| |
| |||||||
Log-Analyse und Auswertung: Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2013, 14:23
| #1 |
 |  Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hallo liebe Helfer, ich hatte oder habe noch einen Malware-Angriff unter Windows 7 HP 64 bit. Das habe ich versucht zu lösen, bevor ich auf dieses Forum stiess, daher habe ich, ohne die Tragweite zu erkennen, auch schon mehrere Dinge probiert. Folgendes wurde beobachtet: 1. Internet Explorer meldet beim Öffnen: "Internet Explorer funktioniert nicht mehr" ...beim Schliessen der Meldung (Prgramm schließen) entsteht eine Endlos-Schleife, die Meldung öffnet sich erneut, usw. - erst nach mehreren schnellen Klicks läßt sich IE schließen. 2. Andere Programme laufen auch nicht, z.B. Secunia PSI. Mozilla Firefox läuft, aber Menu reagiert verlangsamt. 3. Spybot Search and Destroy war installiert, trotzdem wurden versehentlich unerwünschte toolbars (Babylon, Delta, Conduit) heruntergeladen. Mittels Spybot Suchlauf wurde Infektion durch Anchor.Hss und Win32.Downloader.gen gefunden, ließ sich zunächst nicht beseitigen, Systemwiederherstellung mit einem Punkt von vor 2 Wochen probiert, dann ließ sich dies mitsamt aller Registry-Einträgen entfernen. Auch Babylon.toolbar und Delta.toolbar mitsamt registry-Einträgen wurden entfernt. Ergebnis: jetzt keine Funde mehr. 3. HijackThis-log wurde erstellt, enthielt diverse Hinweise auf Search.Conduit Einträge und verdächtige IP-Adressen, Conduit Toolbar unter Programme deinstalliert. 4. Anschliessend wurden die Reste von conduit mit adwcleaner entfernt, dazu habe ich hier die logs; erst die Suche, dann das Resultat der Reinigung: # AdwCleaner v2.304 - Datei am 04/07/2013 um 17:20:20 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Marvin - MARVIN-ASUS-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Marvin\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : CltMngSvc ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gefunden : C:\Program Files (x86)\Conduit Ordner Gefunden : C:\Program Files (x86)\DVDvideoSoft_2.0 Ordner Gefunden : C:\Program Files (x86)\SearchProtect Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\Users\Marvin\AppData\Local\Conduit Ordner Gefunden : C:\Users\Marvin\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Marvin\AppData\LocalLow\DVDvideoSoft_2.0 Ordner Gefunden : C:\Users\Marvin\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Marvin\AppData\Roaming\dvdvideosoftiehelpers Ordner Gefunden : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\0qglo99j.default\Smartbar ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0 Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\DVDvideoSoft_2.0 Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17667902-A1A2-4DC4-8C42-CB1B60BF2202} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gefunden : HKCU\Software\SearchProtect Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3279453 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DVDvideoSoft_2.0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202} Schlüssel Gefunden : HKLM\Software\SearchProtect Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47785E40-3C09-478F-B16A-6310C7034E96} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6047DD4C-3150-40C0-A082-EC4E687A9214} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{04A8DD1A-4754-48FE-A703-99846646EF04}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16618 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (en-US) Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\0qglo99j.default\prefs.js Gefunden : user_pref("CT3279453.1000082.isPlayDisplay", "true"); Gefunden : user_pref("CT3279453.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...] Gefunden : user_pref("CT3279453.1000234.TWC_TMP_city", "MASHOLDER"); Gefunden : user_pref("CT3279453.1000234.TWC_TMP_country", "DE"); Gefunden : user_pref("CT3279453.1000234.TWC_country", "GERMANY"); Gefunden : user_pref("CT3279453.1000234.TWC_locId", "GMXX0474"); Gefunden : user_pref("CT3279453.1000234.TWC_location", "Brucken/Pfalz, Germany"); Gefunden : user_pref("CT3279453.1000234.TWC_region", "DE"); Gefunden : user_pref("CT3279453.1000234.TWC_temp_dis", "c"); Gefunden : user_pref("CT3279453.1000234.TWC_wind_dis", "kmh"); Gefunden : user_pref("CT3279453.1000234.weatherData", "{\"icon\":\"20.png\",\"temperature\":\"12°C\",\"temperat[...] Gefunden : user_pref("CT3279453.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gefunden : user_pref("CT3279453.