| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-Virus/TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.12.2012, 22:50
| #1 |
| |  Bundespolizei-Virus/Trojaner Hallo liebes Forum-Team, ich habe mich heute hier angemeldet, weil ich mir diesen Trojaner eingefangen habe, der den Rechner sperrt, bis man nicht ne gewisse Summe bezahlt. Ich könnte wirklich  . So ein fieses Ding!Ich habe meinen Rechner mit dem hier angegebenen Programm scannen lassen ( Malwarebytes Anti-Malware ) und habe die Dateien dann entfernt. Nun soll ich doch diesen Log-Code hier reinkopieren?! Dann mach ich das mal: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.02.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Besitzer :: BESITZER-PC [Administrator] 02.12.2012 18:43:32 mbam-log-2012-12-02 (18-43-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343382 Laufzeit: 3 Stunde(n), 52 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Besitzer\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{09703E72-ACEE-82F5-E5A1-999935D2E8D5} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Besitzer\AppData\Roaming\Paza\toru.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 49 C:\Users\Besitzer\AppData\Local\Temp\BiI+pObd.exe.part (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Besitzer\Desktop\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt. C:\Users\Besitzer\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Löschen bei Neustart. C:\Users\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI90D7JO\myfile[1].dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\ABMRES.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\AEFILTER.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\autoenh.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\clrtoclr.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Cpuinf32.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\frameeng.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\IS32Inst.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\MASKOP.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\MAXMIN.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\mScan.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Pngfio.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Tge.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Aps.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Aps32.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32cvt.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Fe.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32FeUI.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Hook.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\U32path.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Plug.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\U32print.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\U32R2V.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32sel.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32sn.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Tu.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32Tx.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\U32TXTUR.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\u32xView.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uGifLib.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uINet.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uipl.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uiplA6.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uiplM5.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uiplM6.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uiplP5.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uiplP6.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uiplPX.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uJpgLib.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uLzwLib.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Upbgen.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\uShadow.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\usseng.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\UssJpgEn.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\UTHMIO32.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
03.12.2012, 16:02
| #2 |
| /// Malware-holic   | Bundespolizei-Virus/Trojaner HI
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.12.2012, 20:51
| #3 |
| | Bundespolizei-Virus/Trojaner Guten Abend!
__________________Das ist der Inhalt von OTL.text Code:
ATTFilter OTL logfile created on: 03.12.2012 19:39:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 67,04% Memory free 5,71 Gb Paging File | 4,39 Gb Available in Paging File | 76,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 93,14 Gb Free Space | 62,49% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 94,18 Gb Free Space | 67,62% Space Free | Partition Type: NTFS Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\AAVUpdateManager\aavus.exe () PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\smartlogon.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe () PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\ATK Hotkey\WDC.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ATK Hotkey\HControlUser.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe () PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\79f3661da2402c72b0bba0de1e55f4d1\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3076.38423__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3076.38379__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3076.38436__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3076.38415__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3076.38401__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3076.38617__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3076.38580__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3076.38651__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3076.38657__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3076.38394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3076.38588__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3076.38594__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3076.38587__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3076.38544__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3076.38448__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3076.38402__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3076.38608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3076.38443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3076.38543__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3076.38573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3076.38536__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3076.38542__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3076.38572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3076.38372_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3076.38632_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3076.38641__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3076.38639__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3076.38669__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3076.38680__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3076.38387__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3076.38632__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3076.38408__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3076.38371__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3076.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3076.38640__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3076.38369__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3076.38370__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ASUS\ATK Media\DMedia.exe () MOD - C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll () MOD - C:\Program Files\ATKOSD2\ATKOSD2.exe () MOD - C:\Program Files\ATK Hotkey\HControlUser.exe () MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files\ATK Hotkey\MsgTran.dll () MOD - C:\Program Files\RocketDock\RocketDock.exe () MOD - C:\Program Files\RocketDock\RocketDock.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll () MOD - C:\Program Files\ASUS\ATK Media\GERSTRING.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (GDFwSvc) -- C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (AAV UpdateService) -- C:\Program Files\AAVUpdateManager\aavus.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11088.672 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 19:11:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.04 19:11:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 19:11:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.04 19:11:02 | 000,000,000 | ---D | M] [2010.02.25 11:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2012.10.24 19:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions [2010.06.30 19:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.05 14:48:53 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445} [2012.04.16 19:00:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012.07.15 10:28:40 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\2020Player_IKEA@2020Technologies.com [2012.09.16 13:10:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\ich@maltegoetz.de [2011.10.03 19:11:04 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\youtube2mp3@mondayx.de [2012.11.04 19:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.04 19:11:01 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012.11.04 19:11:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.27 19:59:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE () O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B18C7E67-2B2A-4180-A927-2EEE52EBF624}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe () MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: DriverScanner - hkey= - key= - C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 18:53:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2012.12.03 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{E34C3709-C383-4784-BAB9-2B3E1AD1626C} [2012.12.02 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2012.12.02 18:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.02 18:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.02 18:41:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.02 18:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.02 18:40:41 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Besitzer\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.02 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Kaspersky Rescue2Usb [2012.12.02 15:54:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{6F6197D5-3AC4-402C-927C-D41AAEFEB9A1} [2012.11.29 17:54:56 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{382CE634-AE8C-401B-ACE9-C15370457408} [2012.11.28 18:53:14 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{A9D7862E-97C7-49E0-8CB6-EF401E2DF823} [2012.11.27 18:08:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{F207BB1E-2B00-4783-8A77-F2EB7DFCED95} [2012.11.26 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{1C74149C-F667-4C98-81B0-D1898A405905} [2012.11.25 17:35:15 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{F6539F33-80AE-4090-BE77-B0B6C7234C7B} [2012.11.24 11:17:58 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{C9F5D7BE-5046-48D6-ABA1-CE644DF56E17} [2012.11.19 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{3B32DA78-C63E-4972-9E96-E6307C280AA3} [2012.11.18 10:17:24 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{E15C6738-CFE2-42F5-89BD-83377C492894} [2012.11.17 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{32450066-F672-4275-9C9E-1DA49112B70C} [2012.11.17 12:35:51 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{59E401DF-6E94-4734-B16C-0B79F0107648} [2012.11.16 18:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.11.16 18:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2012.11.16 18:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cain [2012.11.16 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{ECBA71CE-3B87-4370-BA18-0B9F42D52D25} [2012.11.14 20:29:53 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{923D2F3A-E000-4EA2-AB4B-3EFF55C74F72} [2012.11.13 22:05:01 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{628D663F-F9E0-42D1-830D-9C536A661291} [2012.11.11 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{EEAB1AAF-EE30-4103-9469-F79D559FD377} [2012.11.10 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{28C73098-6E3D-4C1D-95D4-19B4EF9EB4C4} [2012.11.04 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Skype [2012.11.04 19:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.04 19:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.11.04 19:36:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.11.04 19:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.11.04 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.04 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{021F79FB-D0AB-4C09-8C9B-0001256003EB} [2011.10.27 21:46:29 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeBA0D.dll [2010.03.01 21:02:51 | 000,167,936 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Prod.dll [2010.03.01 21:02:51 | 000,077,824 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\OLREG.EXE [2010.03.01 21:02:51 | 000,053,248 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\U32CFG.DLL [2010.03.01 21:02:49 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Program Files\INETWH32.DLL [2010.03.01 21:02:48 | 000,225,280 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Fido.dll [2010.03.01 21:02:48 | 000,225,280 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Base.dll [2010.03.01 21:02:48 | 000,163,840 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Afm.dll [2010.03.01 21:02:48 | 000,110,592 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32File.dll [2010.03.01 21:02:48 | 000,110,592 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Clips.dll [2010.03.01 21:02:48 | 000,098,304 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Comm.dll [2010.03.01 21:02:48 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Brows.dll [2010.03.01 21:02:47 | 000,102,400 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uRender.dll [2010.03.01 21:02:47 | 000,057,344 | ---- | C] (Ulead Systems) -- C:\Program Files\u32Scan.dll [2010.03.01 21:02:46 | 000,098,304 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\UL3DUI32.DLL [2010.03.01 21:02:46 | 000,073,728 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\PopView.dll [2010.03.01 21:02:46 | 000,065,536 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uvofn.dll [2010.03.01 21:02:46 | 000,061,440 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\HTMLAST.EXE [2010.03.01 21:02:46 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\USSGifsa.dll [2010.03.01 20:59:41 | 001,351,680 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ALBUM.EXE [2010.03.01 20:59:41 | 000,036,864 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ABMTSR.EXE [2010.03.01 20:58:36 | 003,170,304 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Iedit.exe ========== Files - Modified Within 30 Days ========== [2012.12.03 18:53:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2012.12.03 18:48:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 18:48:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 18:48:20 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.12.03 18:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 18:47:41 | 2951,897,088 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 22:53:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.12.02 18:41:42 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.02 18:40:51 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Besitzer\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.02 18:36:15 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.12.02 17:58:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.02 17:58:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.02 17:58:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.02 17:58:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.02 17:54:22 | 210,292,736 | ---- | M] () -- C:\Users\Besitzer\Desktop\KWU_1.0.3.upd.iso [2012.12.02 17:53:55 | 000,387,584 | ---- | M] () -- C:\Users\Besitzer\Desktop\rescue2usb.exe [2012.11.25 17:35:33 | 000,000,680 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2012.11.17 13:13:00 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 18:21:00 | 007,992,528 | ---- | M] () -- C:\Users\Besitzer\Desktop\ca_setup.exe [2012.11.04 19:36:54 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.12.02 18:41:42 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.02 17:53:52 | 000,387,584 | ---- | C] () -- C:\Users\Besitzer\Desktop\rescue2usb.exe [2012.12.02 17:52:55 | 210,292,736 | ---- | C] () -- C:\Users\Besitzer\Desktop\KWU_1.0.3.upd.iso [2012.11.29 21:05:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.11.16 18:20:46 | 007,992,528 | ---- | C] () -- C:\Users\Besitzer\Desktop\ca_setup.exe [2012.11.04 19:36:54 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.07.17 21:38:25 | 000,838,935 | ---- | C] () -- C:\Windows\System32\sig.bin [2010.11.19 09:33:35 | 000,004,096 | -H-- | C] () -- C:\Users\Besitzer\AppData\Local\keyfile3.drm [2010.06.12 17:08:29 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2010.03.01 21:23:26 | 000,017,376 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\internal.grp [2010.03.01 21:04:06 | 000,004,354 | -H-- | C] () -- C:\Program Files\U32FILE.CFG [2010.03.01 21:02:55 | 000,027,718 | ---- | C] () -- C:\Program Files\PI5 ReadMe.wri [2010.03.01 21:02:49 | 000,545,088 | R--- | C] () -- C:\Program Files\STYLE.PST [2010.03.01 21:02:49 | 000,172,032 | ---- | C] () -- C:\Program Files\wcsPage.dll [2010.03.01 21:02:49 | 000,163,840 | ---- | C] () -- C:\Program Files\wcs.exe [2010.03.01 21:02:49 | 000,077,824 | ---- | C] () -- C:\Program Files\wWebComp.dll [2010.03.01 21:02:49 | 000,057,344 | ---- | C] () -- C:\Program Files\wJavaCom.dll [2010.03.01 21:02:49 | 000,057,344 | ---- | C] () -- C:\Program Files\wButnCom.dll [2010.03.01 21:02:49 | 000,053,248 | ---- | C] () -- C:\Program Files\wBBarCom.dll [2010.03.01 21:02:49 | 000,040,960 | ---- | C] () -- C:\Program Files\wImgFile.dll [2010.03.01 21:02:49 | 000,040,960 | ---- | C] () -- C:\Program Files\wcsTL.dll [2010.03.01 21:02:49 | 000,036,864 | ---- | C] () -- C:\Program Files\wpe.dll [2010.03.01 21:02:49 | 000,023,644 | ---- | C] () -- C:\Program Files\U16APS.DLL [2010.03.01 21:02:49 | 000,009,136 | ---- | C] () -- C:\Program Files\INETWH16.DLL [2010.03.01 21:02:49 | 000,006,144 | ---- | C] () -- C:\Program Files\UTHMIO16.DLL [2010.03.01 21:02:49 | 000,003,966 | ---- | C] () -- C:\Program Files\In3d.ani [2010.03.01 21:02:49 | 000,003,507 | ---- | C] () -- C:\Program Files\IEDEFORM.DAT [2010.03.01 21:02:49 | 000,003,188 | ---- | C] () -- C:\Program Files\Out3D.ani [2010.03.01 21:02:48 | 000,032,768 | ---- | C] () -- C:\Program Files\u32Misc.dll [2010.03.01 21:02:48 | 000,003,766 | ---- | C] () -- C:\Program Files\iearrowhead.dat [2010.03.01 21:02:47 | 000,147,456 | ---- | C] () -- C:\Program Files\UpiCtrl.dll [2010.03.01 21:02:47 | 000,065,536 | ---- | C] () -- C:\Program Files\ScPost.dll [2010.03.01 21:02:47 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCPNTBP.dll [2010.03.01 21:02:47 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCCOMM.dll [2010.03.01 21:02:47 | 000,045,056 | ---- | C] () -- C:\Program Files\SCap.dll [2010.03.01 21:02:47 | 000,040,960 | ---- | C] () -- C:\Program Files\UFCPNMGR.dll [2010.03.01 21:02:47 | 000,036,864 | ---- | C] () -- C:\Program Files\UFCCOLOR.dll [2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCSTATU.dll [2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCCNBTN.dll [2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCBUF.dll [2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\scanres.dll [2010.03.01 21:02:47 | 000,028,672 | ---- | C] () -- C:\Program Files\ucimg.dll [2010.03.01 21:02:47 | 000,024,576 | ---- | C] () -- C:\Program Files\UFCDLGBR.dll [2010.03.01 21:02:46 | 000,200,704 | ---- | C] () -- C:\Program Files\ss3base.dll [2010.03.01 21:02:46 | 000,159,744 | ---- | C] () -- C:\Program Files\UFCPNTBS.dll [2010.03.01 21:02:46 | 000,040,960 | ---- | C] () -- C:\Program Files\u32lfile.dll [2010.03.01 21:02:46 | 000,032,768 | ---- | C] () -- C:\Program Files\uwUpdate.dll [2010.03.01 21:02:46 | 000,028,672 | ---- | C] () -- C:\Program Files\callview.exe [2010.03.01 21:02:46 | 000,024,576 | ---- | C] () -- C:\Program Files\wcsRWUFO.dll [2010.03.01 21:02:45 | 000,004,528 | ---- | C] () -- C:\Program Files\SETBROWS.EXE [2010.03.01 20:58:37 | 000,503,808 | ---- | C] () -- C:\Program Files\IERC.DLL [2010.03.01 20:58:29 | 000,673,199 | ---- | C] () -- C:\Program Files\Uninst.isu [2010.02.25 23:28:32 | 000,032,768 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.12.10 21:55:46 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Bekup [2012.03.11 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\elsterformular [2011.10.27 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\MyPhoneExplorer [2011.10.27 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenCandy [2010.12.10 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Paza [2011.04.04 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sync App Settings [2011.02.25 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ulead Systems [2011.10.27 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue [2012.04.09 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\XLMSoft ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.24 10:36:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.08.12 15:57:28 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2010.02.24 11:21:22 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.17 20:33:11 | 000,000,000 | ---D | M] -- C:\Download [2010.08.24 15:17:57 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.09.02 19:29:54 | 000,000,000 | -HSD | M] -- C:\found.001 [2010.12.05 19:59:05 | 000,000,000 | -HSD | M] -- C:\found.002 [2010.12.19 22:00:38 | 000,000,000 | -HSD | M] -- C:\found.003 [2008.08.12 12:05:36 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.02.25 18:45:28 | 000,000,000 | ---D | M] -- C:\PIX3_GER [2012.12.02 22:39:08 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.02 22:39:50 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.03 19:46:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.08.12 15:32:37 | 000,000,000 | ---D | M] -- C:\temp [2010.02.24 10:29:34 | 000,000,000 | R--D | M] -- C:\Users [2012.11.16 18:23:37 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [1999.08.18 11:44:22 | 000,036,864 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\ABMTSR.EXE [1999.09.22 11:03:42 | 001,351,680 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\ALBUM.EXE [1999.08.18 12:01:12 | 000,028,672 | ---- | M] () -- C:\Program Files\callview.exe [1999.09.15 15:50:18 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\HTMLAST.EXE [1999.09.22 12:02:20 | 003,170,304 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Iedit.exe [1999.08.03 13:57:46 | 000,077,824 | ---- | M] (Ulead Systems, Inc) -- C:\Program Files\OLREG.EXE [1996.08.28 06:48:46 | 000,004,528 | ---- | M] () -- C:\Program Files\SETBROWS.EXE [1999.08.18 15:37:50 | 000,163,840 | ---- | M] () -- C:\Program Files\wcs.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.10 23:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.27 21:32:02 | 000,000,334 | ---- | C] () -- C:\Windows\Tasks\DriverScanner.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.06.04 04:21:19 | 000,413,696 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll < %USERPROFILE%\*.* > [2012.12.03 19:39:27 | 002,359,296 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT [2012.12.03 19:39:27 | 000,262,144 | -H-- | M] () -- C:\Users\Besitzer\ntuser.dat.LOG1 [2010.02.24 10:29:35 | 000,000,000 | -H-- | M] () -- C:\Users\Besitzer\ntuser.dat.LOG2 [2012.12.02 23:18:25 | 000,065,536 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.12.02 23:18:25 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.02.24 10:59:18 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.02.24 10:29:36 | 000,000,020 | -HS- | M] () -- C:\Users\Besitzer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 19:39:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 67,04% Memory free
5,71 Gb Paging File | 4,39 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 93,14 Gb Free Space | 62,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 94,18 Gb Free Space | 67,62% Space Free | Partition Type: NTFS
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {B18C7E67-2B2A-4180-A927-2EEE52EBF624}
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{206CF0D4-4C69-426B-B738-E6ECD66B4C90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2ECBFF5B-AAA8-4E7F-B53D-58ABBA6B8F96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8E556792-F7DD-4986-83DD-F96A6E55592F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F91852BB-200E-4D29-AC06-B0C55B99A88D}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386B83A0-9B1E-45DC-B868-129A02B7E892}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6E86E32A-14A4-4780-938A-845703DF8FA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7CF60E94-5636-4E14-8BE3-0288993EFCFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01C0AAB0-61A8-0E74-86C3-2155449E3B25}" = CCC Help English
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{042735EA-E4A4-0C5C-06C1-C60B3A5BAABD}" = Catalyst Control Center Localization Chinese Standard
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0746F744-5C03-0686-7B8F-7D19B0D4AF8C}" = Catalyst Control Center Localization Thai
"{09001F1A-0B74-0589-2766-D3EACC8B33B1}" = Catalyst Control Center Localization Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1204A4B6-C995-D11F-6730-9A8C1546DCA7}" = Catalyst Control Center Localization Swedish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15A034FD-503D-36B0-AA10-B6B8B3E3336B}" = Catalyst Control Center Localization Polish
"{185F0B83-ECE1-5E19-3124-533AA2837E2E}" = Catalyst Control Center Localization Hungarian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}" = Steuer-Sparer 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25DC962F-067C-50E8-7F95-1B0183B18CB7}" = Catalyst Control Center Localization Czech
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27F3E373-93BF-441E-826B-98C33DF309B5}" = AMD USB Audio Driver Filter
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{302033BC-A3A3-87C8-4589-BAD43399177A}" = CCC Help Danish
"{34186664-31AA-0AB1-0058-75EF3ED7F421}" = Catalyst Control Center Localization Finnish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37F846DB-AD84-F4D2-5291-1F59AA721A32}" = ccc-utility
