OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista

Kudla · 18.04.2013, 22:51

Hallo alle zusammen!

Ich bin sehr dankbar hier im Forum Mitglied zu sein und eure Hilfe in Anspruch nehmen zu dürfen.

Es geht sich um folgendes: Ich habe einen Asus Laptop mit Windows Vist 64bit
Wenn ich diesen einschlate dauert es nun ziemlich lang. Wenn ich mich bei meinem Hauptkonto anmelde ist diese Anmeldezeit wieder äußerst lang und es erscheint nur ein weißer Bildschirm. Das Aufrufen des Task-Manager geht mal und mal wieder nicht. Abmelden funktioniert immer. Fahre ich den PC per Knopf herunter, sehe ich kurz den Desktop.

Melde ich mich bei meinem Nebenkonto (auch Administrato, Sicherheitskonto von mir sozusagen) Funktioniert das Desktop aber bei jedem Neustart ist die Windows Firewall komplett aus. Und er ist eben sehr langsam. Außerdem findet der AVG nichts.

Habe mir mal mit dem OTL einen Scan durch laufen lassen, das Ergebnis daraus bzw. dieses Dokument habe ich im Anhang. Sicherheitshalber auch nochmal hier:

Ich bitte, wenn möglich und ohne jemanden zu stressen da ja jeder auch ein Leben außer hier hat, um rasche Antwort.
Vielen herzlichen Dank für eure Bemühungen im Voraus!! Danke!

LG Andi

OTL logfile created on: 18.04.2013 23:33:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sicherheit\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 3,68 Gb Available Physical Memory | 61,39% Memory free
12,20 Gb Paging File | 9,85 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,96 Gb Total Space | 58,47 Gb Free Space | 49,57% Space Free | Partition Type: NTFS
Drive D: | 220,18 Gb Total Space | 92,87 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Drive G: | 114,92 Gb Total Space | 56,68 Gb Free Space | 49,33% Space Free | Partition Type: NTFS

Computer Name: ANDI | User Name: Sicherheit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.18 23:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sicherheit\Desktop\OTL.exe
PRC - [2013.04.16 23:12:54 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\Opera.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.01.29 14:43:17 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010.11.24 21:51:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010.07.21 11:03:18 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010.07.17 19:17:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009.11.23 22:40:22 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\SysWOW64\mmrtkrnl.exe
PRC - [2009.09.20 12:07:23 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.20 11:17:46 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.04.07 18:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009.03.21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.03.04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.02.11 01:51:18 | 000,113,208 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
PRC - [2009.02.07 01:57:18 | 000,072,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.10.15 01:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
PRC - [2008.10.01 02:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
PRC - [2008.08.14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.08.14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.07.19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008.03.25 06:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.16 01:40:28 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.10.23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.10.15 01:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
MOD - [2008.10.01 02:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
MOD - [2008.08.28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2008.05.29 06:39:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll
MOD - [2008.05.23 06:24:10 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
MOD - [2008.02.17 07:08:46 | 000,950,272 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2007.03.10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
MOD - [2005.05.12 00:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013.03.16 01:40:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.07.21 11:03:18 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.17 19:17:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.02.07 01:57:18 | 000,072,248 | ---- | M] () [Disabled | Running] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.01.15 22:02:49 | 000,282,976 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011.09.12 20:18:11 | 000,035,664 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011.07.20 09:46:06 | 000,203,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.07.20 09:46:06 | 000,095,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.06.09 22:28:16 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.09 22:28:10 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.06 01:21:57 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010.08.02 11:00:50 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.26 15:18:58 | 000,020,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.07.26 15:15:26 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:22 | 000,161,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.04.27 04:25:22 | 000,129,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssceserd.sys -- (ssceserd)
DRV:64bit: - [2010.04.27 04:25:22 | 000,127,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.04.27 04:25:22 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.11.25 14:59:28 | 000,058,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nchvsc64.sys -- (NCHVSC64)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.09.20 11:37:17 | 000,035,384 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.02 02:46:40 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.02.11 11:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.01.14 02:48:18 | 001,187,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008.11.03 09:03:27 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008.07.09 11:16:19 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008.05.13 15:02:13 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008.05.13 15:02:11 | 000,121,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008.05.02 07:59:47 | 000,166,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.02.16 03:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.01.29 04:46:57 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.01.24 07:24:23 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008.01.21 04:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007.12.06 12:12:55 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007.10.17 06:54:20 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - [2007.07.28 04:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007.07.27 05:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007.04.16 20:51:50 | 000,014,112 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006.10.27 15:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006.10.04 03:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006.06.27 15:24:22 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys -- (AmdTools64)
DRV - [2010.07.26 15:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.05 21:42:16 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll] C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll (DivX, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4D2956-A9C9-4FC5-8C99-B5BA51882005}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A80E82-F4D2-4F11-924A-61B118A1C5CF}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.18 23:06:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sicherheit\Desktop\OTL.exe
[2013.04.18 23:05:37 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Adobe
[2013.04.18 00:35:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.18 00:35:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.18 00:35:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.18 00:35:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.18 00:35:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.04.18 00:35:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.18 00:35:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.18 00:35:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.18 00:35:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.18 00:35:49 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.18 00:35:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.18 00:35:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.18 00:35:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.16 23:59:49 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\vlc
[2013.04.16 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\NVIDIA
[2013.04.16 23:56:11 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\DivX
[2013.04.16 23:43:52 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2013.04.16 23:43:52 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2013.04.16 23:43:37 | 010,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.04.16 23:43:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013.04.16 23:42:37 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2013.04.16 23:42:13 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2013.04.16 23:40:50 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.16 23:40:38 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.16 23:40:36 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.04.16 23:40:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013.04.16 23:40:12 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2013.04.16 23:40:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2013.04.16 23:40:12 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2013.04.16 23:38:52 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.04.16 23:38:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.04.16 23:38:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.04.16 23:38:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.04.16 23:38:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2013.04.16 23:35:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013.04.16 23:35:17 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013.04.16 23:28:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.16 23:23:01 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2013.04.16 23:23:01 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2013.04.16 23:21:10 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2013.04.16 23:21:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013.04.16 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Opera
[2013.04.16 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Opera
[2013.04.16 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\VirtualStore
[2013.04.16 22:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Apple Computer
[2013.04.16 22:52:54 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Power2Go
[2013.04.16 22:51:22 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.16 22:51:22 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Searches
[2013.04.16 22:51:22 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.16 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Identities
[2013.04.16 22:51:14 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Contacts
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Vorlagen
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\AppData\Local\Verlauf
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\AppData\Local\Temporary Internet Files
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Startmenü
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\SendTo
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Recent
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Netzwerkumgebung
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Lokale Einstellungen
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Documents\Eigene Videos
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Documents\Eigene Musik
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Eigene Dateien
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Documents\Eigene Bilder
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Druckumgebung
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Cookies
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\AppData\Local\Anwendungsdaten
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Anwendungsdaten
[2013.04.16 22:50:03 | 000,000,000 | --SD | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Videos
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Saved Games
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Pictures
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Music
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Links
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Favorites
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Downloads
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Documents
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Desktop
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.16 22:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Sicherheit\AppData
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Temp
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Microsoft
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Media Center Programs
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Macromedia
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2013.04.02 23:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.02 23:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.02 23:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.18 23:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sicherheit\Desktop\OTL.exe
[2013.04.18 22:56:01 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.04.18 22:53:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.04.18 22:53:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 22:53:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 22:53:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.18 22:52:41 | 2146,471,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.18 22:51:40 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.18 22:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.18 04:05:00 | 117,792,174 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013.04.18 00:55:36 | 000,374,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.18 00:20:11 | 000,000,514 | ---- | M] () -- C:\Windows\SysWow64\ABG71GX.DAT
[2013.04.16 23:30:44 | 001,427,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.16 23:30:44 | 000,621,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.16 23:30:44 | 000,590,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.16 23:30:44 | 000,123,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.16 23:30:44 | 000,102,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.16 22:55:17 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.04.02 23:04:57 | 000,122,608 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.18 00:36:51 | 000,694,784 | ---- | C] () -- C:\Windows\SysNative\drivers\bthport.sys
[2013.04.18 00:36:51 | 000,204,288 | ---- | C] () -- C:\Windows\SysNative\fsquirt.exe
[2013.04.18 00:36:51 | 000,035,328 | ---- | C] () -- C:\Windows\SysNative\drivers\BTHUSB.SYS
[2013.04.18 00:36:51 | 000,026,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bthenum.sys
[2013.04.18 00:35:57 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2013.04.18 00:35:56 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2013.04.18 00:35:51 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2013.04.18 00:35:50 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2013.04.18 00:35:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2013.04.18 00:35:50 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2013.04.18 00:35:50 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2013.04.18 00:35:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2013.04.18 00:35:50 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2013.04.18 00:35:49 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2013.04.18 00:35:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.18 00:35:49 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2013.04.18 00:35:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2013.04.18 00:35:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2013.04.18 00:35:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.18 00:35:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2013.04.18 00:35:49 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2013.04.18 00:35:49 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2013.04.18 00:35:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2013.04.18 00:35:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2013.04.18 00:35:49 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.18 00:35:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2013.04.18 00:35:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2013.04.18 00:35:49 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.18 00:35:45 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2013.04.18 00:35:44 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2013.04.18 00:35:44 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2013.04.18 00:35:43 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2013.04.18 00:35:43 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2013.04.18 00:35:43 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2013.04.18 00:35:43 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2013.04.18 00:35:42 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2013.04.18 00:35:42 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2013.04.18 00:35:41 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2013.04.18 00:35:40 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2013.04.18 00:35:39 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2013.04.18 00:35:39 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2013.04.18 00:20:11 | 000,000,514 | ---- | C] () -- C:\Windows\SysWow64\ABG71GX.DAT
[2013.04.17 00:04:08 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2013.04.16 23:45:47 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2013.04.16 23:45:00 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2013.04.16 23:44:12 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2013.04.16 23:44:12 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2013.04.16 23:43:44 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2013.04.16 23:43:31 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2013.04.16 23:42:37 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2013.04.16 23:42:13 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll
[2013.04.16 23:41:59 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2013.04.16 23:41:20 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.16 23:41:19 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll
[2013.04.16 23:41:11 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2013.04.16 23:41:01 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2013.04.16 23:40:56 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll
[2013.04.16 23:40:50 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2013.04.16 23:40:49 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2013.04.16 23:40:45 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2013.04.16 23:40:44 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2013.04.16 23:40:44 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2013.04.16 23:40:44 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2013.04.16 23:40:43 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2013.04.16 23:40:43 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2013.04.16 23:40:43 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2013.04.16 23:40:38 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2013.04.16 23:40:36 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe
[2013.04.16 23:40:31 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2013.04.16 23:40:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2013.04.16 23:40:13 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2013.04.16 23:40:12 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll
[2013.04.16 23:40:12 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2013.04.16 23:40:12 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll
[2013.04.16 23:38:58 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2013.04.16 23:38:53 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2013.04.16 23:38:52 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2013.04.16 23:38:52 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2013.04.16 23:38:17 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2013.04.16 23:38:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2013.04.16 23:38:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2013.04.16 23:37:14 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2013.04.16 23:35:18 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2013.04.16 23:35:18 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2013.04.16 23:35:14 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe
[2013.04.16 23:23:03 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2013.04.16 23:23:02 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2013.04.16 23:23:02 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2013.04.16 23:23:01 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2013.04.16 23:23:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2013.04.16 23:21:10 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2013.04.16 23:21:09 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2013.04.16 23:21:09 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2013.04.16 23:21:09 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2013.04.16 22:55:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.04.16 22:52:15 | 000,000,956 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.16 22:51:29 | 000,000,986 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.16 22:51:20 | 000,000,981 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.04.16 22:51:13 | 000,000,922 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.06.01 16:24:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2009.10.01 15:03:48 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2009.09.29 14:22:17 | 000,231,716 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.29 14:22:15 | 000,231,716 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.09.20 11:17:46 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.09.20 11:17:46 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.16 23:09:07 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\Opera

========== Purity Check ==========

< End of report >

aharonov · 19.04.2013, 12:01

Hallo Andi,

mach bitte auch noch einen Gmer-Scan:

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Kudla · 19.04.2013, 12:57

Hallo!