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Gefunden : user_pref("CT3279453.FF19Solved", "true"); Gefunden : user_pref("CT3279453.FirstTime", "true"); Gefunden : user_pref("CT3279453.FirstTimeFF3", "true"); Gefunden : user_pref("CT3279453.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...] Gefunden : user_pref("CT3279453.UserID", "UN16511702021641543"); Gefunden : user_pref("CT3279453.addressBarTakeOverEnabledInHidden", "true"); Gefunden : user_pref("CT3279453.autoDisableScopes", -1); Gefunden : user_pref("CT3279453.browser.search.defaultthis.engineName", "true"); Gefunden : user_pref("CT3279453.defaultSearch", "true"); Gefunden : user_pref("CT3279453.embeddedsData", "[{\"appId\":\"130029007934982115\",\"apiPermissions\":{\"cross[...] Gefunden : user_pref("CT3279453.enableAlerts", "true"); Gefunden : user_pref("CT3279453.enableFix404ByUser", "TRUE"); Gefunden : user_pref("CT3279453.enableSearchFromAddressBar", "true"); Gefunden : user_pref("CT3279453.firstTimeDialogOpened", "true"); Gefunden : user_pref("CT3279453.fixPageNotFoundError", "true"); Gefunden : user_pref("CT3279453.fixPageNotFoundErrorByUser", "true"); Gefunden : user_pref("CT3279453.fixPageNotFoundErrorInHidden", "true"); Gefunden : user_pref("CT3279453.fixUrls", true); Gefunden : user_pref("CT3279453.installDate", "5/4/2013 19:45:48"); Gefunden : user_pref("CT3279453.installId", "conduitinstaller.exe"); Gefunden : user_pref("CT3279453.installType", "conduitnsisintegration"); Gefunden : user_pref("CT3279453.installUsage", "2013-04-07T04:22:02.3640537+03:00"); Gefunden : user_pref("CT3279453.installUsageEarly", "2013-04-07T04:22:01.3171586+03:00"); Gefunden : user_pref("CT3279453.installerVersion", "1.3.7.3"); Gefunden : user_pref("CT3279453.isCheckedStartAsHidden", true); Gefunden : user_pref("CT3279453.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gefunden : user_pref("CT3279453.isFirstTimeToolbarLoading", "false"); Gefunden : user_pref("CT3279453.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Gefunden : user_pref("CT3279453.keyword", "true"); Gefunden : user_pref("CT3279453.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Gefunden : user_pref("CT3279453.lastVersion", "10.14.65.43"); Gefunden : user_pref("CT3279453.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Gefunden : user_pref("CT3279453.migrateAppsAndComponents", true); Gefunden : user_pref("CT3279453.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fweb.de%2F\",\"EB[...] Gefunden : user_pref("CT3279453.openThankYouPage", "false"); Gefunden : user_pref("CT3279453.openUninstallPage", "true"); Gefunden : user_pref("CT3279453.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...] Gefunden : user_pref("CT3279453.revertSettingsEnabled", "false"); Gefunden : user_pref("CT3279453.search.searchAppId", "130029007934982115"); Gefunden : user_pref("CT3279453.search.searchCount", "0"); Gefunden : user_pref("CT3279453.searchFromAddressBarEnabledByUser", "true"); Gefunden : user_pref("CT3279453.searchInNewTabEnabledByUser", "true"); Gefunden : user_pref("CT3279453.searchInNewTabEnabledInHidden", "true"); Gefunden : user_pref("CT3279453.searchUserMode", "2"); Gefunden : user_pref("CT3279453.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gefunden : user_pref("CT3279453.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Gefunden : user_pref("CT3279453.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Gefunden : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Gefunden : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Gefunden : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Gefunden : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Gefunden : user_pref("CT3279453.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369942447560"); Gefunden : user_pref("CT3279453.serviceLayer_services_appsMetadata_lastUpdate", "1370443633549"); Gefunden : user_pref("CT3279453.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370443630942"); Gefunden : user_pref("CT3279453.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1365297721[...] Gefunden : user_pref("CT3279453.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1365297724233")[...] Gefunden : user_pref("CT3279453.serviceLayer_services_location_lastUpdate", "1370443633561"); Gefunden : user_pref("CT3279453.serviceLayer_services_login_10.15.0.62_lastUpdate", "1365870738057"); Gefunden : user_pref("CT3279453.