"{38D3A025-CBB0-45A3-CF02-7278DF751DC3}" = ccc-core-static
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3933DDBD-4116-3619-8BCE-A16AA10BA819}" = Catalyst Control Center Graphics Full New
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415EB713-1940-D93B-69E3-002079D027C8}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9AD108-1767-B6F3-2B69-5374AECBF0CE}" = CCC Help Hungarian
"{52619A49-6701-96C0-4D72-7E22D751D01D}" = Skins
"{53D4AE93-BC90-9C4F-5C4F-8FB156742018}" = Catalyst Control Center Localization Greek
"{54932BFD-5D20-876C-78B9-75F0FBBE9F16}" = CCC Help Czech
"{54BB6CC4-CF28-649A-E70D-4B4E5556F19F}" = CCC Help Polish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{58E708F3-8A7D-94F2-A7B2-3D3101BCDD61}" = CCC Help French
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C3588B7-36D1-B024-5015-CAE12B381FDA}" = Catalyst Control Center Localization French
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E5210A0-A73D-4F8D-471B-D13CF8E7BA69}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B52A71-CE53-4EB3-2BBA-CBFA151A11FF}" = CCC Help Japanese
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{67A7D0D8-4853-6024-A9B5-692D3B933840}" = Catalyst Control Center Localization Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737C34C7-D989-86F4-B690-AFCA1277E263}" = CCC Help Russian
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79545CD7-9402-068B-4B8C-0280A24670D5}" = CCC Help Finnish
"{798E43F8-C359-A8E7-C57C-F9B552976A30}" = Catalyst Control Center Localization Russian
"{7CF6AD33-12A4-6F7E-C4F5-40A998D1430E}" = Catalyst Control Center Localization Korean
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.7.0
"{82BC1BC7-8CA3-7391-0A09-FF660A103FB6}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8448D435-7543-411F-A0CC-7AA40D815E8F}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981CC000-690F-D82F-CC71-399B01887C01}" = Catalyst Control Center Graphics Full Existing
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A473F2F2-A42F-65DB-E41D-742877FED1D6}" = ATI Catalyst Install Manager
"{A5EA3702-BDD2-6BFA-2E2E-A84D670E5967}" = CCC Help Italian
"{A91316CE-9ADE-FBD2-E35A-CC4F3D85DE8A}" = Catalyst Control Center Localization Danish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA161C2A-82CC-CF2C-140B-DDC0891F5C5C}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{BB67FE57-CAE4-4013-A0E2-42FFA8F406D1}_is1" = Symbian SMS Manager (Test)
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BED73C02-5A45-6E68-F2C0-BEBA766D17D7}" = CCC Help Thai
"{C0129400-CBF2-3FEF-4CC0-0627A18D0C35}" = CCC Help Chinese Standard
"{C01A0960-C988-B8FD-F3A1-4C09DD8C52BE}" = Catalyst Control Center Localization Japanese
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CDA591C3-01C2-79CF-8AA7-E84AF35A2993}" = CCC Help Dutch
"{CE16F42C-1D4B-5F71-BEC6-A47BE9E49163}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2CF122C-52FB-070C-B970-67D078F96CBD}" = Catalyst Control Center Localization German
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D696B8A1-5293-78CA-AA70-E0F55889818C}" = CCC Help Korean
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEFE394E-DD0A-9C22-D186-9FD336F7F676}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E158ABAD-0978-BDD1-02CD-20B479FCECA8}" = Catalyst Control Center Localization Norwegian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9A63121-373F-2776-C249-6BB4450CDAF1}" = Catalyst Control Center Localization Portuguese
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EEF3EE91-1031-808E-BEAD-B580359CD1F6}" = Catalyst Control Center Graphics Light
"{F011218A-519F-C6B5-A115-87CE7F229C60}" = Catalyst Control Center Graphics Previews Vista
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2956220-816B-52C8-4C20-AD11CDAF1818}" = Catalyst Control Center Localization Spanish
"{F4A08B70-E901-6634-C2AB-B00957BBF829}" = Catalyst Control Center Localization Turkish
"{F4CBAB7B-E2BE-0364-3DC6-20770C3F411B}" = CCC Help German
"{F530F970-8DEB-A422-2B49-4BBD3CEA2A72}" = CCC Help Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F784910A-43D4-A7DB-ACE6-CA909C298671}" = CCC Help Turkish
"{F887F9CA-FB5C-6428-6972-2C2D971F6ED0}" = Catalyst Control Center Core Implementation
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE828082-ADFE-FAAF-A4C7-A67BA898C271}" = CCC Help Norwegian
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allway Sync_is1" = Allway Sync version 11.2.2
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GoldWave v5.25" = GoldWave v5.25
"Image Doctor 2 Demo" = Alien Skin Image Doctor 2 Demo
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IsoBuster_is1" = IsoBuster 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"RocketDock_is1" = RocketDock 1.3.5
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead PhotoImpact 5.0" = Ulead PhotoImpact 5
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Xenofex2Demo" = Alien Skin Xenofex 2 Demo
"xp-AntiSpy" = xp-AntiSpy 3.97-9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.09.2012 17:11:01 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 30.09.2012 16:15:46 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 02.10.2012 15:16:02 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 04.10.2012 13:24:55 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 08.10.2012 13:51:03 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.10.2012 14:51:45 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 16.10.2012 12:30:58 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 22.10.2012 13:32:40 | Computer Name = Besitzer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.11.2012 08:19:20 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
Error - 04.11.2012 18:01:13 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 29.11.2012 15:48:27 | Computer Name = Besitzer-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet
NIC (NDIS 6.0)" (PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\4&1197300&0&0028)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 02.12.2012 10:56:35 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 02.12.2012 13:07:54 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 02.12.2012 13:14:05 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description =
Error - 02.12.2012 13:19:39 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description =
Error - 02.12.2012 13:20:02 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description =
Error - 02.12.2012 13:20:23 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description =
Error - 02.12.2012 13:26:48 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 02.12.2012 17:57:04 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 03.12.2012 13:50:56 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
04.12.2012, 16:48
| #4 |
| /// Malware-holic | Bundespolizei-Virus/Trojaner hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 19:20
| #5 |
| | Bundespolizei-Virus/Trojaner Hallöchen, das Pogramm hat 5 Threads gefunden. Hier ist das Protocol - das ist sicher das gleiche wie so ein Log Code:
ATTFilter 19:12:50.0184 6320 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:12:52.0212 6320 ============================================================
19:12:52.0212 6320 Current date / time: 2012/12/04 19:12:52.0212
19:12:52.0212 6320 SystemInfo:
19:12:52.0212 6320
19:12:52.0212 6320 OS Version: 6.0.6002 ServicePack: 2.0
19:12:52.0212 6320 Product type: Workstation
19:12:52.0212 6320 ComputerName: BESITZER-PC
19:12:52.0212 6320 UserName: Besitzer
19:12:52.0212 6320 Windows directory: C:\Windows
19:12:52.0212 6320 System windows directory: C:\Windows
19:12:52.0212 6320 Processor architecture: Intel x86
19:12:52.0212 6320 Number of processors: 2
19:12:52.0212 6320 Page size: 0x1000
19:12:52.0212 6320 Boot type: Normal boot
19:12:52.0212 6320 ============================================================
19:12:54.0162 6320 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
19:12:54.0162 6320 ============================================================
19:12:54.0162 6320 \Device\Harddisk0\DR0:
19:12:54.0162 6320 MBR partitions:
19:12:54.0162 6320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12A17000
19:12:54.0178 6320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13DA0000, BlocksNum 0x1168E000
19:12:54.0178 6320 ============================================================
19:12:54.0225 6320 C: <-> \Device\Harddisk0\DR0\Partition1
19:12:54.0287 6320 D: <-> \Device\Harddisk0\DR0\Partition2
19:12:54.0287 6320 ============================================================
19:12:54.0287 6320 Initialize success
19:12:54.0287 6320 ============================================================
19:13:38.0622 2956 ============================================================
19:13:38.0622 2956 Scan started
19:13:38.0622 2956 Mode: Manual; SigCheck; TDLFS;
19:13:38.0622 2956 ============================================================
19:13:39.0668 2956 ================ Scan system memory ========================
19:13:39.0668 2956 System memory - ok
19:13:39.0668 2956 ================ Scan services =============================
19:13:39.0839 2956 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\AAVUpdateManager\aavus.exe
19:13:40.0136 2956 AAV UpdateService - ok
19:13:40.0432 2956 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:13:40.0510 2956 ACPI - ok
19:13:40.0572 2956 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:13:40.0650 2956 adp94xx - ok
19:13:40.0713 2956 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:13:40.0775 2956 adpahci - ok
19:13:40.0806 2956 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:13:40.0838 2956 adpu160m - ok
19:13:40.0853 2956 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:13:40.0916 2956 adpu320 - ok
19:13:40.0994 2956 [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:13:41.0056 2956 ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:13:41.0056 2956 ADSMService - detected UnsignedFile.Multi.Generic (1)
19:13:41.0087 2956 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:13:41.0274 2956 AeLookupSvc - ok
19:13:41.0337 2956 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:13:41.0477 2956 AFD - ok
19:13:41.0555 2956 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:13:41.0602 2956 agp440 - ok
19:13:41.0664 2956 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:13:41.0758 2956 aic78xx - ok
19:13:41.0805 2956 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:13:42.0039 2956 ALG - ok
19:13:42.0054 2956 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:13:42.0101 2956 aliide - ok
19:13:42.0132 2956 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:13:42.0164 2956 amdagp - ok
19:13:42.0210 2956 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:13:42.0242 2956 amdide - ok
19:13:42.0273 2956 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:13:42.0382 2956 AmdK7 - ok
19:13:42.0429 2956 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:13:42.0538 2956 AmdK8 - ok
19:13:42.0616 2956 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:13:42.0694 2956 Appinfo - ok
19:13:42.0756 2956 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:13:42.0788 2956 arc - ok
19:13:42.0850 2956 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:13:42.0912 2956 arcsas - ok
19:13:42.0959 2956 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
19:13:47.0249 2956 AsDsm - ok
19:13:47.0312 2956 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
19:13:47.0390 2956 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0390 2956 ASLDRService - detected UnsignedFile.Multi.Generic (1)
19:13:47.0468 2956 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
19:13:47.0499 2956 ASMMAP - ok
19:13:47.0546 2956 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:47.0624 2956 AsyncMac - ok
19:13:47.0670 2956 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:13:47.0702 2956 atapi - ok
19:13:47.0795 2956 [ 44362605F5FFF00C9B7696B47680A8C5 ] athr C:\Windows\system32\DRIVERS\athr.sys
19:13:47.0967 2956 athr - ok
19:13:48.0045 2956 [ 14872220A3642D653E32B2B5480C5928 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:13:48.0201 2956 Ati External Event Utility - ok
19:13:48.0357 2956 [ 5A1E51FF7BA5F23AA4585B25AC0E484D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:48.0716 2956 atikmdag - ok
19:13:48.0747 2956 [ 7A09F261577EEAA5B05EB09DFE31FD0E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:48.0778 2956 AtiPcie - ok
19:13:48.0794 2956 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:13:48.0840 2956 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0840 2956 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:13:48.0918 2956 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:13:49.0012 2956 AudioEndpointBuilder - ok
19:13:49.0043 2956 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:13:49.0106 2956 Audiosrv - ok
19:13:49.0293 2956 [ 855173EFDEAC37BE14527F473CED8F75 ] AVKProxy C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
19:13:49.0464 2956 AVKProxy - ok
19:13:49.0574 2956 [ 1EC1623D18F51D2DAB1090155456AB3D ] AVKService C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
19:13:49.0636 2956 AVKService - ok
19:13:49.0636 2956 Scan interrupted by user!
19:13:49.0636 2956 ================ Scan global ===============================
19:13:49.0636 2956 Scan interrupted by user!
19:13:49.0636 2956 ================ Scan MBR ==================================
19:13:49.0636 2956 Scan interrupted by user!