Vielen Dank für die sehr schnelle Antwort. Werde dies gleich heute um ca. halb 5, 5 machen da ich noch nicht zuhause bin und es gleich reinstellen.

Danke!

aharonov · 19.04.2013, 13:04

Ok, alles klar.

Kudla · 19.04.2013, 17:14

Der Scan läuft jetzt mit voller Leistung schon seit 5 : D

Hoffe das hat dann mal ein Ende. Wollte nur fragen warum ich mit GMER scannen soll und der otl nicht reicht. Rein interessehalber. : )

aharonov · 19.04.2013, 17:36

Läuft der Gmer-Scan denn noch oder hat er sich aufgehängt?

Kudla · 20.04.2013, 01:42

Also musste dann weg bzw. hat ich was vor. Der Scan ist aber durch und anbei zu finden...

Danke!!!

LG

Andi
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-20 02:35:46
Windows 6.0.6001 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0002 465,76GB
Running: mx7b4erb.exe; Driver: C:\Users\SICHER~1\AppData\Local\Temp\ugddrpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                    suspicious modification
.text     C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload + 1                                                               fffffa6002fdcfa5 11 bytes {MOV RAX, 0xfffffa80087e72a0; JMP RAX}
.text     C:\Windows\System32\win32k.sys!W32pServiceTable                                                                     fffff960001b3900 7 bytes [00, 6B, F3, FF, C1, 40, FC]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                 fffff960001b3908 3 bytes [C0, E5, 01]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\mmrtkrnl.exe[4548] C:\Windows\SysWOW64\wsock32.dll!recv + 81                                    00000000755f18a9 2 bytes CALL 7725142d C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[4548] C:\Windows\SysWOW64\wsock32.dll!recvfrom + 87                                00000000755f190e 2 bytes CALL 7725142d C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[4548] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 98                              00000000755f19f0 2 bytes JMP 775b8400 C:\Windows\syswow64\WS2_32.dll
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[4548] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 109                             00000000755f19fb 2 bytes JMP 775c8b38 C:\Windows\syswow64\WS2_32.dll

---- Kernel IAT/EAT - GMER 2.1 ----

IAT       C:\Windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                [fffffa8006572440]  [unknown section]
IAT       C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                       [fffffa6000a6c650] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                    [fffffa6000a6c5dc] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [fffffa6000a372c0] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [fffffa6000a3735c] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                             [fffffa6000a37224] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [fffffa6000a37a24] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                     [fffffa6000a37ba0] \SystemRoot\System32\Drivers\spmx.sys [unknown section]
IAT       C:\Windows\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint]                                                 [fffffa80065bc440]  [unknown section]
IAT       C:\Windows\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                 [fffffa80087e7440]  [unknown section]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortReadPortUshort]                                         [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortCompleteRequest]                                        [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortNotification]                                           [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                   [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                   [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortInitialize]                                             [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                     [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                 [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortStallExecution]                                         [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortReadPortUchar]                                          [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortWritePortUchar]                                         [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                   [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortMoveMemory]                                             [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortWritePortUlong]                                         [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                   [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortGetParentBusType]                                       [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[ataport.SYS!AtaPortRequestCallback]                                        [?]
IAT       C:\Windows\System32\Drivers\aekwtm0l.SYS[NTOSKRNL.exe!KeBugCheckEx]                                                 [?]

---- Devices - GMER 2.1 ----

Device    \Driver\aekwtm0l \Device\Scsi\aekwtm0l1Port2Path0Target0Lun0                                                        fffffa8008af62c0
Device    \Driver\aekwtm0l \Device\Scsi\aekwtm0l1                                                                             fffffa8008af62c0
Device    \FileSystem\Ntfs \Ntfs                                                                                              fffffa80065ca2c0
Device    \FileSystem\fastfat \Fat                                                                                            fffffa800a0ad2c0
Device    \Driver\usbehci \Device\USBFDO-7                                                                                    fffffa80088b22c0
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    fffffa80088ba2c0
Device    \Driver\usbehci \Device\USBFDO-3                                                                                    fffffa80088b22c0
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    fffffa80088ba2c0
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                  fffffa8008ae32c0
Device    \Driver\cdrom \Device\CdRom0                                                                                        fffffa8008a9a2c0
Device    \Driver\cdrom \Device\CdRom1                                                                                        fffffa8008a9a2c0
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                    fffffa80088ba2c0
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    fffffa80088ba2c0
Device    \Driver\netbt \Device\NetBT_Tcpip_{47A80E82-F4D2-4F11-924A-61B118A1C5CF}                                            fffffa800903d2c0
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    fffffa80088ba2c0
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    fffffa80088ba2c0
Device    \Driver\usbehci \Device\USBPDO-7                                                                                    fffffa80088b22c0
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    fffffa80088ba2c0
Device    \Driver\usbehci \Device\USBPDO-3                                                                                    fffffa80088b22c0
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    fffffa80088ba2c0
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                              fffffa80065c02c0
Device    \Driver\volmgr \Device\FtControl                                                                                    fffffa80065c02c0
Device    \Driver\volmgr \Device\VolMgrControl                                                                                fffffa80065c02c0
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                              fffffa80065c02c0
Device    \Driver\volmgr \Device\HarddiskVolume3                                                                              fffffa80065c02c0
Device    \Driver\volmgr \Device\HarddiskVolume4                                                                              fffffa80065c02c0
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                             fffffa800903d2c0
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                    fffffa80088ba2c0
Device    \Driver\netbt \Device\NetBT_Tcpip_{18EAE573-80C2-4ABF-81BE-70CBBA28FDCC}                                            fffffa800903d2c0
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    fffffa80088ba2c0
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    fffffa80088ba2c0
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    fffffa80088ba2c0
Device    \Driver\iScsiPrt \Device\ScsiPort1                                                                                  fffffa8008ae32c0
Device    \Driver\aekwtm0l \Device\ScsiPort2                                                                                  fffffa8008af62c0
Device    \Driver\Smb \Device\NetbiosSmb                                                                                      fffffa800906d2c0

---- Modules - GMER 2.1 ----

Module    \SystemRoot\System32\Drivers\aekwtm0l.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)(2008-01-21 02:46:50)    fffffa6003293000-fffffa60032d8000 (282624 bytes)

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243d1734a                                         
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243d1734a@0025670f8fd3                            0x3E 0x46 0xA2 0xB4 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243d1734a@f49f54c7ed7a                            0xB8 0xEB 0x5E 0xAD ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243d1734a@a8922c44979b                            0xD8 0x21 0xEB 0x21 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243d1734a@9c0298a0549c                            0x25 0x55 0x4E 0x5F ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x65 0x97 0x99 0x30 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x33 0xFD 0x69 0xFA ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA7 0x31 0x6D 0x12 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243d1734a (not active ControlSet)                     
Reg       HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243d1734a@0025670f8fd3                                0x3E 0x46 0xA2 0xB4 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243d1734a@f49f54c7ed7a                                0xB8 0xEB 0x5E 0xAD ...
Reg       HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243d1734a@a8922c44979b                                0xD8 0x21 0xEB 0x21 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243d1734a@9c0298a0549c                                0x25 0x55 0x4E 0x5F ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFA 0x7F 0x0A 0x5C ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x33 0xFD 0x69 0xFA ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA7 0x31 0x6D 0x12 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                               unknown MBR code

---- Files - GMER 2.1 ----

File      C:\ADSM_PData_0150                                                                                                  0 bytes
File      C:\ADSM_PData_0150\DB                                                                                               0 bytes
File      C:\ADSM_PData_0150\DB\SI.db                                                                                         624 bytes
File      C:\ADSM_PData_0150\DB\UL.db                                                                                         1040 bytes
File      C:\ADSM_PData_0150\DB\VL.db                                                                                         8208 bytes
File      C:\ADSM_PData_0150\DB\WAL.db                                                                                        2048 bytes
File      C:\ADSM_PData_0150\DragWait.exe                                                                                     315392 bytes executable
File      C:\ADSM_PData_0150\_avt                                                                                             512 bytes
File      C:\Users\Andreas\Gesicherte Musik                                                                                   0 bytes
File      C:\Users\Andreas\Gesicherte Musik\_avt                                                                              512 bytes
File      C:\Users\Andreas\Gesicherte Musik\_lit                                                                              512 bytes
File      C:\Users\Andreas\Gesichertes Dokument                                                                               0 bytes
File      C:\Users\Andreas\Gesichertes Dokument\_avt                                                                          512 bytes
File      C:\Users\Andreas\Gesichertes Dokument\_lit                                                                          512 bytes
File      C:\Users\Andreas\Gesichertes Video                                                                                  0 bytes
File      C:\Users\Andreas\Gesichertes Video\_avt                                                                             512 bytes
File      C:\Users\Andreas\Gesichertes Video\_lit                                                                             512 bytes

---- EOF - GMER 2.1 ----

--- --- ---

aharonov · 20.04.2013, 01:54

Hmm..

Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.

Starte die aswMBR.exe.
Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte, bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere die Datei auf dem Desktop.

Poste mir diese aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung.

Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.

Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.

Starte die TDSSKiller.exe.
Drücke Start Scan.
Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von aswMBR
Log von TDSSKiller

Kudla · 20.04.2013, 03:00

ist das "hmm.." eher ein schlechtes zeichen....XD ?
hab den ersten scan laufen

aharonov · 20.04.2013, 12:21

Nein, das hat nicht so viel zu bedeuten. Ich möchte mir einfach noch etwas anschauen, bevor wir zuschlagen.