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368390719997"); Gefunden : user_pref("CT3279453.serviceLayer_services_login_10.16.1.521_lastUpdate", "1370443630417"); Gefunden : user_pref("CT3279453.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370443631142"); Gefunden : user_pref("CT3279453.serviceLayer_services_searchAPI_lastUpdate", "1370443634000"); Gefunden : user_pref("CT3279453.serviceLayer_services_serviceMap_lastUpdate", "1370443628730"); Gefunden : user_pref("CT3279453.serviceLayer_services_setupAPI_lastUpdate", "1370898147940"); Gefunden : user_pref("CT3279453.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370443630468"); Gefunden : user_pref("CT3279453.serviceLayer_services_toolbarSettings_lastUpdate", "1370443633482"); Gefunden : user_pref("CT3279453.serviceLayer_services_translation_lastUpdate", "1370443632780"); Gefunden : user_pref("CT3279453.settingsINI", true); Gefunden : user_pref("CT3279453.shouldFirstTimeDialog", "false"); Gefunden : user_pref("CT3279453.showToolbarPermission", "false"); Gefunden : user_pref("CT3279453.smartbar.CTID", "CT3279453"); Gefunden : user_pref("CT3279453.smartbar.Uninstall", "0"); Gefunden : user_pref("CT3279453.smartbar.homepage", true); Gefunden : user_pref("CT3279453.smartbar.toolbarName", "DVDvideoSoft 2.0 "); Gefunden : user_pref("CT3279453.startPage", "true"); Gefunden : user_pref("CT3279453.toolbarBornServerTime", "7-4-2013"); Gefunden : user_pref("CT3279453.toolbarCurrentServerTime", "5-6-2013"); Gefunden : user_pref("CT3279453.toolbarLoginClientTime", "Sun Apr 07 2013 03:22:03 GMT+0200"); Gefunden : user_pref("CT3279453_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279453&octid=CT327945[...] Gefunden : user_pref("Smartbar.ConduitSearchEngineList", ""); Gefunden : user_pref("Smartbar.ConduitSearchUrlList", ""); Gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279453"); Gefunden : user_pref("browser.search.defaultthis.engineName", "DVDvideoSoft 2.0 Customized Web Search"); Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&CUI[...] Gefunden : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&Sea[...] Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=2&CU[...] Gefunden : user_pref("smartBar.searchInNewTabOwner", "CT3279453"); Gefunden : user_pref("smartbar.addressBarOwnerCTID", "CT3279453"); Gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453[...] Gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Gefunden : user_pref("smartbar.machineId", "LEV4P245BVBHU0HQQQUBFTFALX9RW0H+1DVHIHG4/H/BQO79HBRXJZDSBVME6LSR1EF[...] Gefunden : user_pref("smartbar.originalHomepage", "about:home"); Gefunden : user_pref("smartbar.originalSearchAddressUrl", ""); Gefunden : user_pref("smartbar.originalSearchEngine", ""); ************************* AdwCleaner[R1].txt - [13592 octets] - [04/07/2013 17:20:20] ########## EOF - C:\AdwCleaner[R1].txt - [13653 octets] ########## NUN DAS ERGEBNIS-LOG NACH DEM LÖSCHEN. # AdwCleaner v2.304 - Datei am 04/07/2013 um 17:23:27 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Marvin - MARVIN-ASUS-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Marvin\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : CltMngSvc ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0 Ordner Gelöscht : C:\Program Files (x86)\SearchProtect Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Marvin\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Marvin\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Marvin\AppData\LocalLow\DVDvideoSoft_2.0 Ordner Gelöscht : C:\Users\Marvin\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\0qglo99j.default\Smartbar ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\DVDvideoSoft_2.0 Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17667902-A1A2-4DC4-8C42-CB1B60BF2202} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\SearchProtect Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3279453 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DVDvideoSoft_2.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202} Schlüssel Gelöscht : HKLM\Software\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47785E40-3C09-478F-B16A-6310C7034E96} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6047DD4C-3150-40C0-A082-EC4E687A9214} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{04A8DD1A-4754-48FE-A703-99846646EF04}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16618 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (en-US) Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\0qglo99j.default\prefs.js C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\0qglo99j.