19:13:49.0636 2956 ================ Scan VBR ==================================
19:13:49.0636 2956 Scan interrupted by user!
19:13:49.0636 2956 ============================================================
19:13:49.0636 2956 Scan finished
19:13:49.0636 2956 ============================================================
19:13:49.0667 3596 Detected object count: 3
19:13:49.0667 3596 Actual detected object count: 3
19:14:02.0366 3596 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:02.0366 3596 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:02.0381 3596 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:02.0381 3596 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:02.0381 3596 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:02.0381 3596 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:07.0872 5656 ============================================================
19:14:07.0872 5656 Scan started
19:14:07.0872 5656 Mode: Manual; SigCheck; TDLFS;
19:14:07.0872 5656 ============================================================
19:14:08.0262 5656 ================ Scan system memory ========================
19:14:08.0262 5656 System memory - ok
19:14:08.0262 5656 ================ Scan services =============================
19:14:08.0403 5656 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\AAVUpdateManager\aavus.exe
19:14:08.0450 5656 AAV UpdateService - ok
19:14:08.0652 5656 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:14:08.0715 5656 ACPI - ok
19:14:08.0762 5656 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:14:08.0824 5656 adp94xx - ok
19:14:08.0855 5656 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:14:08.0902 5656 adpahci - ok
19:14:08.0949 5656 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:14:08.0980 5656 adpu160m - ok
19:14:09.0011 5656 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:14:09.0042 5656 adpu320 - ok
19:14:09.0120 5656 [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:14:09.0136 5656 ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:14:09.0136 5656 ADSMService - detected UnsignedFile.Multi.Generic (1)
19:14:09.0167 5656 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:14:09.0230 5656 AeLookupSvc - ok
19:14:09.0276 5656 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:14:09.0323 5656 AFD - ok
19:14:09.0339 5656 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:14:09.0370 5656 agp440 - ok
19:14:09.0432 5656 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:14:09.0479 5656 aic78xx - ok
19:14:09.0510 5656 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:14:09.0573 5656 ALG - ok
19:14:09.0604 5656 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:14:09.0635 5656 aliide - ok
19:14:09.0666 5656 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:14:09.0698 5656 amdagp - ok
19:14:09.0744 5656 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:14:09.0776 5656 amdide - ok
19:14:09.0807 5656 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:14:09.0869 5656 AmdK7 - ok
19:14:09.0916 5656 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:14:09.0978 5656 AmdK8 - ok
19:14:10.0025 5656 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:14:10.0056 5656 Appinfo - ok
19:14:10.0088 5656 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:14:10.0119 5656 arc - ok
19:14:10.0166 5656 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:14:10.0197 5656 arcsas - ok
19:14:10.0244 5656 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
19:14:10.0275 5656 AsDsm - ok
19:14:10.0322 5656 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
19:14:10.0337 5656 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
19:14:10.0337 5656 ASLDRService - detected UnsignedFile.Multi.Generic (1)
19:14:10.0384 5656 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
19:14:10.0400 5656 ASMMAP - ok
19:14:10.0446 5656 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:10.0509 5656 AsyncMac - ok
19:14:10.0556 5656 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:14:10.0587 5656 atapi - ok
19:14:10.0649 5656 [ 44362605F5FFF00C9B7696B47680A8C5 ] athr C:\Windows\system32\DRIVERS\athr.sys
19:14:10.0743 5656 athr - ok
19:14:10.0805 5656 [ 14872220A3642D653E32B2B5480C5928 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:14:10.0883 5656 Ati External Event Utility - ok
19:14:11.0055 5656 [ 5A1E51FF7BA5F23AA4585B25AC0E484D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:11.0289 5656 atikmdag - ok
19:14:11.0336 5656 [ 7A09F261577EEAA5B05EB09DFE31FD0E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:14:11.0367 5656 AtiPcie - ok
19:14:11.0398 5656 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:14:11.0414 5656 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:14:11.0414 5656 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:14:11.0460 5656 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:14:11.0523 5656 AudioEndpointBuilder - ok
19:14:11.0570 5656 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:14:11.0632 5656 Audiosrv - ok
19:14:11.0788 5656 [ 855173EFDEAC37BE14527F473CED8F75 ] AVKProxy C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
19:14:11.0913 5656 AVKProxy - ok
19:14:11.0991 5656 [ 1EC1623D18F51D2DAB1090155456AB3D ] AVKService C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
19:14:12.0038 5656 AVKService - ok
19:14:12.0147 5656 [ 584E5774B997F362BA2DB4624DC42899 ] AVKWCtl C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
19:14:12.0287 5656 AVKWCtl - ok
19:14:12.0396 5656 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:14:12.0474 5656 Beep - ok
19:14:12.0552 5656 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:14:12.0646 5656 BFE - ok
19:14:12.0724 5656 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:14:12.0989 5656 BITS - ok
19:14:13.0036 5656 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:14:13.0130 5656 blbdrive - ok
19:14:13.0176 5656 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:14:13.0254 5656 bowser - ok
19:14:13.0317 5656 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:14:13.0395 5656 BrFiltLo - ok
19:14:13.0426 5656 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:14:13.0504 5656 BrFiltUp - ok
19:14:13.0551 5656 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:14:13.0629 5656 Browser - ok
19:14:13.0676 5656 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:14:13.0941 5656 Brserid - ok
19:14:13.0972 5656 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:14:14.0081 5656 BrSerWdm - ok
19:14:14.0112 5656 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:14:14.0253 5656 BrUsbMdm - ok
19:14:14.0268 5656 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:14:14.0393 5656 BrUsbSer - ok
19:14:14.0456 5656 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:14:14.0580 5656 BTHMODEM - ok
19:14:14.0721 5656 [ 09CB316DB9D61ED9FC9A7B07A1A301F6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:14:14.0799 5656 btwdins - ok
19:14:14.0846 5656 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:14:14.0939 5656 cdfs - ok
19:14:15.0002 5656 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:14:15.0080 5656 cdrom - ok
19:14:15.0142 5656 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:14:15.0329 5656 CertPropSvc - ok
19:14:15.0360 5656 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:14:15.0454 5656 circlass - ok
19:14:15.0485 5656 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:14:15.0579 5656 CLFS - ok
19:14:15.0688 5656 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:15.0813 5656 clr_optimization_v2.0.50727_32 - ok
19:14:16.0031 5656 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:16.0172 5656 clr_optimization_v4.0.30319_32 - ok
19:14:16.0250 5656 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:14:16.0343 5656 CmBatt - ok
19:14:16.0390 5656 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:14:16.0421 5656 cmdide - ok
19:14:16.0546 5656 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:14:16.0593 5656 Compbatt - ok
19:14:16.0671 5656 COMSysApp - ok
19:14:16.0718 5656 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:14:16.0749 5656 crcdisk - ok
19:14:16.0811 5656 [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys
19:14:16.0905 5656 CRFILTER - ok
19:14:16.0936 5656 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:14:17.0030 5656 Crusoe - ok
19:14:17.0139 5656 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:14:17.0248 5656 CryptSvc - ok
19:14:17.0342 5656 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:14:17.0654 5656 DcomLaunch - ok
19:14:17.0685 5656 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:14:17.0747 5656 DfsC - ok
19:14:17.0888 5656 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:14:18.0184 5656 DFSR - ok
19:14:18.0324 5656 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:14:18.0449 5656 Dhcp - ok
19:14:18.0527 5656 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:14:18.0574 5656 disk - ok
19:14:18.0652 5656 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:14:18.0761 5656 Dnscache - ok
19:14:18.0824 5656 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:14:18.0933 5656 dot3svc - ok
19:14:18.0995 5656 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:14:19.0151 5656 DPS - ok
19:14:19.0229 5656 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:14:19.0292 5656 drmkaud - ok
19:14:19.0401 5656 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:14:19.0572 5656 DXGKrnl - ok
19:14:19.0682 5656 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:14:19.0775 5656 E1G60 - ok
19:14:19.0853 5656 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:14:19.0978 5656 EapHost - ok
19:14:20.0103 5656 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:14:20.0150 5656 Ecache - ok
19:14:20.0243 5656 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:14:20.0368 5656 ehRecvr - ok
19:14:20.0399 5656 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:14:20.0540 5656 ehSched - ok
19:14:20.0571 5656 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:14:20.0602 5656 ehstart - ok
19:14:20.0696 5656 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:14:20.0805 5656 elxstor - ok
19:14:20.0883 5656 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:14:21.0101 5656 EMDMgmt - ok
19:14:21.0132 5656 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:14:21.0226 5656 ErrDev - ok
19:14:21.0288 5656 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:14:21.0444 5656 EventSystem - ok
19:14:21.0522 5656 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:14:21.0616 5656 exfat - ok
19:14:21.0663 5656 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:14:21.0741 5656 fastfat - ok
19:14:21.0803 5656 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:14:21.0881 5656 fdc - ok
19:14:21.0928 5656 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:14:22.0068 5656 fdPHost - ok
19:14:22.0115 5656 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:14:22.0287 5656 FDResPub - ok
19:14:22.0349 5656 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:14:22.0505 5656 FileInfo - ok
19:14:22.0552 5656 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:14:22.0646 5656 Filetrace - ok
19:14:22.0677 5656 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:14:22.0786 5656 flpydisk - ok
19:14:22.0817 5656 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:14:22.0864 5656 FltMgr - ok
19:14:23.0020 5656 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:14:23.0223 5656 FontCache - ok
19:14:23.0316 5656 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:14:23.0379 5656 FontCache3.0.0.0 - ok
19:14:23.0488 5656 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:14:23.0550 5656 Fs_Rec - ok
19:14:23.0628 5656 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:14:23.0691 5656 gagp30kx - ok
19:14:23.0753 5656 [ 68BE63BE7F9C96059E39660C657C9364 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
19:14:23.0862 5656 GDBehave - ok
19:14:23.0972 5656 [ FC08F64E60E09430A9213267EE2B7123 ] GDFwSvc C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
19:14:24.0159 5656 GDFwSvc - ok
19:14:24.0268 5656 [ AA7C179522BA2913054F6E1E217511C2 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
19:14:24.0315 5656 GDMnIcpt - ok
19:14:24.0377 5656 [ 4170EB2A2ACCA7AC7A525399E781D40E ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
19:14:24.0424 5656 GDPkIcpt - ok
19:14:24.0455 5656 [ 4E39778E0E3A90D4BB90D607578BB6BD ] GDScan C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
19:14:24.0518 5656 GDScan - ok
19:14:24.0549 5656 [ C334BFE7D1F081B0FCCF35B0868701E7 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
19:14:24.0596 5656 gdwfpcd - ok