Kudla · 20.04.2013, 13:06

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 03:52:34
-----------------------------
03:52:34.383 OS Version: Windows x64 6.0.6001 Service Pack 1
03:52:34.383 Number of processors: 2 586 0x170A
03:52:34.383 ComputerName: ANDI UserName:
03:52:35.617 Initialize success
03:59:46.192 AVAST engine defs: 13041901
04:00:17.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:00:17.210 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
04:00:19.024 Disk 0 MBR read successfully
04:00:19.026 Disk 0 MBR scan
04:00:19.030 Disk 0 unknown MBR code
04:00:19.144 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12997 MB offset 63
04:00:19.294 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 120794 MB offset 26619705
04:00:19.378 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117677 MB offset 274008064
04:00:19.382 Disk 0 Partition - 00 0F Extended LBA 225466 MB offset 515011770
04:00:19.510 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 225466 MB offset 515011833
04:00:20.891 Disk 0 scanning C:\Windows\system32\drivers
04:02:21.695 Service scanning
04:02:45.699 Modules scanning
04:02:45.700 Disk 0 trace - called modules:
04:02:45.822 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spmx.sys hal.dll
04:02:45.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b14740]
04:02:45.823 3 CLASSPNP.SYS[fffffa600140db3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80067cf050]
04:02:46.803 AVAST engine scan C:\Windows
04:04:09.343 AVAST engine scan C:\Windows\system32
04:13:20.773 AVAST engine scan C:\Windows\system32\drivers
04:13:49.063 AVAST engine scan C:\Users\Sicherheit
04:14:17.399 AVAST engine scan C:\ProgramData
04:17:18.322 Scan finished successfully
14:04:34.425 Disk 0 MBR has been saved successfully to "C:\Users\Sicherheit\Desktop\MBR.dat"
14:04:34.428 The log file has been saved successfully to "C:\Users\Sicherheit\Desktop\aswMBR.txt"

Kudla · 20.04.2013, 13:11

Zitat:

14:07:01.0712 5608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:07:03.0713 5608 ============================================================
14:07:03.0713 5608 Current date / time: 2013/04/20 14:07:03.0713
14:07:03.0713 5608 SystemInfo:
14:07:03.0714 5608
14:07:03.0714 5608 OS Version: 6.0.6001 ServicePack: 1.0
14:07:03.0714 5608 Product type: Workstation
14:07:03.0714 5608 ComputerName: ANDI
14:07:03.0714 5608 UserName: Sicherheit
14:07:03.0714 5608 Windows directory: C:\Windows
14:07:03.0714 5608 System windows directory: C:\Windows
14:07:03.0714 5608 Running under WOW64
14:07:03.0714 5608 Processor architecture: Intel x64
14:07:03.0714 5608 Number of processors: 2
14:07:03.0714 5608 Page size: 0x1000
14:07:03.0714 5608 Boot type: Normal boot
14:07:03.0714 5608 ============================================================
14:07:04.0255 5608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:07:04.0488 5608 ============================================================
14:07:04.0488 5608 \Device\Harddisk0\DR0:
14:07:04.0491 5608 MBR partitions:
14:07:04.0492 5608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1962F39, BlocksNum 0xEBED580
14:07:04.0492 5608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10550800, BlocksNum 0xE5D6800
14:07:04.0514 5608 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1EB274F9, BlocksNum 0x1B85D748
14:07:04.0514 5608 ============================================================
14:07:04.0708 5608 C: <-> \Device\Harddisk0\DR0\Partition1
14:07:04.0813 5608 D: <-> \Device\Harddisk0\DR0\Partition3
14:07:04.0882 5608 G: <-> \Device\Harddisk0\DR0\Partition2
14:07:04.0882 5608 ============================================================
14:07:04.0882 5608 Initialize success
14:07:04.0882 5608 ============================================================
14:07:20.0217 5808 ============================================================
14:07:20.0217 5808 Scan started
14:07:20.0217 5808 Mode: Manual;
14:07:20.0217 5808 ============================================================
14:07:20.0659 5808 ================ Scan system memory ========================
14:07:20.0659 5808 System memory - ok
14:07:20.0660 5808 ================ Scan services =============================
14:07:20.0786 5808 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:07:20.0793 5808 ACPI - ok
14:07:20.0909 5808 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:07:20.0913 5808 AdobeFlashPlayerUpdateSvc - ok
14:07:20.0955 5808 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:07:20.0963 5808 adp94xx - ok
14:07:21.0003 5808 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:07:21.0009 5808 adpahci - ok
14:07:21.0023 5808 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:07:21.0024 5808 adpu160m - ok
14:07:21.0045 5808 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:07:21.0049 5808 adpu320 - ok
14:07:21.0137 5808 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
14:07:21.0166 5808 ADSMService - ok
14:07:21.0196 5808 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:07:21.0197 5808 AeLookupSvc - ok
14:07:21.0241 5808 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
14:07:21.0262 5808 AFD - ok
14:07:21.0302 5808 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:07:21.0303 5808 agp440 - ok
14:07:21.0345 5808 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:07:21.0346 5808 aic78xx - ok
14:07:21.0368 5808 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
14:07:21.0372 5808 ALG - ok
14:07:21.0393 5808 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
14:07:21.0394 5808 aliide - ok
14:07:21.0415 5808 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
14:07:21.0416 5808 amdide - ok
14:07:21.0445 5808 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:07:21.0447 5808 AmdK8 - ok
14:07:21.0486 5808 [ 34EB1F2A628763A890535F473914E100 ] AmdTools64 C:\Windows\system32\DRIVERS\AmdTools64.sys
14:07:21.0496 5808 AmdTools64 - ok
14:07:21.0535 5808 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
14:07:21.0538 5808 Appinfo - ok
14:07:21.0633 5808 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:07:21.0720 5808 Apple Mobile Device - ok
14:07:21.0760 5808 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
14:07:21.0761 5808 arc - ok
14:07:21.0809 5808 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:07:21.0811 5808 arcsas - ok
14:07:21.0842 5808 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
14:07:21.0846 5808 AsDsm - ok
14:07:21.0876 5808 [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
14:07:21.0877 5808 ASLDRService - ok
14:07:21.0968 5808 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
14:07:21.0971 5808 ASMMAP64 - ok
14:07:22.0010 5808 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:07:22.0012 5808 AsyncMac - ok
14:07:22.0031 5808 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
14:07:22.0033 5808 atapi - ok
14:07:22.0090 5808 [ 0AE8E76C5F55B2135DCF0F49B34B3E77 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:07:22.0124 5808 athr - ok
14:07:22.0141 5808 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
14:07:22.0160 5808 ATKGFNEXSrv - ok
14:07:22.0216 5808 [ 1FD0FA6618B31FAD14385740D0F6C333 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:07:22.0222 5808 atksgt - ok
14:07:22.0278 5808 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:07:22.0286 5808 AudioEndpointBuilder - ok
14:07:22.0295 5808 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:07:22.0297 5808 AudioSrv - ok
14:07:22.0396 5808 [ AA054CD537357F03D5BA6ABA7562B35F ] avg9emc C:\Program Files (x86)\AVG\AVG9\avgemc.exe
14:07:22.0402 5808 avg9emc - ok
14:07:22.0485 5808 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
14:07:22.0488 5808 avg9wd - ok
14:07:22.0529 5808 [ C7D7733C4745E356CEB61DE0CD32896D ] AvgLdx64 C:\Windows\System32\Drivers\avgldx64.sys
14:07:22.0534 5808 AvgLdx64 - ok
14:07:22.0565 5808 [ 0DB5A749ACD8E66091736F88C40207BD ] AvgMfx64 C:\Windows\System32\Drivers\avgmfx64.sys
14:07:22.0567 5808 AvgMfx64 - ok
14:07:22.0605 5808 [ 8AA68C0BA2B84FD7EB3E1F10BBFC825B ] AvgTdiA C:\Windows\System32\Drivers\avgtdia.sys
14:07:22.0611 5808 AvgTdiA - ok
14:07:22.0655 5808 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll
14:07:22.0673 5808 BFE - ok
14:07:22.0721 5808 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\System32\qmgr.dll
14:07:22.0753 5808 BITS - ok
14:07:22.0782 5808 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:07:22.0784 5808 blbdrive - ok
14:07:22.0861 5808 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:07:22.0865 5808 Bonjour Service - ok
14:07:22.0888 5808 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:07:22.0891 5808 bowser - ok
14:07:22.0930 5808 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:07:22.0932 5808 BrFiltLo - ok
14:07:22.0950 5808 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:07:22.0951 5808 BrFiltUp - ok
14:07:22.0991 5808 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
14:07:22.0995 5808 Browser - ok
14:07:23.0027 5808 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
14:07:23.0029 5808 Brserid - ok
14:07:23.0038 5808 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:07:23.0040 5808 BrSerWdm - ok
14:07:23.0055 5808 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:07:23.0057 5808 BrUsbMdm - ok
14:07:23.0065 5808 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:07:23.0067 5808 BrUsbSer - ok
14:07:23.0103 5808 [ D4A3AE275D21B294F9B26F84748054D5 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:07:23.0111 5808 BthEnum - ok
14:07:23.0158 5808 [ 752FC84A394CA712D51DD9BD53F58E73 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:07:23.0160 5808 BTHMODEM - ok
14:07:23.0205 5808 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:07:23.0208 5808 BthPan - ok
14:07:23.0244 5808 [ 04E4907FCB00CDFACA052DEA6462B01B ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:07:23.0272 5808 BTHPORT - ok
14:07:23.0305 5808 [ 90E967B4BB5556EDC9C2EA0EB653D1B2 ] BthServ C:\Windows\System32\bthserv.dll
14:07:23.0308 5808 BthServ - ok
14:07:23.0329 5808 [ FD8F6802D7564046D933093705F9B9B4 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:07:23.0338 5808 BTHUSB - ok
14:07:23.0388 5808 [ 162E149ABD1D36A4A8B05A06F3F48E79 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:07:23.0390 5808 btwaudio - ok
14:07:23.0421 5808 [ 8964A01861B2539160DC8FE72B400E39 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:07:23.0423 5808 btwavdt - ok
14:07:23.0518 5808 [ 3A37F2BC95908AA7897169A9A47F69C0 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:07:23.0523 5808 btwdins - ok
14:07:23.0561 5808 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:07:23.0563 5808 btwl2cap - ok
14:07:23.0571 5808 [ 387FC34F3488ACA2A16394CD7421E7A0 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:07:23.0572 5808 btwrchid - ok
14:07:23.0602 5808 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:07:23.0605 5808 cdfs - ok
14:07:23.0635 5808 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:07:23.0637 5808 cdrom - ok
14:07:23.0671 5808 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
14:07:23.0673 5808 CertPropSvc - ok
14:07:23.0685 5808 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:07:23.0687 5808 circlass - ok
14:07:23.0710 5808 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
14:07:23.0717 5808 CLFS - ok
14:07:23.0784 5808 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:23.0786 5808 clr_optimization_v2.0.50727_32 - ok
14:07:23.0818 5808 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:07:23.0821 5808 clr_optimization_v2.0.50727_64 - ok
14:07:23.0858 5808 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:07:23.0860 5808 CmBatt - ok
14:07:23.0874 5808 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:07:23.0876 5808 cmdide - ok
14:07:23.0893 5808 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:07:23.0894 5808 Compbatt - ok
14:07:23.0899 5808 COMSysApp - ok
14:07:23.0906 5808 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:07:23.0908 5808 crcdisk - ok
14:07:23.0946 5808 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:07:23.0949 5808 CryptSvc - ok
14:07:23.0997 5808 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
14:07:24.0034 5808 DcomLaunch - ok
14:07:24.0070 5808 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:07:24.0103 5808 DfsC - ok
14:07:24.0201 5808 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
14:07:24.0224 5808 DFSR - ok
14:07:24.0282 5808 [ 867FA8B9E9E3078F68C4089904BBF4B0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
14:07:24.0284 5808 dgderdrv - ok
14:07:24.0313 5808 [ 7156833E6DFE0A804EA5CF7B8876AB7C ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
14:07:24.0316 5808 dg_ssudbus - ok
14:07:24.0362 5808 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:07:24.0369 5808 Dhcp - ok
14:07:24.0389 5808 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
14:07:24.0392 5808 disk - ok
14:07:24.0426 5808 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:07:24.0429 5808 Dnscache - ok
14:07:24.0445 5808 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
14:07:24.0451 5808 dot3svc - ok
14:07:24.0474 5808 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
14:07:24.0478 5808 DPS - ok
14:07:24.0510 5808 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:07:24.0511 5808 drmkaud - ok
14:07:24.0543 5808 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:07:24.0568 5808 DXGKrnl - ok
14:07:24.0601 5808 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:07:24.0605 5808 E1G60 - ok
14:07:24.0645 5808 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
14:07:24.0649 5808 EapHost - ok
14:07:24.0680 5808 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
14:07:24.0684 5808 Ecache - ok
14:07:24.0768 5808 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:07:24.0779 5808 ehRecvr - ok
14:07:24.0798 5808 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
14:07:24.0802 5808 ehSched - ok
14:07:24.0819 5808 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
14:07:24.0821 5808 ehstart - ok
14:07:24.0859 5808 [ BE9EEEA2A8CAC5F6CD92C97F234E2FE1 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
14:07:24.0871 5808 EIO64 - ok
14:07:24.0910 5808 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:07:24.0918 5808 elxstor - ok
14:07:24.0955 5808 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:07:24.0965 5808 EMDMgmt - ok
14:07:25.0004 5808 [ 3A70DC8951B995C73A22B9A23210833E ] enecir C:\Windows\system32\DRIVERS\enecir.sys
14:07:25.0011 5808 enecir - ok
14:07:25.0044 5808 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:07:25.0046 5808 ErrDev - ok
14:07:25.0080 5808 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
14:07:25.0091 5808 EventSystem - ok
14:07:25.0109 5808 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:07:25.0115 5808 exfat - ok
14:07:25.0141 5808 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:07:25.0146 5808 fastfat - ok
14:07:25.0189 5808 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:07:25.0191 5808 fdc - ok
14:07:25.0224 5808 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
14:07:25.0227 5808 fdPHost - ok
14:07:25.0242 5808 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
14:07:25.0246 5808 FDResPub - ok
14:07:25.0262 5808 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:07:25.0266 5808 FileInfo - ok
14:07:25.0289 5808 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:07:25.0291 5808 Filetrace - ok
14:07:25.0303 5808 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:07:25.0304 5808 flpydisk - ok
14:07:25.0328 5808 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:07:25.0334 5808 FltMgr - ok
14:07:25.0390 5808 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:07:25.0393 5808 FontCache3.0.0.0 - ok
14:07:25.0413 5808 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:07:25.0415 5808 Fs_Rec - ok
14:07:25.0435 5808 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:07:25.0437 5808 gagp30kx - ok
14:07:25.0464 5808 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:07:25.0466 5808 GEARAspiWDM - ok
14:07:25.0511 5808 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
14:07:25.0518 5808 gpsvc - ok
14:07:25.0569 5808 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:07:25.0576 5808 HdAudAddService - ok
14:07:25.0596 5808 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:07:25.0599 5808 HDAudBus - ok
14:07:25.0621 5808 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:07:25.0623 5808 HidBth - ok
14:07:25.0647 5808 [ 1D4E03E5C5BA4C3679C38CB6B4C60D5F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:07:25.0649 5808 HidIr - ok
14:07:25.0670 5808 [ 77E34697087CFDBCFD9E0009704FB5AF ] hidserv C:\Windows\system32\hidserv.dll
14:07:25.0674 5808 hidserv - ok
14:07:25.0701 5808 [ 59A7B5E13356C20D67983868242167C5 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:07:25.0705 5808 HidUsb - ok
14:07:25.0734 5808 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
14:07:25.0740 5808 hkmsvc - ok
14:07:25.0779 5808 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:07:25.0781 5808 HpCISSs - ok
14:07:25.0834 5808 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:07:25.0847 5808 HTTP - ok
14:07:25.0873 5808 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:07:25.0875 5808 i2omp - ok
14:07:25.0907 5808 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:07:25.0910 5808 i8042prt - ok
14:07:25.0951 5808 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:07:25.0954 5808 iaStor - ok
14:07:25.0978 5808 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:07:25.0984 5808 iaStorV - ok
14:07:26.0045 5808 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:07:26.0060 5808 IDriverT - ok
14:07:26.0135 5808 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:07:26.0157 5808 idsvc - ok
14:07:26.0190 5808 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:07:26.0192 5808 iirsp - ok
14:07:26.0229 5808 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
14:07:26.0234 5808 IKEEXT - ok
14:07:26.0319 5808 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:07:26.0373 5808 IntcAzAudAddService - ok
14:07:26.0386 5808 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
14:07:26.0388 5808 intelide - ok
14:07:26.0419 5808 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:07:26.0421 5808 intelppm - ok
14:07:26.0461 5808 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:07:26.0466 5808 IPBusEnum - ok
14:07:26.0483 5808 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:07:26.0485 5808 IpFilterDriver - ok
14:07:26.0518 5808 [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:07:26.0526 5808 iphlpsvc - ok
14:07:26.0532 5808 IpInIp - ok
14:07:26.0564 5808 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:07:26.0567 5808 IPMIDRV - ok
14:07:26.0588 5808 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:07:26.0592 5808 IPNAT - ok
14:07:26.0653 5808 [ F0EAC938ECC1B2764D04CE16F8627E56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:07:26.0659 5808 iPod Service - ok
14:07:26.0679 5808 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:07:26.0681 5808 IRENUM - ok
14:07:26.0711 5808 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:07:26.0713 5808 isapnp - ok
14:07:26.0733 5808 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:07:26.0739 5808 iScsiPrt - ok
14:07:26.0760 5808 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:07:26.0762 5808 iteatapi - ok
14:07:26.0800 5808 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:07:26.0802 5808 iteraid - ok
14:07:26.0817 5808 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:07:26.0820 5808 kbdclass - ok
14:07:26.0832 5808 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:07:26.0834 5808 kbdhid - ok
14:07:26.0860 5808 [ 6CC3A43B3C898BC360A89B75C128B05D ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
14:07:26.0862 5808 kbfiltr - ok
14:07:26.0903 5808 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
14:07:26.0907 5808 KeyIso - ok
14:07:26.0933 5808 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:07:26.0942 5808 KSecDD - ok
14:07:26.0982 5808 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:07:26.0985 5808 ksthunk - ok
14:07:27.0059 5808 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
14:07:27.0068 5808 KtmRm - ok
14:07:27.0101 5808 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:07:27.0108 5808 LanmanServer - ok
14:07:27.0156 5808 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:07:27.0164 5808 LanmanWorkstation - ok
14:07:27.0195 5808 [ 5EA407821BB3104C31A705175AB4F309 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:07:27.0198 5808 lirsgt - ok
14:07:27.0223 5808 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:07:27.0226 5808 lltdio - ok
14:07:27.0260 5808 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:07:27.0268 5808 lltdsvc - ok
14:07:27.0280 5808 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:07:27.0285 5808 lmhosts - ok
14:07:27.0313 5808 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:07:27.0315 5808 LSI_FC - ok
14:07:27.0337 5808 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:07:27.0339 5808 LSI_SAS - ok
14:07:27.0355 5808 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:07:27.0358 5808 LSI_SCSI - ok
14:07:27.0381 5808 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
14:07:27.0385 5808 luafv - ok
14:07:27.0414 5808 [ 37B2618E3646D427771AE1719EDADF9C ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
14:07:27.0416 5808 lullaby - ok
14:07:27.0458 5808 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:07:27.0462 5808 Mcx2Svc - ok
14:07:27.0503 5808 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
14:07:27.0505 5808 megasas - ok
14:07:27.0541 5808 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:07:27.0549 5808 MegaSR - ok
14:07:27.0629 5808 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:07:27.0634 5808 Microsoft Office Groove Audit Service - ok
14:07:27.0662 5808 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
14:07:27.0668 5808 MMCSS - ok
14:07:27.0697 5808 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
14:07:27.0700 5808 Modem - ok
14:07:27.0709 5808 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:07:27.0712 5808 monitor - ok
14:07:27.0722 5808 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:07:27.0724 5808 mouclass - ok
14:07:27.0747 5808 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:07:27.0749 5808 mouhid - ok
14:07:27.0760 5808 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:07:27.0764 5808 MountMgr - ok
14:07:27.0783 5808 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
14:07:27.0785 5808 mpio - ok
14:07:27.0808 5808 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:07:27.0811 5808 mpsdrv - ok
14:07:27.0849 5808 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll
14:07:27.0871 5808 MpsSvc - ok
14:07:27.0890 5808 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:07:27.0892 5808 Mraid35x - ok
14:07:27.0928 5808 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:07:27.0932 5808 MRxDAV - ok
14:07:27.0968 5808 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:07:27.0989 5808 mrxsmb - ok
14:07:28.0003 5808 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:07:28.0024 5808 mrxsmb10 - ok
14:07:28.0034 5808 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:07:28.0046 5808 mrxsmb20 - ok
14:07:28.0077 5808 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
14:07:28.0079 5808 msahci - ok
14:07:28.0099 5808 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:07:28.0102 5808 msdsm - ok
14:07:28.0120 5808 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
14:07:28.0124 5808 MSDTC - ok
14:07:28.0141 5808 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:07:28.0143 5808 Msfs - ok
14:07:28.0177 5808 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:07:28.0179 5808 msisadrv - ok
14:07:28.0211 5808 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:07:28.0217 5808 MSiSCSI - ok
14:07:28.0221 5808 msiserver - ok
14:07:28.0240 5808 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:07:28.0242 5808 MSKSSRV - ok
14:07:28.0271 5808 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:07:28.0274 5808 MSPCLOCK - ok
14:07:28.0292 5808 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:07:28.0294 5808 MSPQM - ok
14:07:28.0316 5808 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:07:28.0323 5808 MsRPC - ok
14:07:28.0336 5808 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:07:28.0339 5808 mssmbios - ok
14:07:28.0368 5808 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:07:28.0371 5808 MSTEE - ok
14:07:28.0402 5808 [ A523D9F6AEB152C4480D754DF7FA9F7F ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
14:07:28.0412 5808 MTsensor - ok
14:07:28.0424 5808 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
14:07:28.0426 5808 Mup - ok
14:07:28.0457 5808 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
14:07:28.0467 5808 napagent - ok
14:07:28.0500 5808 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:07:28.0504 5808 NativeWifiP - ok
14:07:28.0545 5808 [ 1197CAC7A5A857C7A0CA2FC8D68A3385 ] NCHVSC64 C:\Windows\system32\drivers\nchvsc64.sys
14:07:28.0558 5808 NCHVSC64 - ok