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT3279453.1000082.isPlayDisplay", "true"); Gelöscht : user_pref("CT3279453.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...] Gelöscht : user_pref("CT3279453.1000234.TWC_TMP_city", "MASHOLDER"); Gelöscht : user_pref("CT3279453.1000234.TWC_TMP_country", "DE"); Gelöscht : user_pref("CT3279453.1000234.TWC_country", "GERMANY"); Gelöscht : user_pref("CT3279453.1000234.TWC_locId", "GMXX0474"); Gelöscht : user_pref("CT3279453.1000234.TWC_location", "Brucken/Pfalz, Germany"); Gelöscht : user_pref("CT3279453.1000234.TWC_region", "DE"); Gelöscht : user_pref("CT3279453.1000234.TWC_temp_dis", "c"); Gelöscht : user_pref("CT3279453.1000234.TWC_wind_dis", "kmh"); Gelöscht : user_pref("CT3279453.1000234.weatherData", "{\"icon\":\"20.png\",\"temperature\":\"12°C\",\"temperat[...] Gelöscht : user_pref("CT3279453.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gelöscht : user_pref("CT3279453.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Gelöscht : user_pref("CT3279453.FF19Solved", "true"); Gelöscht : user_pref("CT3279453.FirstTime", "true"); Gelöscht : user_pref("CT3279453.FirstTimeFF3", "true"); Gelöscht : user_pref("CT3279453.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...] Gelöscht : user_pref("CT3279453.UserID", "UN16511702021641543"); Gelöscht : user_pref("CT3279453.addressBarTakeOverEnabledInHidden", "true"); Gelöscht : user_pref("CT3279453.autoDisableScopes", -1); Gelöscht : user_pref("CT3279453.browser.search.defaultthis.engineName", "true"); Gelöscht : user_pref("CT3279453.defaultSearch", "true"); Gelöscht : user_pref("CT3279453.embeddedsData", "[{\"appId\":\"130029007934982115\",\"apiPermissions\":{\"cross[...] Gelöscht : user_pref("CT3279453.enableAlerts", "true"); Gelöscht : user_pref("CT3279453.enableFix404ByUser", "TRUE"); Gelöscht : user_pref("CT3279453.enableSearchFromAddressBar", "true"); Gelöscht : user_pref("CT3279453.firstTimeDialogOpened", "true"); Gelöscht : user_pref("CT3279453.fixPageNotFoundError", "true"); Gelöscht : user_pref("CT3279453.fixPageNotFoundErrorByUser", "true"); Gelöscht : user_pref("CT3279453.fixPageNotFoundErrorInHidden", "true"); Gelöscht : user_pref("CT3279453.fixUrls", true); Gelöscht : user_pref("CT3279453.installDate", "5/4/2013 19:45:48"); Gelöscht : user_pref("CT3279453.installId", "conduitinstaller.exe"); Gelöscht : user_pref("CT3279453.installType", "conduitnsisintegration"); Gelöscht : user_pref("CT3279453.installUsage", "2013-04-07T04:22:02.3640537+03:00"); Gelöscht : user_pref("CT3279453.installUsageEarly", "2013-04-07T04:22:01.3171586+03:00"); Gelöscht : user_pref("CT3279453.installerVersion", "1.3.7.3"); Gelöscht : user_pref("CT3279453.isCheckedStartAsHidden", true); Gelöscht : user_pref("CT3279453.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gelöscht : user_pref("CT3279453.isFirstTimeToolbarLoading", "false"); Gelöscht : user_pref("CT3279453.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Gelöscht : user_pref("CT3279453.keyword", "true"); Gelöscht : user_pref("CT3279453.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Gelöscht : user_pref("CT3279453.lastVersion", "10.14.65.43"); Gelöscht : user_pref("CT3279453.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Gelöscht : user_pref("CT3279453.migrateAppsAndComponents", true); Gelöscht : user_pref("CT3279453.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fweb.de%2F\",\"EB[...] Gelöscht : user_pref("CT3279453.openThankYouPage", "false"); Gelöscht : user_pref("CT3279453.openUninstallPage", "true"); Gelöscht : user_pref("CT3279453.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...] Gelöscht : user_pref("CT3279453.revertSettingsEnabled", "false"); Gelöscht : user_pref("CT3279453.search.searchAppId", "130029007934982115"); Gelöscht : user_pref("CT3279453.search.searchCount", "0"); Gelöscht : user_pref("CT3279453.searchFromAddressBarEnabledByUser", "true"); Gelöscht : user_pref("CT3279453.searchInNewTabEnabledByUser", "true"); Gelöscht : user_pref("CT3279453.searchInNewTabEnabledInHidden", "true"); Gelöscht : user_pref("CT3279453.searchUserMode", "2"); Gelöscht : user_pref("CT3279453.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gelöscht : user_pref("CT3279453.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Gelöscht : user_pref("CT3279453.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Gelöscht : user_pref("CT3279453.