.net/ ]
C:\USERS\MARTIN\Cookies\GOZLW6KH.txt [ Cookie:martin@bs.serving-sys.com/ ]
C:\USERS\MARTIN\Cookies\LV5Z7KGK.txt [ Cookie:martin@apmebf.com/ ]
C:\USERS\MARTIN\Cookies\BGN8RWO5.txt [ Cookie:martin@adform.net/ ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\TGUZHVBM.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\EZMNY7OX.txt [ /adfarm1.adition.com ]
Trojan.Agent/Gen-FakeDrop
C:\EUROSCOPE\UNINSTAL.EXE
|
|
| Themen zu Polizei Virus Österreich |
| antivirus, audacity, bho, bingbar, converter, downloader, error, firefox, flash player, focus, format, google earth, home, homepage, iexplore.exe, install.exe, microsoft office starter 2010, mozilla, mp3, ntdll.dll, nvidia update, nvpciflt.sys, object, plug-in, popup, programm, realtek, registry, rundll, safer networking, scan, security, server, software, system, usb 2.0, usb 3.0, virus, wscript.exe |
Linear-Darstellung