14:07:28.0607 5808 [ F9A3AE5C9F047D71A36A99F9ABCA7D02 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:07:28.0628 5808 NDIS - ok
14:07:28.0640 5808 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:07:28.0643 5808 NdisTapi - ok
14:07:28.0652 5808 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:07:28.0655 5808 Ndisuio - ok
14:07:28.0672 5808 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:07:28.0677 5808 NdisWan - ok
14:07:28.0695 5808 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:07:28.0697 5808 NDProxy - ok
14:07:28.0703 5808 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:07:28.0705 5808 NetBIOS - ok
14:07:28.0721 5808 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:07:28.0727 5808 netbt - ok
14:07:28.0741 5808 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
14:07:28.0744 5808 Netlogon - ok
14:07:28.0777 5808 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
14:07:28.0788 5808 Netman - ok
14:07:28.0810 5808 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
14:07:28.0816 5808 netprofm - ok
14:07:28.0848 5808 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:07:28.0852 5808 NetTcpPortSharing - ok
14:07:28.0883 5808 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:07:28.0886 5808 nfrd960 - ok
14:07:28.0913 5808 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
14:07:28.0921 5808 NlaSvc - ok
14:07:28.0980 5808 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
14:07:28.0988 5808 NMIndexingService - ok
14:07:29.0033 5808 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
14:07:29.0035 5808 NPF - ok
14:07:29.0051 5808 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:07:29.0053 5808 Npfs - ok
14:07:29.0083 5808 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
14:07:29.0087 5808 nsi - ok
14:07:29.0103 5808 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:07:29.0105 5808 nsiproxy - ok
14:07:29.0150 5808 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:07:29.0183 5808 Ntfs - ok
14:07:29.0191 5808 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
14:07:29.0194 5808 Null - ok
14:07:29.0427 5808 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:07:29.0626 5808 nvlddmkm - ok
14:07:29.0655 5808 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:07:29.0658 5808 nvraid - ok
14:07:29.0678 5808 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:07:29.0680 5808 nvstor - ok
14:07:29.0721 5808 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:07:29.0729 5808 nvsvc - ok
14:07:29.0819 5808 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:07:29.0827 5808 nvUpdatusService - ok
14:07:29.0853 5808 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:07:29.0855 5808 nv_agp - ok
14:07:29.0860 5808 NwlnkFlt - ok
14:07:29.0864 5808 NwlnkFwd - ok
14:07:29.0952 5808 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:07:29.0960 5808 odserv - ok
14:07:29.0980 5808 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:07:29.0983 5808 ohci1394 - ok
14:07:30.0022 5808 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:30.0026 5808 ose - ok
14:07:30.0064 5808 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:07:30.0098 5808 p2pimsvc - ok
14:07:30.0130 5808 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
14:07:30.0138 5808 p2psvc - ok
14:07:30.0161 5808 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
14:07:30.0164 5808 Parport - ok
14:07:30.0188 5808 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:07:30.0191 5808 partmgr - ok
14:07:30.0201 5808 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
14:07:30.0207 5808 PcaSvc - ok
14:07:30.0225 5808 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
14:07:30.0230 5808 pci - ok
14:07:30.0238 5808 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:07:30.0240 5808 pciide - ok
14:07:30.0262 5808 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:07:30.0267 5808 pcmcia - ok
14:07:30.0289 5808 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:07:30.0300 5808 PEAUTH - ok
14:07:30.0359 5808 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:07:30.0363 5808 PerfHost - ok
14:07:30.0419 5808 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
14:07:30.0450 5808 pla - ok
14:07:30.0480 5808 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:07:30.0492 5808 PlugPlay - ok
14:07:30.0526 5808 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:07:30.0534 5808 PNRPAutoReg - ok
14:07:30.0559 5808 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:07:30.0567 5808 PNRPsvc - ok
14:07:30.0597 5808 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:07:30.0608 5808 PolicyAgent - ok
14:07:30.0630 5808 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:07:30.0633 5808 PptpMiniport - ok
14:07:30.0650 5808 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
14:07:30.0653 5808 Processor - ok
14:07:30.0657 5808 prodrv06 - ok
14:07:30.0695 5808 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
14:07:30.0703 5808 ProfSvc - ok
14:07:30.0716 5808 prohlp02 - ok
14:07:30.0732 5808 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:07:30.0736 5808 ProtectedStorage - ok
14:07:30.0753 5808 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:07:30.0757 5808 PSched - ok
14:07:30.0800 5808 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:07:30.0833 5808 ql2300 - ok
14:07:30.0865 5808 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:07:30.0867 5808 ql40xx - ok
14:07:30.0891 5808 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
14:07:30.0901 5808 QWAVE - ok
14:07:30.0911 5808 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:07:30.0913 5808 QWAVEdrv - ok
14:07:30.0927 5808 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:07:30.0930 5808 RasAcd - ok
14:07:30.0973 5808 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
14:07:30.0978 5808 RasAuto - ok
14:07:30.0996 5808 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:31.0000 5808 Rasl2tp - ok
14:07:31.0017 5808 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
14:07:31.0027 5808 RasMan - ok
14:07:31.0047 5808 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:31.0050 5808 RasPppoe - ok
14:07:31.0076 5808 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:07:31.0078 5808 RasSstp - ok
14:07:31.0101 5808 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:07:31.0108 5808 rdbss - ok
14:07:31.0119 5808 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:07:31.0121 5808 RDPCDD - ok
14:07:31.0146 5808 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:07:31.0153 5808 rdpdr - ok
14:07:31.0157 5808 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:07:31.0160 5808 RDPENCDD - ok
14:07:31.0187 5808 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:07:31.0192 5808 RDPWD - ok
14:07:31.0238 5808 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys
14:07:31.0240 5808 regi - ok
14:07:31.0275 5808 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:07:31.0279 5808 RemoteAccess - ok
14:07:31.0299 5808 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:07:31.0307 5808 RemoteRegistry - ok
14:07:31.0328 5808 [ 72C35598BA591ABDDC37FCE7D26FE1C4 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:07:31.0333 5808 RFCOMM - ok
14:07:31.0362 5808 [ 4CCF35F5086CDBF5E6C51A1CFBD0B269 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
14:07:31.0365 5808 rimmptsk - ok
14:07:31.0394 5808 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
14:07:31.0397 5808 rimsptsk - ok
14:07:31.0407 5808 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
14:07:31.0411 5808 rismxdp - ok
14:07:31.0468 5808 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
14:07:31.0471 5808 rpcapd - ok
14:07:31.0500 5808 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
14:07:31.0503 5808 RpcLocator - ok
14:07:31.0545 5808 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
14:07:31.0552 5808 RpcSs - ok
14:07:31.0583 5808 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:07:31.0586 5808 rspndr - ok
14:07:31.0624 5808 [ A2CBE070FBA458357ACEF41C3F3906CA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
14:07:31.0629 5808 RTL8169 - ok
14:07:31.0646 5808 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
14:07:31.0649 5808 SamSs - ok
14:07:31.0668 5808 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:07:31.0671 5808 sbp2port - ok
14:07:31.0700 5808 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:07:31.0708 5808 SCardSvr - ok
14:07:31.0759 5808 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
14:07:31.0786 5808 Schedule - ok
14:07:31.0813 5808 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:07:31.0815 5808 SCPolicySvc - ok
14:07:31.0855 5808 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:07:31.0860 5808 sdbus - ok
14:07:31.0891 5808 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:07:31.0897 5808 SDRSVC - ok
14:07:31.0910 5808 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:07:31.0913 5808 secdrv - ok
14:07:31.0922 5808 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
14:07:31.0928 5808 seclogon - ok
14:07:31.0945 5808 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
14:07:31.0951 5808 SENS - ok
14:07:31.0966 5808 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:07:31.0969 5808 Serenum - ok
14:07:32.0007 5808 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
14:07:32.0010 5808 Serial - ok
14:07:32.0033 5808 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:07:32.0035 5808 sermouse - ok
14:07:32.0068 5808 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
14:07:32.0073 5808 SessionEnv - ok
14:07:32.0097 5808 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:07:32.0100 5808 sffdisk - ok
14:07:32.0112 5808 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:07:32.0115 5808 sffp_mmc - ok
14:07:32.0125 5808 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:07:32.0128 5808 sffp_sd - ok
14:07:32.0133 5808 sfhlp01 - ok
14:07:32.0145 5808 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:07:32.0148 5808 sfloppy - ok
14:07:32.0191 5808 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:07:32.0199 5808 SharedAccess - ok
14:07:32.0231 5808 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:07:32.0241 5808 ShellHWDetection - ok
14:07:32.0254 5808 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:07:32.0257 5808 SiSRaid2 - ok
14:07:32.0296 5808 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:07:32.0298 5808 SiSRaid4 - ok
14:07:32.0367 5808 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
14:07:32.0432 5808 slsvc - ok
14:07:32.0445 5808 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:07:32.0452 5808 SLUINotify - ok
14:07:32.0479 5808 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:07:32.0482 5808 Smb - ok
14:07:32.0513 5808 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:07:32.0519 5808 SNMPTRAP - ok
14:07:32.0522 5808 SNP2UVC - ok
14:07:32.0537 5808 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
14:07:32.0539 5808 spldr - ok
14:07:32.0570 5808 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
14:07:32.0576 5808 Spooler - ok
14:07:32.0634 5808 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
14:07:32.0659 5808 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
14:07:32.0661 5808 sptd ( LockedFile.Multi.Generic ) - warning
14:07:32.0661 5808 sptd - detected LockedFile.Multi.Generic (1)
14:07:32.0690 5808 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:07:32.0700 5808 srv - ok
14:07:32.0719 5808 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:07:32.0732 5808 srv2 - ok
14:07:32.0750 5808 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:07:32.0762 5808 srvnet - ok
14:07:32.0805 5808 [ F74634F46692C8315E7F37F698AF3225 ] sscebus C:\Windows\system32\DRIVERS\sscebus.sys
14:07:32.0808 5808 sscebus - ok
14:07:32.0842 5808 [ 82732B391EFD69B0548044BE9CB37BFC ] sscemdfl C:\Windows\system32\DRIVERS\sscemdfl.sys
14:07:32.0844 5808 sscemdfl - ok
14:07:32.0881 5808 [ 43D56ACE4469D90F9790E8352D87D9B5 ] sscemdm C:\Windows\system32\DRIVERS\sscemdm.sys
14:07:32.0886 5808 sscemdm - ok
14:07:32.0928 5808 [ DB504EF6D73F6B8AB5CF8A18560C4E2A ] ssceserd C:\Windows\system32\DRIVERS\ssceserd.sys
14:07:32.0930 5808 ssceserd - ok
14:07:32.0968 5808 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:07:32.0976 5808 SSDPSRV - ok
14:07:33.0001 5808 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:07:33.0010 5808 SstpSvc - ok
14:07:33.0035 5808 [ 9E1BFA37FCF943C3B48F71F08019EA95 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
14:07:33.0039 5808 ssudmdm - ok
14:07:33.0074 5808 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
14:07:33.0096 5808 stisvc - ok
14:07:33.0124 5808 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:07:33.0127 5808 swenum - ok
14:07:33.0152 5808 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
14:07:33.0174 5808 swprv - ok
14:07:33.0221 5808 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:07:33.0224 5808 Symc8xx - ok
14:07:33.0285 5808 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:07:33.0287 5808 Sym_hi - ok
14:07:33.0324 5808 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:07:33.0326 5808 Sym_u3 - ok
14:07:33.0362 5808 [ 572438150FC79E41A0348E3DC56B1DD2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:07:33.0369 5808 SynTP - ok
14:07:33.0410 5808 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
14:07:33.0443 5808 SysMain - ok
14:07:33.0454 5808 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:07:33.0462 5808 TabletInputService - ok
14:07:33.0487 5808 [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
14:07:33.0491 5808 tap0901 - ok
14:07:33.0511 5808 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
14:07:33.0521 5808 TapiSrv - ok
14:07:33.0536 5808 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
14:07:33.0542 5808 TBS - ok
14:07:33.0595 5808 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:07:33.0628 5808 Tcpip - ok
14:07:33.0672 5808 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:07:33.0681 5808 Tcpip6 - ok
14:07:33.0703 5808 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:07:33.0705 5808 tcpipreg - ok
14:07:33.0723 5808 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:07:33.0726 5808 TDPIPE - ok
14:07:33.0738 5808 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:07:33.0740 5808 TDTCP - ok
14:07:33.0757 5808 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:07:33.0760 5808 tdx - ok
14:07:33.0774 5808 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:07:33.0777 5808 TermDD - ok
14:07:33.0816 5808 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
14:07:33.0838 5808 TermService - ok
14:07:33.0876 5808 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
14:07:33.0879 5808 TFsExDisk - ok
14:07:33.0903 5808 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
14:07:33.0909 5808 Themes - ok
14:07:33.0924 5808 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
14:07:33.0927 5808 THREADORDER - ok
14:07:33.0962 5808 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
14:07:33.0970 5808 TrkWks - ok
14:07:34.0016 5808 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:07:34.0018 5808 TrustedInstaller - ok
14:07:34.0038 5808 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:34.0041 5808 tssecsrv - ok
14:07:34.0082 5808 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:07:34.0085 5808 tunmp - ok
14:07:34.0123 5808 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:07:34.0126 5808 tunnel - ok
14:07:34.0143 5808 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:07:34.0145 5808 uagp35 - ok
14:07:34.0166 5808 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:07:34.0173 5808 udfs - ok
14:07:34.0214 5808 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:07:34.0220 5808 UI0Detect - ok
14:07:34.0238 5808 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:07:34.0241 5808 uliagpkx - ok
14:07:34.0274 5808 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:07:34.0280 5808 uliahci - ok
14:07:34.0302 5808 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:07:34.0306 5808 UlSata - ok
14:07:34.0328 5808 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:07:34.0332 5808 ulsata2 - ok
14:07:34.0353 5808 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:07:34.0356 5808 umbus - ok
14:07:34.0392 5808 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
14:07:34.0403 5808 upnphost - ok
14:07:34.0443 5808 [ 7AA2140EFCDA380FC3A316ABC9A2D5B8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:34.0446 5808 usbccgp - ok
14:07:34.0460 5808 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:07:34.0463 5808 usbcir - ok
14:07:34.0487 5808 [ 0D46D05B1E2B525E3E85E97B80B80DAA ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:07:34.0490 5808 usbehci - ok
14:07:34.0503 5808 [ 6F78F68C6743148DEE949DDACB49E7AC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:07:34.0510 5808 usbhub - ok
14:07:34.0529 5808 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:07:34.0532 5808 usbohci - ok
14:07:34.0550 5808 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:07:34.0553 5808 usbprint - ok
14:07:34.0581 5808 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:34.0584 5808 USBSTOR - ok
14:07:34.0601 5808 [ AFBFDDEE8CA91455F691F9EAD6520468 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:07:34.0604 5808 usbuhci - ok
14:07:34.0633 5808 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:07:34.0638 5808 usbvideo - ok
14:07:34.0678 5808 [ 567D09D1C41809550ECE9ED22D6D612B ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:07:34.0681 5808 usb_rndisx - ok
14:07:34.0705 5808 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
14:07:34.0711 5808 UxSms - ok
14:07:34.0732 5808 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
14:07:34.0755 5808 vds - ok
14:07:34.0799 5808 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:34.0802 5808 vga - ok
14:07:34.0825 5808 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:07:34.0829 5808 VgaSave - ok
14:07:34.0845 5808 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
14:07:34.0847 5808 viaide - ok
14:07:34.0872 5808 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:07:34.0875 5808 volmgr - ok
14:07:34.0891 5808 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:07:34.0899 5808 volmgrx - ok
14:07:34.0906 5808 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:07:34.0912 5808 volsnap - ok
14:07:34.0936 5808 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:07:34.0940 5808 vsmraid - ok
14:07:34.0990 5808 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
14:07:35.0024 5808 VSS - ok
14:07:35.0049 5808 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
14:07:35.0061 5808 W32Time - ok
14:07:35.0067 5808 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:07:35.0070 5808 WacomPen - ok
14:07:35.0082 5808 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:07:35.0085 5808 Wanarp - ok
14:07:35.0090 5808 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:07:35.0092 5808 Wanarpv6 - ok
14:07:35.0144 5808 [ 8DD42F233EC1317E5F7B0FC61E3D9BC2 ] WBVGAservice C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
14:07:35.0146 5808 WBVGAservice - ok
14:07:35.0182 5808 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:07:35.0204 5808 wcncsvc - ok
14:07:35.0215 5808 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:07:35.0221 5808 WcsPlugInService - ok
14:07:35.0251 5808 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
14:07:35.0253 5808 Wd - ok
14:07:35.0293 5808 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:07:35.0318 5808 Wdf01000 - ok
14:07:35.0328 5808 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:07:35.0337 5808 WdiServiceHost - ok
14:07:35.0341 5808 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:07:35.0346 5808 WdiSystemHost - ok
14:07:35.0384 5808 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
14:07:35.0393 5808 WebClient - ok
14:07:35.0415 5808 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:07:35.0425 5808 Wecsvc - ok
14:07:35.0442 5808 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:07:35.0450 5808 wercplsupport - ok
14:07:35.0476 5808 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll
14:07:35.0484 5808 WerSvc - ok
14:07:35.0513 5808 WinDefend - ok
14:07:35.0518 5808 WinHttpAutoProxySvc - ok
14:07:35.0573 5808 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:07:35.0630 5808 Winmgmt - ok
14:07:35.0674 5808 [ AEB6C5200FD5517F06076AF0EE4538E1 ] WinRM C:\Windows\system32\WsmSvc.dll
14:07:35.0686 5808 WinRM - ok
14:07:35.0721 5808 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
14:07:35.0754 5808 Wlansvc - ok
14:07:35.0774 5808 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:07:35.0777 5808 WmiAcpi - ok
14:07:35.0805 5808 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:07:35.0810 5808 wmiApSrv - ok
14:07:35.0828 5808 WMPNetworkSvc - ok
14:07:35.0853 5808 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:07:35.0863 5808 WPCSvc - ok
14:07:35.0880 5808 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:07:35.0887 5808 WPDBusEnum - ok
14:07:35.0908 5808 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:07:35.0911 5808 WpdUsb - ok
14:07:35.0949 5808 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:07:35.0951 5808 ws2ifsl - ok
14:07:35.0982 5808 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll
14:07:35.0990 5808 wscsvc - ok
14:07:35.0994 5808 WSearch - ok
14:07:36.0059 5808 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll
14:07:36.0077 5808 wuauserv - ok
14:07:36.0127 5808 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:36.0130 5808 WUDFRd - ok
14:07:36.0148 5808 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:07:36.0156 5808 wudfsvc - ok
14:07:36.0185 5808 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
14:07:36.0190 5808 yukonx64 - ok
14:07:36.0200 5808 ================ Scan global ===============================
14:07:36.0233 5808 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:07:36.0267 5808 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
14:07:36.0307 5808 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
14:07:36.0352 5808 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
14:07:36.0361 5808 [Global] - ok
14:07:36.0362 5808 ================ Scan MBR ==================================
14:07:36.0379 5808 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
14:07:37.0111 5808 \Device\Harddisk0\DR0 - ok
14:07:37.0112 5808 ================ Scan VBR ==================================
14:07:37.0114 5808 [ 73D9627E614CF4D572E7B749092407C3 ] \Device\Harddisk0\DR0\Partition1
14:07:37.0116 5808 \Device\Harddisk0\DR0\Partition1 - ok
14:07:37.0140 5808 [ F6E230F09BC2D6457565FE4C792B5980 ] \Device\Harddisk0\DR0\Partition2
14:07:37.0142 5808 \Device\Harddisk0\DR0\Partition2 - ok
14:07:37.0155 5808 [ 3F89772803350ADF1F31AF1A9206320A ] \Device\Harddisk0\DR0\Partition3
14:07:37.0158 5808 \Device\Harddisk0\DR0\Partition3 - ok
14:07:37.0158 5808 ============================================================
14:07:37.0158 5808 Scan finished
14:07:37.0158 5808 ============================================================
14:07:37.0167 6912 Detected object count: 1
14:07:37.0167 6912 Actual detected object count: 1
14:08:18.0895 6912 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:08:18.0895 6912 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