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369942447560"); Gelöscht : user_pref("CT3279453.serviceLayer_services_appsMetadata_lastUpdate", "1370443633549"); Gelöscht : user_pref("CT3279453.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370443630942"); Gelöscht : user_pref("CT3279453.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1365297721[...] Gelöscht : user_pref("CT3279453.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1365297724233")[...] Gelöscht : user_pref("CT3279453.serviceLayer_services_location_lastUpdate", "1370443633561"); Gelöscht : user_pref("CT3279453.serviceLayer_services_login_10.15.0.62_lastUpdate", "1365870738057"); Gelöscht : user_pref("CT3279453.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368390719997"); Gelöscht : user_pref("CT3279453.serviceLayer_services_login_10.16.1.521_lastUpdate", "1370443630417"); Gelöscht : user_pref("CT3279453.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370443631142"); Gelöscht : user_pref("CT3279453.serviceLayer_services_searchAPI_lastUpdate", "1370443634000"); Gelöscht : user_pref("CT3279453.serviceLayer_services_serviceMap_lastUpdate", "1370443628730"); Gelöscht : user_pref("CT3279453.serviceLayer_services_setupAPI_lastUpdate", "1370898147940"); Gelöscht : user_pref("CT3279453.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370443630468"); Gelöscht : user_pref("CT3279453.serviceLayer_services_toolbarSettings_lastUpdate", "1370443633482"); Gelöscht : user_pref("CT3279453.serviceLayer_services_translation_lastUpdate", "1370443632780"); Gelöscht : user_pref("CT3279453.settingsINI", true); Gelöscht : user_pref("CT3279453.shouldFirstTimeDialog", "false"); Gelöscht : user_pref("CT3279453.showToolbarPermission", "false"); Gelöscht : user_pref("CT3279453.smartbar.CTID", "CT3279453"); Gelöscht : user_pref("CT3279453.smartbar.Uninstall", "0"); Gelöscht : user_pref("CT3279453.smartbar.homepage", true); Gelöscht : user_pref("CT3279453.smartbar.toolbarName", "DVDvideoSoft 2.0 "); Gelöscht : user_pref("CT3279453.startPage", "true"); Gelöscht : user_pref("CT3279453.toolbarBornServerTime", "7-4-2013"); Gelöscht : user_pref("CT3279453.toolbarCurrentServerTime", "5-6-2013"); Gelöscht : user_pref("CT3279453.toolbarLoginClientTime", "Sun Apr 07 2013 03:22:03 GMT+0200"); Gelöscht : user_pref("CT3279453_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279453&octid=CT327945[...] Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", ""); Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", ""); Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279453"); Gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDvideoSoft 2.0 Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&CUI[...] Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&Sea[...] Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=2&CU[...] Gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT3279453"); Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3279453"); Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453[...] Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Gelöscht : user_pref("smartbar.machineId", "LEV4P245BVBHU0HQQQUBFTFALX9RW0H+1DVHIHG4/H/BQO79HBRXJZDSBVME6LSR1EF[...] Gelöscht : user_pref("smartbar.originalHomepage", "about:home"); Gelöscht : user_pref("smartbar.originalSearchAddressUrl", ""); Gelöscht : user_pref("smartbar.originalSearchEngine", ""); ************************* AdwCleaner[R1].txt - [13723 octets] - [04/07/2013 17:20:20] AdwCleaner[S1].txt - [13766 octets] - [04/07/2013 17:23:27] ########## EOF - C:\AdwCleaner[S1].txt - [13827 octets] ########## hier bin ich am Ende mit meinem Latein, IE läuft weiterhin nicht, die Registry kann ich alleine nicht wieder korrekt herstellen, wer hilft? Danke im Voraus Lindenblatt |
|
05.07.2013, 14:37
| #2 |
| /// Malware-holic   | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hi
__________________1. für immer finger weg von hijackthis, ist nicht geeignet für reinigungen, besonders unter win7 2. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
05.07.2013, 18:59
| #3 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Danke, hier OTL.txt, eine zweite Datei (Extras.txt) wurde nicht erstellt, wohl weil ich gestern schon einen Scan laufen ließ, allerdings OHNE eine Vorgabe in der Box - ist die hilfreich? Ich lade die mal als 7z-zip Anhang hoch, die ist so lang. - Ich habe aber rein gar nichts mit den gestrigen Runs unternommen, nur versucht, sie zu verstehen.