19:14:24.0658 5656 [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
19:14:24.0689 5656 GearAspiWDM - ok
19:14:24.0752 5656 [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
19:14:24.0783 5656 ghaio - ok
19:14:24.0876 5656 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:14:25.0048 5656 gpsvc - ok
19:14:25.0126 5656 [ 8EB5731238C4A4007FFB63A0BB1BC7DA ] GRD C:\Windows\system32\drivers\GRD.sys
19:14:25.0157 5656 GRD - ok
19:14:25.0235 5656 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:14:25.0391 5656 HdAudAddService - ok
19:14:25.0469 5656 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:14:25.0610 5656 HDAudBus - ok
19:14:25.0625 5656 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:14:25.0750 5656 HidBth - ok
19:14:25.0797 5656 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:14:25.0922 5656 HidIr - ok
19:14:25.0984 5656 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:14:26.0109 5656 hidserv - ok
19:14:26.0140 5656 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:14:26.0202 5656 HidUsb - ok
19:14:26.0234 5656 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:14:26.0421 5656 hkmsvc - ok
19:14:26.0468 5656 [ 2AE66B3C0B9000918C97A14EB5D6D6EF ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
19:14:26.0499 5656 HookCentre - ok
19:14:26.0546 5656 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:14:26.0592 5656 HpCISSs - ok
19:14:26.0655 5656 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:14:26.0748 5656 HTTP - ok
19:14:26.0764 5656 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:14:26.0811 5656 i2omp - ok
19:14:26.0858 5656 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:26.0920 5656 i8042prt - ok
19:14:26.0951 5656 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:14:27.0029 5656 iaStorV - ok
19:14:27.0185 5656 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:14:27.0341 5656 idsvc - ok
19:14:27.0388 5656 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:14:27.0435 5656 iirsp - ok
19:14:27.0497 5656 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:14:27.0653 5656 IKEEXT - ok
19:14:27.0778 5656 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:14:28.0012 5656 IntcAzAudAddService - ok
19:14:28.0090 5656 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:14:28.0137 5656 intelide - ok
19:14:28.0215 5656 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:14:28.0308 5656 intelppm - ok
19:14:28.0355 5656 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:14:28.0527 5656 IPBusEnum - ok
19:14:28.0542 5656 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:14:28.0636 5656 IpFilterDriver - ok
19:14:28.0730 5656 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:14:28.0854 5656 iphlpsvc - ok
19:14:28.0870 5656 IpInIp - ok
19:14:28.0917 5656 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:14:29.0010 5656 IPMIDRV - ok
19:14:29.0042 5656 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:14:29.0135 5656 IPNAT - ok
19:14:29.0151 5656 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:14:29.0260 5656 IRENUM - ok
19:14:29.0276 5656 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:14:29.0322 5656 isapnp - ok
19:14:29.0369 5656 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:14:29.0447 5656 iScsiPrt - ok
19:14:29.0463 5656 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:14:29.0510 5656 iteatapi - ok
19:14:29.0541 5656 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:14:29.0572 5656 iteraid - ok
19:14:29.0603 5656 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:14:29.0650 5656 kbdclass - ok
19:14:29.0666 5656 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:14:29.0744 5656 kbdhid - ok
19:14:29.0775 5656 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:14:29.0806 5656 kbfiltr - ok
19:14:29.0837 5656 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:14:29.0993 5656 KeyIso - ok
19:14:30.0040 5656 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:14:30.0149 5656 KSecDD - ok
19:14:30.0212 5656 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:14:30.0414 5656 KtmRm - ok
19:14:30.0461 5656 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
19:14:30.0742 5656 LanmanServer - ok
19:14:30.0789 5656 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:14:31.0116 5656 LanmanWorkstation - ok
19:14:31.0163 5656 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:14:31.0210 5656 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:14:31.0210 5656 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:14:31.0272 5656 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:14:31.0366 5656 lltdio - ok
19:14:31.0444 5656 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:14:31.0631 5656 lltdsvc - ok
19:14:31.0662 5656 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:14:31.0881 5656 lmhosts - ok
19:14:31.0974 5656 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:14:32.0021 5656 LSI_FC - ok
19:14:32.0052 5656 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:14:32.0099 5656 LSI_SAS - ok
19:14:32.0146 5656 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:14:32.0193 5656 LSI_SCSI - ok
19:14:32.0240 5656 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:14:32.0318 5656 luafv - ok
19:14:32.0333 5656 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
19:14:32.0380 5656 lullaby - ok
19:14:32.0411 5656 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:14:32.0536 5656 Mcx2Svc - ok
19:14:32.0567 5656 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:14:32.0614 5656 megasas - ok
19:14:32.0645 5656 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:14:32.0723 5656 MegaSR - ok
19:14:32.0754 5656 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:14:32.0910 5656 MMCSS - ok
19:14:32.0988 5656 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:14:33.0082 5656 Modem - ok
19:14:33.0129 5656 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
19:14:33.0238 5656 MODEMCSA - ok
19:14:33.0285 5656 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:14:33.0363 5656 monitor - ok
19:14:33.0394 5656 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:14:33.0425 5656 mouclass - ok
19:14:33.0456 5656 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:14:33.0550 5656 mouhid - ok
19:14:33.0581 5656 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:14:33.0628 5656 MountMgr - ok
19:14:33.0690 5656 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:14:33.0737 5656 MozillaMaintenance - ok
19:14:33.0784 5656 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:14:33.0831 5656 mpio - ok
19:14:33.0878 5656 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:14:33.0956 5656 mpsdrv - ok
19:14:34.0018 5656 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:14:34.0236 5656 MpsSvc - ok
19:14:34.0299 5656 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:14:34.0346 5656 Mraid35x - ok
19:14:34.0392 5656 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:14:34.0486 5656 MRxDAV - ok
19:14:34.0548 5656 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:34.0611 5656 mrxsmb - ok
19:14:34.0673 5656 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:34.0736 5656 mrxsmb10 - ok
19:14:34.0767 5656 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:34.0845 5656 mrxsmb20 - ok
19:14:34.0892 5656 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
19:14:34.0938 5656 msahci - ok
19:14:34.0970 5656 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:14:35.0016 5656 msdsm - ok
19:14:35.0063 5656 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:14:35.0235 5656 MSDTC - ok
19:14:35.0266 5656 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:14:35.0360 5656 Msfs - ok
19:14:35.0375 5656 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:14:35.0422 5656 msisadrv - ok
19:14:35.0469 5656 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:14:35.0625 5656 MSiSCSI - ok
19:14:35.0640 5656 msiserver - ok
19:14:35.0687 5656 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:14:35.0765 5656 MSKSSRV - ok
19:14:35.0796 5656 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:35.0890 5656 MSPCLOCK - ok
19:14:35.0906 5656 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:14:35.0999 5656 MSPQM - ok
19:14:36.0046 5656 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:14:36.0093 5656 MsRPC - ok
19:14:36.0124 5656 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:14:36.0171 5656 mssmbios - ok
19:14:36.0186 5656 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:14:36.0296 5656 MSTEE - ok
19:14:36.0342 5656 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
19:14:36.0389 5656 MTsensor - ok
19:14:36.0420 5656 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:14:36.0467 5656 Mup - ok
19:14:36.0514 5656 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:14:36.0732 5656 napagent - ok
19:14:36.0779 5656 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:14:36.0857 5656 NativeWifiP - ok
19:14:36.0935 5656 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:14:37.0029 5656 NDIS - ok
19:14:37.0076 5656 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:37.0154 5656 NdisTapi - ok
19:14:37.0169 5656 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:37.0263 5656 Ndisuio - ok
19:14:37.0310 5656 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:37.0388 5656 NdisWan - ok
19:14:37.0434 5656 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:14:37.0512 5656 NDProxy - ok
19:14:37.0528 5656 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:14:37.0622 5656 NetBIOS - ok
19:14:37.0668 5656 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:14:37.0731 5656 netbt - ok
19:14:37.0778 5656 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:14:37.0902 5656 Netlogon - ok
19:14:37.0965 5656 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:14:38.0168 5656 Netman - ok
19:14:38.0214 5656 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:14:38.0417 5656 netprofm - ok
19:14:38.0464 5656 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:38.0495 5656 NetTcpPortSharing - ok
19:14:38.0542 5656 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:14:38.0589 5656 nfrd960 - ok
19:14:38.0636 5656 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:14:38.0838 5656 NlaSvc - ok
19:14:38.0916 5656 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
19:14:38.0963 5656 NPF - ok
19:14:38.0994 5656 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:14:39.0072 5656 Npfs - ok
19:14:39.0104 5656 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:14:39.0306 5656 nsi - ok
19:14:39.0353 5656 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:14:39.0431 5656 nsiproxy - ok
19:14:39.0540 5656 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:14:39.0759 5656 Ntfs - ok
19:14:39.0806 5656 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:14:39.0946 5656 ntrigdigi - ok
19:14:39.0962 5656 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:14:40.0040 5656 Null - ok
19:14:40.0086 5656 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:14:40.0149 5656 nvraid - ok
19:14:40.0164 5656 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:14:40.0211 5656 nvstor - ok
19:14:40.0289 5656 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:14:40.0336 5656 nv_agp - ok
19:14:40.0367 5656 NwlnkFlt - ok
19:14:40.0383 5656 NwlnkFwd - ok
19:14:40.0414 5656 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:14:40.0508 5656 ohci1394 - ok
19:14:40.0664 5656 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
19:14:40.0679 5656 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
19:14:40.0679 5656 OMSI download service - detected UnsignedFile.Multi.Generic (1)
19:14:40.0773 5656 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:40.0820 5656 ose - ok
19:14:40.0882 5656 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:14:41.0132 5656 p2pimsvc - ok
19:14:41.0194 5656 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:14:41.0397 5656 p2psvc - ok
19:14:41.0459 5656 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:14:41.0600 5656 Parport - ok
19:14:41.0709 5656 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:14:41.0756 5656 partmgr - ok
19:14:41.0787 5656 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:14:41.0896 5656 Parvdm - ok
19:14:41.0943 5656 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:14:42.0161 5656 PcaSvc - ok
19:14:42.0224 5656 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:14:42.0286 5656 pci - ok
19:14:42.0317 5656 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
19:14:42.0364 5656 pciide - ok
19:14:42.0395 5656 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:14:42.0458 5656 pcmcia - ok