LG Andi

aharonov · 20.04.2013, 13:17

Ok, dann los:

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von OTL

Kudla · 21.04.2013, 00:37

Teil 1 vom AdwCleaner:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 21/04/2013 um 00:59:16 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Sicherheit - ANDI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sicherheit\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\SICHER~1\AppData\Local\Temp\searchqutoolbar-manifest.xml
Gelöscht mit Neustart : C:\Program Files\Babylon
Gelöscht mit Neustart : C:\Users\Andreas\AppData\LocalLow\searchquband
Gelöscht mit Neustart : C:\Users\Andreas\AppData\LocalLow\Searchqutoolbar
Gelöscht mit Neustart : C:\Users\Andreas\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\Andreas\AppData\Roaming\vghd

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Andreas\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://www.searchqu.com/

Datei : C:\Users\Sicherheit\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8613 octets] - [21/04/2013 00:59:16]

########## EOF - C:\AdwCleaner[S1].txt - [8673 octets] ##########

--- --- ---

Teil 2:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 21/04/2013 um 01:04:22 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Sicherheit - ANDI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sicherheit\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files\Babylon
Gelöscht mit Neustart : C:\Users\Andreas\AppData\LocalLow\searchquband
Gelöscht mit Neustart : C:\Users\Andreas\AppData\LocalLow\Searchqutoolbar
Gelöscht mit Neustart : C:\Users\Andreas\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\Andreas\AppData\Roaming\vghd

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Andreas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Sicherheit\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8684 octets] - [21/04/2013 00:59:16]
AdwCleaner[S2].txt - [1213 octets] - [21/04/2013 01:04:22]