19:14:42.0520 5656 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:14:42.0738 5656 PEAUTH - ok
19:14:42.0863 5656 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:14:43.0175 5656 pla - ok
19:14:43.0222 5656 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:14:43.0472 5656 PlugPlay - ok
19:14:43.0534 5656 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:14:43.0706 5656 PNRPAutoReg - ok
19:14:43.0768 5656 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:14:43.0940 5656 PNRPsvc - ok
19:14:44.0018 5656 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:14:44.0158 5656 PolicyAgent - ok
19:14:44.0220 5656 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:14:44.0298 5656 PptpMiniport - ok
19:14:44.0345 5656 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:14:44.0423 5656 Processor - ok
19:14:44.0470 5656 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:14:44.0673 5656 ProfSvc - ok
19:14:44.0704 5656 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:14:44.0829 5656 ProtectedStorage - ok
19:14:44.0860 5656 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:14:44.0922 5656 PSched - ok
19:14:45.0016 5656 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:14:45.0188 5656 ql2300 - ok
19:14:45.0219 5656 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:14:45.0266 5656 ql40xx - ok
19:14:45.0328 5656 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:14:45.0531 5656 QWAVE - ok
19:14:45.0562 5656 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:14:45.0624 5656 QWAVEdrv - ok
19:14:45.0656 5656 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:14:45.0749 5656 RasAcd - ok
19:14:45.0780 5656 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:14:46.0046 5656 RasAuto - ok
19:14:46.0108 5656 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:46.0202 5656 Rasl2tp - ok
19:14:46.0233 5656 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:14:46.0451 5656 RasMan - ok
19:14:46.0498 5656 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:46.0560 5656 RasPppoe - ok
19:14:46.0607 5656 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:14:46.0670 5656 RasSstp - ok
19:14:46.0716 5656 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:14:46.0794 5656 rdbss - ok
19:14:46.0841 5656 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:46.0935 5656 RDPCDD - ok
19:14:46.0997 5656 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:14:47.0075 5656 rdpdr - ok
19:14:47.0091 5656 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:14:47.0184 5656 RDPENCDD - ok
19:14:47.0262 5656 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:14:47.0356 5656 RDPWD - ok
19:14:47.0434 5656 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:14:47.0606 5656 RemoteAccess - ok
19:14:47.0652 5656 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:14:47.0902 5656 RemoteRegistry - ok
19:14:48.0011 5656 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
19:14:48.0058 5656 rpcapd - ok
19:14:48.0105 5656 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:14:48.0261 5656 RpcLocator - ok
19:14:48.0308 5656 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:14:48.0542 5656 RpcSs - ok
19:14:48.0588 5656 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:14:48.0682 5656 rspndr - ok
19:14:48.0760 5656 [ 2FC33077F85D7DC0D03678C06D43898C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
19:14:48.0885 5656 RTL8169 - ok
19:14:48.0916 5656 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:14:49.0025 5656 SamSs - ok
19:14:49.0072 5656 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:14:49.0134 5656 sbp2port - ok
19:14:49.0181 5656 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:14:49.0368 5656 SCardSvr - ok
19:14:49.0446 5656 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:14:49.0680 5656 Schedule - ok
19:14:49.0712 5656 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:14:49.0774 5656 SCPolicySvc - ok
19:14:49.0821 5656 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:14:49.0914 5656 sdbus - ok
19:14:49.0961 5656 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:14:50.0164 5656 SDRSVC - ok
19:14:50.0195 5656 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:14:50.0320 5656 secdrv - ok
19:14:50.0336 5656 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:14:50.0554 5656 seclogon - ok
19:14:50.0585 5656 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:14:50.0819 5656 SENS - ok
19:14:50.0866 5656 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:14:50.0991 5656 Serenum - ok
19:14:51.0022 5656 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:14:51.0178 5656 Serial - ok
19:14:51.0194 5656 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:14:51.0272 5656 sermouse - ok
19:14:51.0334 5656 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:14:51.0568 5656 SessionEnv - ok
19:14:51.0599 5656 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:14:51.0693 5656 sffdisk - ok
19:14:51.0708 5656 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:14:51.0786 5656 sffp_mmc - ok
19:14:51.0818 5656 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:14:51.0896 5656 sffp_sd - ok
19:14:51.0927 5656 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:14:52.0005 5656 sfloppy - ok
19:14:52.0067 5656 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:14:52.0254 5656 SharedAccess - ok
19:14:52.0301 5656 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:14:52.0535 5656 ShellHWDetection - ok
19:14:52.0598 5656 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:14:52.0644 5656 sisagp - ok
19:14:52.0676 5656 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:14:52.0722 5656 SiSRaid2 - ok
19:14:52.0769 5656 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:14:52.0816 5656 SiSRaid4 - ok
19:14:52.0863 5656 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:14:52.0894 5656 SkypeUpdate - ok
19:14:53.0081 5656 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:14:53.0549 5656 slsvc - ok
19:14:53.0612 5656 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:14:53.0861 5656 SLUINotify - ok
19:14:53.0892 5656 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:14:53.0986 5656 Smb - ok
19:14:54.0095 5656 [ 09CBB7A04C5D6E9FE876BA5D97EB873D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
19:14:54.0267 5656 smserial - ok
19:14:54.0314 5656 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:14:54.0501 5656 SNMPTRAP - ok
19:14:54.0672 5656 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:14:54.0719 5656 Sony Ericsson PCCompanion - ok
19:14:54.0750 5656 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:14:54.0797 5656 spldr - ok
19:14:54.0860 5656 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
19:14:54.0906 5656 spmgr - ok
19:14:54.0938 5656 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:14:55.0172 5656 Spooler - ok
19:14:55.0250 5656 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:14:55.0343 5656 srv - ok
19:14:55.0390 5656 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:14:55.0452 5656 srv2 - ok
19:14:55.0499 5656 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:14:55.0562 5656 srvnet - ok
19:14:55.0593 5656 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:14:57.0356 5656 SSDPSRV - ok
19:14:57.0449 5656 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:14:57.0714 5656 SstpSvc - ok
19:14:57.0808 5656 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:14:58.0151 5656 stisvc - ok
19:14:58.0198 5656 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:14:58.0292 5656 swenum - ok
19:14:58.0354 5656 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:14:58.0744 5656 swprv - ok
19:14:58.0791 5656 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:14:58.0916 5656 Symc8xx - ok
19:14:58.0978 5656 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:14:59.0025 5656 Sym_hi - ok
19:14:59.0118 5656 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:14:59.0150 5656 Sym_u3 - ok
19:14:59.0228 5656 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:14:59.0337 5656 SynTP - ok
19:14:59.0446 5656 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:14:59.0914 5656 SysMain - ok
19:14:59.0945 5656 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:15:00.0242 5656 TabletInputService - ok
19:15:00.0335 5656 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:15:00.0725 5656 TapiSrv - ok
19:15:00.0741 5656 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:15:01.0068 5656 TBS - ok
19:15:01.0146 5656 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:15:01.0302 5656 Tcpip - ok
19:15:01.0365 5656 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:15:01.0474 5656 Tcpip6 - ok
19:15:01.0521 5656 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:15:01.0677 5656 tcpipreg - ok
19:15:01.0739 5656 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:15:01.0864 5656 TDPIPE - ok
19:15:01.0911 5656 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:15:02.0036 5656 TDTCP - ok
19:15:02.0067 5656 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:15:02.0160 5656 tdx - ok
19:15:02.0207 5656 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:15:02.0285 5656 TermDD - ok
19:15:02.0316 5656 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:15:02.0597 5656 TermService - ok
19:15:02.0660 5656 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:15:02.0862 5656 Themes - ok
19:15:02.0925 5656 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:15:03.0081 5656 THREADORDER - ok
19:15:03.0128 5656 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:15:03.0393 5656 TrkWks - ok
19:15:03.0440 5656 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:15:03.0502 5656 TrustedInstaller - ok
19:15:03.0549 5656 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:15:03.0627 5656 tssecsrv - ok
19:15:03.0689 5656 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:15:03.0736 5656 tunmp - ok
19:15:03.0814 5656 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:15:03.0876 5656 tunnel - ok
19:15:03.0908 5656 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:15:03.0954 5656 uagp35 - ok
19:15:03.0986 5656 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:15:04.0079 5656 udfs - ok
19:15:04.0126 5656 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:15:04.0376 5656 UI0Detect - ok
19:15:04.0391 5656 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:15:04.0454 5656 uliagpkx - ok
19:15:04.0485 5656 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:15:04.0547 5656 uliahci - ok
19:15:04.0578 5656 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:15:04.0656 5656 UlSata - ok
19:15:04.0703 5656 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:15:04.0766 5656 ulsata2 - ok
19:15:04.0797 5656 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:15:04.0890 5656 umbus - ok
19:15:04.0922 5656 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:15:05.0187 5656 upnphost - ok
19:15:05.0249 5656 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:15:05.0327 5656 usbaudio - ok
19:15:05.0343 5656 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:15:05.0421 5656 usbccgp - ok
19:15:05.0421 5656 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:15:05.0561 5656 usbcir - ok
19:15:05.0717 5656 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:15:05.0780 5656 usbehci - ok
19:15:05.0811 5656 [ 80CFE695C3A32E846D3E79694AC528D1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:15:05.0858 5656 usbfilter - ok
19:15:05.0904 5656 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:15:05.0982 5656 usbhub - ok
19:15:05.0998 5656 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:15:06.0060 5656 usbohci - ok
19:15:06.0092 5656 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:15:06.0216 5656 usbprint - ok
19:15:06.0263 5656 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys
19:15:06.0326 5656 usbser - ok
19:15:06.0388 5656 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:15:06.0466 5656 USBSTOR - ok
19:15:06.0497 5656 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:15:06.0575 5656 usbuhci - ok
19:15:06.0716 5656 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:15:06.0809 5656 usbvideo - ok
19:15:06.0856 5656 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:15:07.0074 5656 UxSms - ok
19:15:07.0121 5656 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:15:07.0402 5656 vds - ok
19:15:07.0433 5656 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:15:07.0527 5656 vga - ok
19:15:07.0542 5656 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:15:07.0620 5656 VgaSave - ok
19:15:07.0636 5656 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:15:07.0698 5656 viaagp - ok
19:15:07.0730 5656 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:15:07.0808 5656 ViaC7 - ok
19:15:07.0839 5656 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:15:07.0886 5656 viaide - ok
19:15:07.0932 5656 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:15:07.0979 5656 volmgr - ok
19:15:08.0026 5656 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:15:08.0104 5656 volmgrx - ok
19:15:08.0120 5656 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:15:08.0182 5656 volsnap - ok
19:15:08.0213 5656 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:15:08.0276 5656 vsmraid - ok
19:15:08.0338 5656 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:15:08.0650 5656 VSS - ok
19:15:08.0712 5656 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:15:08.0962 5656 W32Time - ok
19:15:08.0993 5656 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:15:09.0102 5656 WacomPen - ok
19:15:09.0149 5656 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:15:09.0243 5656 Wanarp - ok
19:15:09.0258 5656 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:15:09.0352 5656 Wanarpv6 - ok
19:15:09.0383 5656 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:15:09.0680 5656 wcncsvc - ok
19:15:09.0726 5656 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:15:09.0976 5656 WcsPlugInService - ok
19:15:10.0023 5656 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:15:10.0070 5656 Wd - ok
19:15:10.0116 5656 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:15:10.0272 5656 Wdf01000 - ok
19:15:10.0304 5656 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:15:10.0553 5656 WdiServiceHost - ok
19:15:10.0584 5656 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:15:10.0850 5656 WdiSystemHost - ok
19:15:10.0974 5656 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:15:11.0177 5656 WebClient - ok
19:15:11.0240 5656 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:15:11.0489 5656 Wecsvc - ok
19:15:11.0552 5656 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:15:11.0770 5656 wercplsupport - ok
19:15:11.0817 5656 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:15:12.0066 5656 WerSvc - ok
19:15:12.0129 5656 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:15:12.0191 5656 WinDefend - ok
19:15:12.0222 5656 WinHttpAutoProxySvc - ok
19:15:12.0300 5656 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:15:12.0597 5656 Winmgmt - ok
19:15:12.0753 5656 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:15:13.0127 5656 WinRM - ok
19:15:13.0221 5656 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:15:13.0502 5656 Wlansvc - ok
19:15:13.0626 5656 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:15:13.0814 5656 wlidsvc - ok
19:15:13.0876 5656 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:15:13.0938 5656 WmiAcpi - ok
19:15:13.0985 5656 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:15:14.0079 5656 wmiApSrv - ok
19:15:14.0188 5656 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:15:14.0328 5656 WMPNetworkSvc - ok
19:15:14.0344 5656 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:15:14.0578 5656 WPCSvc - ok
19:15:14.0640 5656 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:15:14.0890 5656 WPDBusEnum - ok
19:15:14.0952 5656 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:15:14.0999 5656 WpdUsb - ok
19:15:15.0218 5656 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:15:15.0327 5656 WPFFontCache_v0400 - ok
19:15:15.0374 5656 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:15:15.0467 5656 ws2ifsl - ok
19:15:15.0514 5656 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
19:15:15.0732 5656 wscsvc - ok
19:15:15.0748 5656 WSearch - ok
19:15:15.0888 5656 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:15:16.0263 5656 wuauserv - ok
19:15:16.0310 5656 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:15:16.0434 5656 WUDFRd - ok
19:15:16.0481 5656 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:15:16.0793 5656 wudfsvc - ok
19:15:16.0840 5656 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
19:15:17.0012 5656 yukonwlh - ok
19:15:17.0027 5656 ================ Scan global ===============================
19:15:17.0090 5656 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:15:17.0199 5656 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:15:17.0480 5656 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:15:17.0745 5656 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:15:17.0916 5656 [Global] - ok
19:15:17.0916 5656 ================ Scan MBR ==================================
19:15:17.0948 5656 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
19:15:18.0618 5656 \Device\Harddisk0\DR0 - ok
19:15:18.0618 5656 ================ Scan VBR ==================================
19:15:18.0681 5656 [ A7A971148C43542CBCA4112CE13AA7C7 ] \Device\Harddisk0\DR0\Partition1
19:15:18.0681 5656 \Device\Harddisk0\DR0\Partition1 - ok
19:15:18.0712 5656 [ 8096D4F3762CEE3D0EEC13F93DE80056 ] \Device\Harddisk0\DR0\Partition2
19:15:18.0712 5656 \Device\Harddisk0\DR0\Partition2 - ok
19:15:18.0728 5656 ============================================================
19:15:18.0728 5656 Scan finished
19:15:18.0728 5656 ============================================================
19:15:18.0759 6708 Detected object count: 5
19:15:18.0759 6708 Actual detected object count: 5
19:17:22.0098 6708 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:22.0098 6708 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:22.0098 6708 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:22.0098 6708 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:22.0098 6708 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.12.2012, 19:24
| #6 | |
| /// Malware-holic | Bundespolizei-Virus/Trojaner hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Bundespolizei-Virus/Trojaner |
|
05.12.2012, 18:20
| #7 |
| | Bundespolizei-Virus/Trojaner Hi, hier der Inhalt der Log-Datei Code:
ATTFilter ComboFix 12-12-04.01 - Besitzer 05.12.2012 17:50:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2814.1853 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\0tbpw.pad
c:\programdata\hpeBA0D.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-05 bis 2012-12-05 ))))))))))))))))))))))))))))))
.
.
2012-12-05 17:08 . 2012-12-05 17:10 -------- d-----w- c:\users\Besitzer\AppData\Local\temp
2012-12-05 17:08 . 2012-12-05 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 17:58 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA533D26-D544-4163-BF8D-683ADE148AF9}\mpengine.dll
2012-12-02 17:42 . 2012-12-02 17:42 -------- d-----w- c:\users\Besitzer\AppData\Roaming\Malwarebytes
2012-12-02 17:41 . 2012-12-02 17:41 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 17:41 . 2012-12-02 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-02 17:41 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 17:24 . 2012-11-16 17:24 -------- d-----w- c:\program files\WinPcap
2012-11-16 17:23 . 2012-11-16 18:11 -------- d-----w- c:\program files\Cain
2012-11-16 16:43 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 16:43 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 21:53 . 2010-02-24 09:29 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-09-13 13:28 . 2012-10-09 17:55 2048 ----a-w- c:\windows\system32\tzres.dll
1999-09-23 14:20 . 2010-03-01 20:02 53248 ----a-w- c:\program files\U32CFG.DLL
1999-09-22 18:31 . 2010-03-01 20:02 200704 ----a-w- c:\program files\ss3base.dll
1999-09-22 16:31 . 2010-03-01 19:58 503808 ----a-w- c:\program files\IERC.DLL
1999-09-22 11:02 . 2010-03-01 19:58 3170304 ----a-w- c:\program files\Iedit.exe
1999-09-22 10:48 . 2010-03-01 20:02 32768 ----a-w- c:\program files\uwUpdate.dll
1999-09-22 10:03 . 2010-03-01 19:59 1351680 ----a-w- c:\program files\ALBUM.EXE
1999-09-20 17:32 . 2010-03-01 20:02 159744 ----a-w- c:\program files\UFCPNTBS.dll
1999-09-19 15:10 . 2010-03-01 20:02 110592 ----a-w- c:\program files\u32File.dll
1999-09-15 19:27 . 2010-03-01 20:02 172032 ----a-w- c:\program files\wcsPage.dll
1999-09-15 14:50 . 2010-03-01 20:02 61440 ----a-w- c:\program files\HTMLAST.EXE
1999-09-14 17:16 . 2010-03-01 20:02 40960 ----a-w- c:\program files\UFCPNMGR.dll
1999-09-10 15:03 . 2010-03-01 20:02 77824 ----a-w- c:\program files\wWebComp.dll
1999-09-09 17:24 . 2010-03-01 20:02 102400 ----a-w- c:\program files\uRender.dll
1999-09-07 10:00 . 2010-03-01 20:02 98304 ----a-w- c:\program files\u32Comm.dll
1999-09-06 16:34 . 2010-03-01 20:02 65536 ----a-w- c:\program files\uvofn.dll
1999-09-06 15:58 . 2010-03-01 20:02 167936 ----a-w- c:\program files\u32Prod.dll
1999-09-02 16:32 . 2010-03-01 20:02 53248 ----a-w- c:\program files\wBBarCom.dll
1999-09-02 10:54 . 2010-03-01 20:02 110592 ----a-w- c:\program files\u32Clips.dll
1999-09-01 13:21 . 2010-03-01 20:02 45056 ----a-w- c:\program files\USSGifsa.dll
1999-08-27 15:20 . 2010-03-01 20:02 53248 ----a-w- c:\program files\UFCCOMM.dll
1999-08-18 14:37 . 2010-03-01 20:02 163840 ----a-w- c:\program files\wcs.exe
1999-08-18 14:10 . 2010-03-01 20:02 53248 ----a-w- c:\program files\UFCPNTBP.dll
1999-08-18 13:37 . 2010-03-01 20:02 40960 ----a-w- c:\program files\u32lfile.dll
1999-08-18 13:32 . 2010-03-01 20:02 65536 ----a-w- c:\program files\ScPost.dll
1999-08-18 13:31 . 2010-03-01 20:02 45056 ----a-w- c:\program files\SCap.dll
1999-08-18 13:30 . 2010-03-01 20:02 73728 ----a-w- c:\program files\PopView.dll
1999-08-18 13:04 . 2010-03-01 20:02 32768 ----a-w- c:\program files\u32Misc.dll
1999-08-18 11:15 . 2010-03-01 20:02 225280 ----a-w- c:\program files\u32Fido.dll
1999-08-18 11:06 . 2010-03-01 20:02 45056 ----a-w- c:\program files\u32Brows.dll
1999-08-18 11:05 . 2010-03-01 20:02 163840 ----a-w- c:\program files\u32Afm.dll
1999-08-18 11:04 . 2010-03-01 20:02 32768 ----a-w- c:\program files\scanres.dll
1999-08-18 11:01 . 2010-03-01 20:02 28672 ----a-w- c:\program files\callview.exe
1999-08-18 10:44 . 2010-03-01 19:59 36864 ----a-w- c:\program files\ABMTSR.EXE
1999-08-03 12:57 . 2010-03-01 20:02 77824 ----a-w- c:\program files\OLREG.EXE
1999-07-30 15:37 . 2010-03-01 20:02 57344 ----a-w- c:\program files\wJavaCom.dll
1999-07-30 15:37 . 2010-03-01 20:02 36864 ----a-w- c:\program files\wpe.dll
1999-07-30 15:36 . 2010-03-01 20:02 40960 ----a-w- c:\program files\wImgFile.dll
1999-07-30 15:36 . 2010-03-01 20:02 40960 ----a-w- c:\program files\wcsTL.dll
1999-07-30 15:36 . 2010-03-01 20:02 57344 ----a-w- c:\program files\wButnCom.dll
1999-07-30 15:35 . 2010-03-01 20:02 24576 ----a-w- c:\program files\wcsRWUFO.dll
1999-07-30 15:34 . 2010-03-01 20:02 147456 ----a-w- c:\program files\UpiCtrl.dll
1999-07-28 18:00 . 2010-03-01 20:02 28672 ----a-w- c:\program files\ucimg.dll
1999-07-28 18:00 . 2010-03-01 20:02 32768 ----a-w- c:\program files\UFCSTATU.dll
1999-07-28 17:59 . 2010-03-01 20:02 24576 ----a-w- c:\program files\UFCDLGBR.dll
1999-07-28 17:59 . 2010-03-01 20:02 36864 ----a-w- c:\program files\UFCCOLOR.dll
1999-07-28 17:59 . 2010-03-01 20:02 32768 ----a-w- c:\program files\UFCCNBTN.dll
1999-07-28 17:58 . 2010-03-01 20:02 32768 ----a-w- c:\program files\UFCBUF.dll
1999-07-28 17:07 . 2010-03-01 20:02 98304 ----a-w- c:\program files\UL3DUI32.DLL
1999-07-28 16:59 . 2010-03-01 20:02 57344 ----a-w- c:\program files\u32Scan.dll
1999-07-28 16:51 . 2010-03-01 20:02 225280 ----a-w- c:\program files\u32Base.dll
1996-09-10 05:33 . 2010-03-01 20:02 48640 ----a-w- c:\program files\INETWH32.DLL
1996-08-28 05:48 . 2010-03-01 20:02 4528 ----a-w- c:\program files\SETBROWS.EXE
1996-08-26 21:48 . 2010-03-01 20:02 9136 ----a-w- c:\program files\INETWH16.DLL
1995-12-12 03:24 . 2010-03-01 20:02 23644 ----a-w- c:\program files\U16APS.DLL
1995-07-30 08:45 . 2010-03-01 20:02 6144 ----a-w- c:\program files\UTHMIO16.DLL
2012-11-04 18:11 . 2012-11-04 18:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-05-20 1540616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-08-12 15:00 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-05-16 09:22 338296 ----a-w- c:\program files\Uniblue\DriverScanner\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-18 00:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-10-11 10:03 220744 ----a-w- c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 10:41 433360 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-05 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-10-27 09:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\kf4lmb8c.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-02-28 11:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Ulead PhotoImpact 5.0 - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-05 18:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-12-05 18:14:25
ComboFix-quarantined-files.txt 2012-12-05 17:14
.