########## EOF - C:\AdwCleaner[S2].txt - [1273 octets] ##########

--- --- ---

Logfile vom Combofix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-04-20.02 - Sicherheit 21.04.2013   1:24.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.4862.3423 [GMT 2:00]
ausgeführt von:: c:\users\Sicherheit\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\Microsoft\Windows\Templates\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
c:\users\Andreas\AppData\Local\uninstall.tmp
c:\users\Andreas\AppData\Roaming\skype.dat
c:\users\Andreas\AppData\Roaming\skype.ini
c:\windows\msvcr71.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\SET2915.tmp
c:\windows\SysWow64\SETFE9.tmp
c:\windows\SysWow64\suf3BC9.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-20 bis 2013-04-20  ))))))))))))))))))))))))))))))
.
.
2013-04-20 23:31 . 2013-04-20 23:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-20 23:31 . 2013-04-20 23:31	--------	d-----w-	c:\users\Andreas\AppData\Local\temp
2013-04-20 22:59 . 2013-04-20 23:04	684	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-17 22:36 . 2011-05-18 02:08	694784	----a-w-	c:\windows\system32\drivers\bthport.sys
2013-04-17 22:36 . 2011-05-18 02:08	204288	----a-w-	c:\windows\system32\fsquirt.exe
2013-04-17 22:36 . 2011-05-18 02:08	26624	----a-w-	c:\windows\system32\drivers\bthenum.sys
2013-04-17 22:36 . 2011-05-18 02:08	35328	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2013-04-16 22:04 . 2010-09-20 12:14	316416	----a-w-	c:\windows\system32\msshsq.dll
2013-04-16 22:04 . 2010-09-20 09:25	231936	----a-w-	c:\windows\SysWow64\msshsq.dll
2013-04-16 21:45 . 2010-08-31 15:21	633856	----a-w-	c:\windows\system32\comctl32.dll
2013-04-16 21:45 . 2010-08-31 15:40	531968	----a-w-	c:\windows\SysWow64\comctl32.dll
2013-04-16 21:45 . 2010-10-18 14:25	87552	----a-w-	c:\windows\system32\consent.exe
2013-04-16 21:44 . 2010-02-18 14:21	224256	----a-w-	c:\windows\system32\iphlpsvc.dll
2013-04-16 21:44 . 2010-02-18 12:15	29696	----a-w-	c:\windows\system32\drivers\tunnel.sys
2013-04-16 21:43 . 2010-08-31 15:41	954752	----a-w-	c:\windows\SysWow64\mfc40.dll
2013-04-16 21:43 . 2010-08-31 15:41	954288	----a-w-	c:\windows\SysWow64\mfc40u.dll
2013-04-16 21:43 . 2010-09-10 17:30	13425152	----a-w-	c:\windows\system32\wmp.dll
2013-04-16 21:43 . 2010-09-10 16:35	168960	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-04-16 21:43 . 2010-09-10 15:51	171008	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-04-16 21:43 . 2010-09-10 16:37	8147456	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-04-16 21:43 . 2010-09-10 15:52	8147968	----a-w-	c:\windows\system32\wmploc.DLL
2013-04-16 21:41 . 2009-07-10 12:37	301568	----a-w-	c:\windows\system32\shsvcs.dll
2013-04-16 21:41 . 2010-10-15 14:02	4692368	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-16 21:41 . 2010-10-15 13:43	1560960	----a-w-	c:\windows\system32\ntdll.dll
2013-04-16 21:41 . 2010-10-15 13:43	1167488	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-04-16 21:41 . 2009-08-10 14:09	1794560	----a-w-	c:\windows\system32\msxml6.dll
2013-04-16 21:41 . 2009-08-10 11:01	1399296	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-04-16 21:41 . 2011-01-21 15:56	12898304	----a-w-	c:\windows\system32\shell32.dll
2013-04-16 21:38 . 2011-02-18 13:50	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2013-04-16 21:38 . 2011-02-16 13:44	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-04-16 21:38 . 2011-02-16 15:36	48128	----a-w-	c:\windows\system32\atmlib.dll
2013-04-16 21:38 . 2011-02-16 15:29	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-04-16 21:38 . 2011-02-16 13:24	292864	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-04-16 21:38 . 2010-06-16 15:52	96256	----a-w-	c:\windows\system32\fontsub.dll
2013-04-16 21:38 . 2010-06-16 15:12	72704	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-04-16 21:38 . 2010-09-06 15:59	179712	----a-w-	c:\windows\system32\srvsvc.dll
2013-04-16 21:38 . 2010-09-06 16:24	9728	----a-w-	c:\windows\SysWow64\sscore.dll
2013-04-16 21:38 . 2010-09-06 16:23	17920	----a-w-	c:\windows\SysWow64\netevent.dll
2013-04-16 21:38 . 2010-09-06 15:59	12288	----a-w-	c:\windows\system32\sscore.dll
2013-04-16 21:38 . 2010-09-06 15:57	17920	----a-w-	c:\windows\system32\netevent.dll
2013-04-16 21:37 . 2010-10-12 16:16	35328	----a-w-	c:\program files\Windows Mail\wabfind.dll
2013-04-16 21:37 . 2010-10-12 14:15	68096	----a-w-	c:\program files\Windows Mail\wabmig.exe
2013-04-16 21:37 . 2010-10-12 14:15	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2013-04-16 21:37 . 2010-10-12 13:52	66048	----a-w-	c:\program files (x86)\Windows Mail\wabmig.exe
2013-04-16 21:37 . 2010-10-12 13:52	515584	----a-w-	c:\program files (x86)\Windows Mail\wab.exe
2013-04-16 21:37 . 2010-10-12 15:48	33280	----a-w-	c:\program files (x86)\Windows Mail\wabfind.dll
2013-04-16 21:37 . 2010-10-28 13:17	2048	----a-w-	c:\windows\system32\tzres.dll
2013-04-16 21:37 . 2010-10-28 12:56	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-04-16 21:35 . 2011-03-10 16:30	1360384	----a-w-	c:\windows\system32\mfc42u.dll
2013-04-16 21:35 . 2011-03-10 16:30	1398784	----a-w-	c:\windows\system32\mfc42.dll
2013-04-16 21:35 . 2011-03-10 16:12	1136640	----a-w-	c:\windows\SysWow64\mfc42.dll
2013-04-16 21:35 . 2011-03-10 16:12	1161728	----a-w-	c:\windows\SysWow64\mfc42u.dll
2013-04-16 21:35 . 2010-12-14 16:20	1251840	----a-w-	c:\windows\system32\sdclt.exe
2013-04-16 21:23 . 2010-11-06 04:35	854528	----a-w-	c:\windows\system32\schedsvc.dll
2013-04-16 21:23 . 2010-11-06 04:35	499712	----a-w-	c:\windows\system32\wmicmiplugin.dll
2013-04-16 21:23 . 2010-11-06 04:35	655872	----a-w-	c:\windows\system32\taskschd.dll
2013-04-16 21:23 . 2010-11-06 11:10	357376	----a-w-	c:\windows\SysWow64\taskschd.dll
2013-04-16 21:23 . 2010-11-06 11:10	270336	----a-w-	c:\windows\SysWow64\taskcomp.dll
2013-04-16 21:23 . 2010-11-06 04:35	410112	----a-w-	c:\windows\system32\taskcomp.dll
2013-04-16 21:23 . 2010-11-05 00:53	171520	----a-w-	c:\windows\SysWow64\taskeng.exe
2013-04-16 21:23 . 2010-11-04 21:16	267776	----a-w-	c:\windows\system32\taskeng.exe
2013-04-16 21:21 . 2010-08-20 15:56	1090048	----a-w-	c:\windows\system32\wmpmde.dll
2013-04-16 21:21 . 2010-08-20 15:21	866816	----a-w-	c:\windows\SysWow64\wmpmde.dll
2013-04-16 21:21 . 2011-03-02 15:10	117760	----a-w-	c:\windows\system32\dnsrslvr.dll
2013-04-16 21:21 . 2011-03-02 15:10	221184	----a-w-	c:\windows\system32\dnsapi.dll
2013-04-16 21:21 . 2009-05-04 10:38	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2013-04-16 21:21 . 2009-05-04 10:11	25088	----a-w-	c:\windows\SysWow64\dnscacheugc.exe
2013-04-16 20:50 . 2013-04-16 20:51	--------	d-----w-	c:\users\Sicherheit
2013-04-02 21:02 . 2013-04-02 21:02	--------	d-----w-	c:\program files\Bonjour
2013-04-02 21:02 . 2013-04-02 21:02	--------	d-----w-	c:\program files (x86)\Bonjour
2013-04-02 21:01 . 2013-04-02 21:01	--------	d-----w-	c:\program files (x86)\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-20 23:06 . 2009-09-20 10:16	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-04-01 17:58 . 2006-11-02 12:35	72702784	----a-w-	c:\windows\system32\mrt.exe
2013-03-15 23:40 . 2012-04-24 15:53	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 23:40 . 2011-05-15 01:57	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 03:25 . 2013-02-18 20:54	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2013-02-18 20:54	7569184	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-02-18 20:54	6267240	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-02-18 20:54	26947360	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-10 03:25 . 2013-02-18 20:54	20534560	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-02-18 20:54	12862400	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-10 03:25 . 2013-02-18 20:54	11040544	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:25 . 2013-02-18 20:54	1807136	----a-w-	c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-02-18 20:54	1510176	----a-w-	c:\windows\system32\nvdispgenco6420162.dll
2013-02-10 03:25 . 2013-02-18 20:54	9422672	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-02-18 20:54	7964680	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-02-18 20:54	2911008	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-02-18 20:54	2726176	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-02-18 20:54	2350368	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-02-18 20:54	1990944	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-02-18 20:54	25256736	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-02-18 20:54	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-10 03:25 . 2009-07-01 22:59	15038296	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-10 03:25 . 2009-02-19 03:40	17987192	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2009-02-19 03:40	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2008-12-16 07:02	2528840	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-10 01:04 . 2011-01-07 18:50	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2011-01-07 18:49	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2011-01-07 18:49	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-10 01:04 . 2011-01-07 18:49	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2011-01-07 18:49	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2009-07-02 00:20	63776	----a-w-	c:\windows\system32\nvshext.dll
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-08 2861624]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2008-10-01 1025536]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2008-10-14 2987008]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-09-20 3054136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"amd_dc_opt"="c:\program files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"Realtime Audio Engine"="mmrtkrnl.exe" [2009-11-23 70144]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-29 2077536]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 23:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.43.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MJ - c:\program files (x86)\d-lusion\MJ\uninstall.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-Uplay - d:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-21  01:33:28
ComboFix-quarantined-files.txt  2013-04-20 23:33
.
Vor Suchlauf: 9 Verzeichnis(se), 57.346.666.496 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 65.675.841.536 Bytes frei
.
- - End Of File - - 7FB55E9C87A2AE40184BD5B9D08B23BB

--- --- ---

OTL-Logfile:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.04.2013 01:44:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sicherheit\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,75 Gb Total Physical Memory | 3,03 Gb Available Physical Memory | 63,89% Memory free
9,70 Gb Paging File | 7,85 Gb Available in Paging File | 80,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,96 Gb Total Space | 61,24 Gb Free Space | 51,91% Space Free | Partition Type: NTFS
Drive D: | 220,18 Gb Total Space | 92,87 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Drive G: | 114,92 Gb Total Space | 56,85 Gb Free Space | 49,47% Space Free | Partition Type: NTFS
 
Computer Name: ANDI | User Name: Sicherheit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.18 23:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sicherheit\Desktop\OTL.exe
PRC - [2013.04.16 23:12:54 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\Opera.exe
PRC - [2012.01.29 14:43:17 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010.11.24 21:51:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010.07.21 11:03:18 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010.07.17 19:17:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009.11.23 22:40:22 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\SysWOW64\mmrtkrnl.exe
PRC - [2009.09.20 12:07:23 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.20 11:17:46 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.04.07 18:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009.03.21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.03.04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.10.15 01:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
PRC - [2008.08.14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.08.14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.07.19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.10.15 01:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
MOD - [2008.08.28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2008.05.23 06:24:10 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
MOD - [2008.02.17 07:08:46 | 000,950,272 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2005.05.12 00:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013.03.16 01:40:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.07.21 11:03:18 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.17 19:17:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.02.07 01:57:18 | 000,072,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.15 22:02:49 | 000,282,976 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011.09.12 20:18:11 | 000,035,664 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011.07.20 09:46:06 | 000,203,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.07.20 09:46:06 | 000,095,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.06.09 22:28:16 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.09 22:28:10 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.06 01:21:57 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010.08.02 11:00:50 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.26 15:18:58 | 000,020,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.07.26 15:15:26 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:22 | 000,161,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.04.27 04:25:22 | 000,129,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssceserd.sys -- (ssceserd)
DRV:64bit: - [2010.04.27 04:25:22 | 000,127,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.04.27 04:25:22 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.11.25 14:59:28 | 000,058,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nchvsc64.sys -- (NCHVSC64)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.09.20 11:37:17 | 000,035,384 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.02 02:46:40 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.02.11 11:26:17 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.01.14 02:48:18 | 001,187,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008.11.03 09:03:27 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008.07.09 11:16:19 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008.05.13 15:02:13 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008.05.13 15:02:11 | 000,121,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008.05.02 07:59:47 | 000,166,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.02.16 03:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.01.29 04:46:57 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.01.24 07:24:23 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008.01.21 04:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007.12.06 12:12:55 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007.10.17 06:54:20 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - [2007.07.28 04:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007.07.27 05:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007.04.16 20:51:50 | 000,014,112 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006.10.27 15:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006.10.04 03:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006.06.27 15:24:22 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys -- (AmdTools64)
DRV - [2010.07.26 15:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4136263938-1271678022-4162842909-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4136263938-1271678022-4162842909-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.05 21:42:16 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.04.21 01:31:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4136263938-1271678022-4162842909-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll] C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll (DivX, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4136263938-1271678022-4162842909-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4136263938-1271678022-4162842909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4136263938-1271678022-4162842909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4D2956-A9C9-4FC5-8C99-B5BA51882005}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A80E82-F4D2-4F11-924A-61B118A1C5CF}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.21 01:33:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.21 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\temp
[2013.04.21 01:22:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.21 01:22:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.21 01:22:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.21 01:18:02 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\AVG9
[2013.04.21 01:13:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.21 01:13:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.21 00:57:56 | 005,057,033 | R--- | C] (Swearware) -- C:\Users\Sicherheit\Desktop\ComboFix.exe
[2013.04.20 03:52:23 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sicherheit\Desktop\tdsskiller.exe
[2013.04.20 03:50:54 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Sicherheit\Desktop\aswMBR.exe
[2013.04.18 23:06:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sicherheit\Desktop\OTL.exe
[2013.04.18 23:05:37 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Adobe
[2013.04.16 23:59:49 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\vlc
[2013.04.16 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\NVIDIA
[2013.04.16 23:56:11 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\DivX
[2013.04.16 23:28:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.04.16 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Opera
[2013.04.16 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Opera
[2013.04.16 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\VirtualStore
[2013.04.16 22:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Apple Computer
[2013.04.16 22:52:54 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Power2Go
[2013.04.16 22:51:22 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.16 22:51:22 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Searches
[2013.04.16 22:51:22 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.16 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Identities
[2013.04.16 22:51:14 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Contacts
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Vorlagen
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\AppData\Local\Verlauf
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\AppData\Local\Temporary Internet Files
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Startmenü
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\SendTo
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Recent
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Netzwerkumgebung
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Lokale Einstellungen
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Documents\Eigene Videos
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Documents\Eigene Musik
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Eigene Dateien
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Documents\Eigene Bilder
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Druckumgebung
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Cookies
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\AppData\Local\Anwendungsdaten
[2013.04.16 22:50:04 | 000,000,000 | -HSD | C] -- C:\Users\Sicherheit\Anwendungsdaten
[2013.04.16 22:50:03 | 000,000,000 | --SD | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Videos
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Saved Games
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Pictures
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Music
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Links
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Favorites
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Downloads
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Documents
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\Desktop
[2013.04.16 22:50:03 | 000,000,000 | R--D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.16 22:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Sicherheit\AppData
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Local\Microsoft
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Media Center Programs
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Macromedia
[2013.04.16 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2013.04.02 23:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.02 23:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.02 23:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.21 01:39:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.21 01:35:39 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.04.21 01:31:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.21 01:06:26 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.04.21 01:05:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.21 01:05:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.21 01:05:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.04.21 01:05:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.21 01:05:49 | 804,294,655 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.21 01:04:46 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.21 01:04:38 | 000,000,684 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.21 00:57:58 | 118,021,586 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013.04.21 00:57:56 | 005,057,033 | R--- | M] (Swearware) -- C:\Users\Sicherheit\Desktop\ComboFix.exe
[2013.04.21 00:57:06 | 000,613,083 | ---- | M] () -- C:\Users\Sicherheit\Desktop\adwcleaner.exe
[2013.04.20 14:04:34 | 000,000,512 | ---- | M] () -- C:\Users\Sicherheit\Desktop\MBR.dat
[2013.04.20 03:52:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sicherheit\Desktop\tdsskiller.exe
[2013.04.20 03:52:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Sicherheit\Desktop\aswMBR.exe
[2013.04.20 02:48:28 | 000,000,104 | ---- | M] () -- C:\Users\Sicherheit\Desktop\Computer.lnk
[2013.04.19 16:53:29 | 000,377,856 | ---- | M] () -- C:\Users\Sicherheit\Desktop\mx7b4erb.exe
[2013.04.18 23:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sicherheit\Desktop\OTL.exe
[2013.04.18 00:55:36 | 000,374,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.18 00:20:11 | 000,000,514 | ---- | M] () -- C:\Windows\SysWow64\ABG71GX.DAT
[2013.04.16 23:30:44 | 001,427,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.16 23:30:44 | 000,621,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.16 23:30:44 | 000,590,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.16 23:30:44 | 000,123,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.16 23:30:44 | 000,102,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.16 22:55:17 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.04.02 23:04:57 | 000,122,608 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.21 01:22:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.21 01:22:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.21 01:22:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.21 01:22:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.21 01:22:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.21 00:59:29 | 000,000,684 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.21 00:57:05 | 000,613,083 | ---- | C] () -- C:\Users\Sicherheit\Desktop\adwcleaner.exe
[2013.04.20 14:04:34 | 000,000,512 | ---- | C] () -- C:\Users\Sicherheit\Desktop\MBR.dat
[2013.04.20 02:48:28 | 000,000,104 | ---- | C] () -- C:\Users\Sicherheit\Desktop\Computer.lnk
[2013.04.19 16:53:29 | 000,377,856 | ---- | C] () -- C:\Users\Sicherheit\Desktop\mx7b4erb.exe
[2013.04.18 00:36:51 | 000,694,784 | ---- | C] () -- C:\Windows\SysNative\drivers\bthport.sys
[2013.04.18 00:36:51 | 000,204,288 | ---- | C] () -- C:\Windows\SysNative\fsquirt.exe
[2013.04.18 00:36:51 | 000,035,328 | ---- | C] () -- C:\Windows\SysNative\drivers\BTHUSB.SYS
[2013.04.18 00:36:51 | 000,026,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bthenum.sys
[2013.04.18 00:35:57 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2013.04.18 00:35:56 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2013.04.18 00:35:51 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2013.04.18 00:35:50 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2013.04.18 00:35:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2013.04.18 00:35:50 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2013.04.18 00:35:50 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2013.04.18 00:35:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2013.04.18 00:35:50 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2013.04.18 00:35:49 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2013.04.18 00:35:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.18 00:35:49 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2013.04.18 00:35:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2013.04.18 00:35:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2013.04.18 00:35:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.18 00:35:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2013.04.18 00:35:49 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2013.04.18 00:35:49 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2013.04.18 00:35:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2013.04.18 00:35:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2013.04.18 00:35:49 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.18 00:35:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2013.04.18 00:35:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2013.04.18 00:35:49 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.18 00:35:45 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2013.04.18 00:35:44 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2013.04.18 00:35:44 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2013.04.18 00:35:43 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2013.04.18 00:35:43 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2013.04.18 00:35:43 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2013.04.18 00:35:43 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2013.04.18 00:35:42 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2013.04.18 00:35:42 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2013.04.18 00:35:41 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2013.04.18 00:35:40 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2013.04.18 00:35:39 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2013.04.18 00:35:39 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2013.04.18 00:20:11 | 000,000,514 | ---- | C] () -- C:\Windows\SysWow64\ABG71GX.DAT
[2013.04.17 00:04:08 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2013.04.16 23:45:47 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2013.04.16 23:45:00 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2013.04.16 23:44:12 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2013.04.16 23:44:12 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2013.04.16 23:43:44 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2013.04.16 23:43:31 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2013.04.16 23:42:37 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2013.04.16 23:42:13 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll
[2013.04.16 23:41:59 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2013.04.16 23:41:20 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.16 23:41:19 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll
[2013.04.16 23:41:11 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2013.04.16 23:41:01 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2013.04.16 23:40:56 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll
[2013.04.16 23:40:50 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2013.04.16 23:40:49 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2013.04.16 23:40:45 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2013.04.16 23:40:44 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2013.04.16 23:40:44 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2013.04.16 23:40:44 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2013.04.16 23:40:43 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2013.04.16 23:40:43 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2013.04.16 23:40:43 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2013.04.16 23:40:38 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2013.04.16 23:40:36 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe
[2013.04.16 23:40:31 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2013.04.16 23:40:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2013.04.16 23:40:13 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2013.04.16 23:40:12 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll
[2013.04.16 23:40:12 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2013.04.16 23:40:12 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll
[2013.04.16 23:38:58 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2013.04.16 23:38:53 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2013.04.16 23:38:52 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2013.04.16 23:38:52 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2013.04.16 23:38:17 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2013.04.16 23:38:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2013.04.16 23:38:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2013.04.16 23:37:14 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2013.04.16 23:35:18 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2013.04.16 23:35:18 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2013.04.16 23:35:14 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe
[2013.04.16 23:23:03 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2013.04.16 23:23:02 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2013.04.16 23:23:02 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2013.04.16 23:23:01 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2013.04.16 23:23:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2013.04.16 23:21:10 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2013.04.16 23:21:09 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2013.04.16 23:21:09 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2013.04.16 23:21:09 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2013.04.16 22:55:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.04.16 22:52:15 | 000,000,956 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.16 22:51:29 | 000,000,986 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.16 22:51:20 | 000,000,981 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.04.16 22:51:13 | 000,000,922 | ---- | C] () -- C:\Users\Sicherheit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.06.01 16:24:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2009.10.01 15:03:48 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2009.09.29 14:22:17 | 000,231,716 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.29 14:22:15 | 000,231,716 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.09.20 11:17:46 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.09.20 11:17:46 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2009.11.24 13:47:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AlcaTech
[2010.06.06 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AVG9
[2011.02.19 20:38:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.08.02 11:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2011.06.08 22:44:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DriverCure
[2013.01.21 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
[2013.03.17 14:39:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.31 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Easeware
[2010.08.21 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.08.18 23:05:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Jens Lorek
[2009.12.24 00:13:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\NCH Swift Sound
[2009.09.29 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera
[2011.06.08 22:44:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ParetoLogic
[2012.12.12 21:13:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PunkBuster
[2011.08.16 23:16:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.07.08 11:27:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client
[2009.09.29 23:57:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TubeBox
[2011.12.01 19:29:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2009.11.15 05:00:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\vghd
[2013.04.21 01:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\AVG9
[2013.04.16 23:09:07 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\Opera
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Danke sehr!

LG

Andi

aharonov · 21.04.2013, 13:56

Hallo Andi,

Combofix sollte das Ding erwischt haben.
Wir kontrollieren noch:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .

Installiere das Programm in den vorgegebenen Pfad.
Starte nun Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck
Log von OTL

19.04.2013, 13:04	#4
aharonov /// TB-Ausbilder	OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista Ok, alles klar. __________________ cheers, Leo

19.04.2013, 17:36	#6
aharonov /// TB-Ausbilder	OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista Läuft der Gmer-Scan denn noch oder hat er sich aufgehängt? __________________ --> OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista

20.04.2013, 12:21	#10
aharonov /// TB-Ausbilder	OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista Nein, das hat nicht so viel zu bedeuten. Ich möchte mir einfach noch etwas anschauen, bevor wir zuschlagen. __________________ cheers, Leo

OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista

Log-Analyse und Auswertung: OTL - First Run, Weißer Bildschirm nach Anmeldung, Vista