Vor Suchlauf: 8 Verzeichnis(se), 101.165.850.624 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 102.046.441.472 Bytes frei
.
- - End Of File - - 2B80066D5763D6C28F5B4E1F10091801
|
|
06.12.2012, 16:39
| #8 |
| /// Malware-holic | Bundespolizei-Virus/Trojaner lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 19:58
| #9 |
| | Bundespolizei-Virus/Trojaner Guten Abend Code:
ATTFilter AAVUpdateManager Wolters Kluwer Deutschland GmbH 13.08.2012 32,0MB 18.00.0000 - unbekannt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 30.01.2012 10.3.183.11 - notwendig Adobe Flash Player 9 ActiveX Adobe Systems 9 - notwendig Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 24.02.2010 99,6MB 8.1.2 - notwendig Alien Skin Image Doctor 2 Demo 01.03.2010 8,39MB - notwendig Alien Skin Xenofex 2 Demo - notwendig Allway Sync version 11.2.2 Botkind Inc 04.04.2011 25,6MB - unbekannt ASUS CopyProtect ASUS 12.08.2008 3,17MB 1.0.0006 - notwendig ASUS Data Security Manager ASUS 12.08.2008 1.00.0006 - notwendig ASUS InstantFun ASUS 12.08.2008 14,6MB 1.0.0015 - notwendig ASUS Live Update ASUS 12.08.2008 2.5.6 - notwendig ASUS Power4Gear eXtreme ASUS 12.08.2008 7,14MB 1.0.17 - notwendig ASUS SmartLogon ASUS 12.08.2008 10,7MB 1.0.0005 - notwendig ASUS Splendid Video Enhancement Technology ASUS 12.08.2008 1.02.0020 - notwendig Asus_Camera_ScreenSaver ASUS 12.08.2008 2.0.0007 - notwendig Atheros Driver Installation Program Atheros 12.08.2008 7.1 - unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 12.08.2008 13,9MB 3.0.678.0 - unbekannt ATK Generic Function Service ATK 12.08.2008 1.00.0008 - notwendig ATK Hotkey ATK 12.08.2008 1.00.0034- notwendig ATK Media - notwendig ATKOSD2 ATK 12.08.2008 6.64.1.8 - notwendig Avanquest update Avanquest Software 27.10.2011 1.29 - unbekannt CCleaner Piriform 25.11.2012 5,05MB 3.25 - notwendig CyberLink LabelPrint CyberLink Corp. 2.0.2830 - unnötig DHTML Editing Component Microsoft Corporation 25.02.2011 462KB 6.02.0001 - unbekannt DivX-Setup DivX, Inc. 26.07.2010 1,97MB 1.0.2.23 - notwendig ElsterFormular Landesfinanzdirektion Thüringen 28.02.2012 159MB 13.0.0.8086p - unnötig Express Gate devicevm 12.08.2008 231MB 0.7.5.0 - unbekannt Free M4a to MP3 Converter 6.1 ManiacTools.com 13.02.2011 3,71MB - unnötig G Data InternetSecurity 2012 G Data Software AG 17.07.2011 204MB 22.0.0.0 - notwendig GoldWave v5.25 24.05.2010 5,08MB - notwendig IsoBuster 2.2 Smart Projects 25.02.2011 8,57MB 2.2 - notwendig Java(TM) 6 Update 22 Sun Microsystems, Inc. 23.04.2010 94,5MB 6.0.220 - notwendig LightScribe System Software 1.12.37.1 LightScribe 12.08.2008 20,8MB 1.12.37.1 - unbekannt Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 02.12.2012 12,7MB 1.65.1.1000 - notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation - notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 14.05.2012 - notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.11.2012 4.0.30319 - notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.06.2011 4.0.30319 - notwendig Microsoft Office Professional Edition 2003 Microsoft Corporation 17.11.2012 1,34GB 11.0.8173.0 - notwendig Microsoft Silverlight Microsoft Corporation 14.05.2012 80,0MB 4.1.10329.0 - notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.02.2010 251KB 8.0.50727.4053 - notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 294KB 8.0.61001- notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17.07.2011 590KB 9.0.30729.4148- notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.07.2011 594KB 9.0.30729.6161- notwendig Motorola SM56 Speakerphone Modem - unbekannt, bin aber nicht sicher ob es nötig ist Mozilla Firefox 16.0.2 (x86 de) Mozilla 16.0.2 - notwendig Mozilla Maintenance Service Mozilla 16.0.2 - notwendig Multimedia Card Reader 12.08.2008 1.01.0000.00 - notwendig MyPhoneExplorer F.J. Wechselberger 1.8.2 - unnötig NB Probe - unbekannt PDF24 Creator 3.7.0 PDF24.org 31.10.2011 - notwendig Power2Go CyberLink Corp. 5.6.3917 - unbekannt Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 12.08.2008 1.00.0000 - unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12.08.2008 6.0.1.5605 - unbekannt RocketDock 1.3.5 Punk Software 25.02.2010 - notwendig Skype™ 6.0 Skype Technologies S.A. 05.12.2012 37,3MB 6.0.126 - notwendig Sony Ericsson PC Companion 2.01.231 Sony Ericsson 30.10.2011 2.01.231 - unnötig Sony Ericsson PC Suite 6.012.00 Sony Ericsson 27.10.2011 6.012.00 - unnötig Steuer-Sparer 2012 Wolters Kluwer Deutschland GmbH 13.08.2012 236MB 17.02 - notwendig Sun ODF Plugin for Microsoft Office 3.2 Sun Microsystems 07.02.2011 220MB 3.2.9483 - notwendig Symbian SMS Manager (Test) Oxygen Software 27.10.2011 2.18.24 - unnötig Synaptics Pointing Device Driver Synaptics 10.1.8.0 - unbekannt Ulead PhotoImpact X3 Corel 25.02.2011 765MB 1.00.0000 - notwendig Uniblue DriverScanner Uniblue Systems Ltd 27.10.2011 4.0.1.6 - unbekannt VLC media player 1.1.11 VideoLAN 1.1.11 - unnötig WIDCOMM Bluetooth Software Broadcom Corporation 12.08.2008 31,7MB 5.2.0.500 - notwendig Windows Live Essentials Microsoft Corporation 13.08.2012 15.4.3555.0308 - notwendig WinFlash - unbekannt WinPcap 4.1.2 CACE Technologies 4.1.0.2001- notwendig WinRAR - notwendig Wireless Console 2 ATK 12.08.2008 2.0.10- notwendig |
|
06.12.2012, 21:16
| #10 |
| /// Malware-holic | Bundespolizei-Virus/Trojaner deinstaliere: AAVUpdateManager Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: CyberLink ElsterFormular Free M4a GDATA: Besuche bitte deren Homepage, und upgrade auf Version 2013 Antivirus Download, Antivirus-Software, Bankguard, Mobile Security - G Data Software AG Deinstaliere: Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: LightScribe MyPhoneExplorer Power2Go Sony : alle Symbian Uniblue VLC Öffne OTL bereinigen, PC startet neu, löscht Remover. Öffne CCleaner, analysieren, starten, PC neustarten, testen wie das System läuft. Anmerkung, bin von morgen, bis Mittwoch im urlaub.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.12.2012, 20:17
| #11 |
| | Bundespolizei-Virus/Trojaner Hi, die Programme habe ich bereits deinstalliert. Jetzt muss ich die neuen Versionen noch installieren und die letzten beiden Schritte durchführen. Das mache ich morgen und melde mich dann. Bis dahin  |
|
13.12.2012, 15:20
| #12 |
| /// Malware-holic | Bundespolizei-Virus/Trojaner Hi danach haben wir noch ein paar Kleinigkeiten zu tun, also, auf jeden fall noch mal melden, wenn du eine Neuinfektion vermeiden willst :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.12.2012, 12:33
| #13 |
| | Bundespolizei-Virus/Trojaner Hallöchen, ich habe nun die Programme installiert, der Remover ist gelöscht und den CCleaner habe ich auch durchlaufen lassen. Mein Rechner läuft ohne Probleme. Kann ich nun davon ausgehen, dass dieser doofe Trojaner weg ist? Was muss ich nun tun, damit sowas nicht nochmal passiert? LG |
|
15.12.2012, 13:58
| #14 |
| /// Malware-holic | Bundespolizei-Virus/Trojaner Hi davon kannst du ausgehen. Nu sichern wir das Gerät ab: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Bundespolizei-Virus/Trojaner |
| .dll, administrator, anti-malware, appdata, autostart, bundestrojaner, dateien, desktop, explorer, gelöscht, gen, hilfe!, kopieren, löschen, malwarebytes, microsoft, programm, rechner, roaming, runctf.lnk, scan, software, speicher, temp, trojan.ransom.sugen, trojaner, vista |
Linear-Darstellung