__________________Was übrigens auch nicht mehr funktioniert ist im Start-Menu die Funktion Hilfe und Support. Grüße... **********************************************************************OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.07.2013 16:14:22 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marvin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 59,67% Memory free 7,58 Gb Paging File | 5,91 Gb Available in Paging File | 77,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 47,80 Gb Free Space | 41,05% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 301,02 Gb Free Space | 91,82% Space Free | Partition Type: NTFS Computer Name: MARVIN-ASUS-PC | User Name: Marvin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marvin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (JTVNCProxy_13.0) -- C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe (Freedom Scientific BLV Group LLC) SRV:64bit: - (HerculesDJControlMP3) -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE () SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (Freedom Scientific Kernel Manager) -- C:\Windows\SysNative\fsKMgr.dll (Freedom Scientific BLV Group, LLC.) DRV:64bit: - (fsvidmir_service) -- C:\Windows\SysNative\drivers\fsvidmir.sys (Freedom Scientific BLV Group, LLC.) DRV:64bit: - (PowerBrl) -- C:\Windows\SysNative\drivers\powerbrl.sys (Freedom Scientific BLV Group, LLC.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HDJMidi) -- C:\Windows\SysNative\drivers\HDJMidi.sys (© Guillemot R&D, 2011. All rights reserved.) DRV:64bit: - (Bulk) -- C:\Windows\SysNative\drivers\HDJBulk.sys (© Guillemot R&D, 2010. All rights reserved.) DRV:64bit: - (HDJAsioK) -- C:\Windows\SysNative\drivers\HDJAsioK.sys (© Guillemot R&D, 2010. All rights reserved.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{5CEDED44-6AC9-4D05-BC6C-C37A62EA6458}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{83AB9179-F873-4610-8D60-B66887426306}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms} IE - HKCU\..\SearchScopes\{D06348A1-88F3-44E4-8550-B60C6E904AAD}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN14196662901802721&UM=2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.08 13:40:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.08 18:20:03 | 000,000,000 | ---D | M] [2011.05.07 22:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions [2013.07.04 15:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\0qglo99j.default\extensions [2013.07.04 14:45:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\0qglo99j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.07.04 01:27:34 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\0qglo99j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.11 21:45:25 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\0qglo99j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.07.04 15:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.04 15:56:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.08 13:40:59 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2011.04.16 16:39:42 | 000,432,374 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14880 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) O4 - HKLM..\Run: [Mobile Connection Manager] C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe (Telefónica) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC29530-B585-4B50-A41F-6397B5F314AC}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2470DCAB-3795-41FB-B786-74486CA7C273}: DhcpNameServer = 192.168.27.254 192.168.12.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504E6958-786F-4417-A185-122CC8BB6A89}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55373C9D-66AF-4B94-B9B0-22FB7CEE5BE8}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ED007E5-8189-47F1-832E-6BCD82301358}: DhcpNameServer = 192.168.0.1 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EE0405E-EC6F-4AC5-9F09-9EB917BFA16B}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F69373A-D270-422B-BE3B-6EE0F84E852E}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80489CFE-98F6-4AB5-9557-F1C9ECC39641}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D00EE4C-37AB-4BC3-93EE-4BF885A76BE9}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93BD9D73-2450-4013-9619-49158B83F271}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B35B9BE-BED2-42C7-BD7D-12D7A3FFCE74}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B519ECF-DA4F-4AB4-B1AF-864A8EAACD68}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A2E1D9-0144-41CA-822B-3FD4FF9F3BF0}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B655DD05-D42E-4438-AA1F-665D1DE8F241}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DDB3B4-BF63-4BC1-A3E8-F177A6BC3680}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F571C9-7441-4443-82D9-FE43E85167ED}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5C055CF-7D2E-436F-B8CB-50572BB21F31}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC75BF97-16C9-4E27-B555-9D5A00D01FA1}: NameServer = 193.189.244.206 193.189.244.225 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{015e6f02-d20a-11e2-8725-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{015e6f02-d20a-11e2-8725-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{025cbcde-43ac-11e2-8825-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{025cbcde-43ac-11e2-8825-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0c55ec53-2dcc-11e2-9d40-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{0c55ec53-2dcc-11e2-9d40-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0c7cfd13-b042-11e2-8469-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{0c7cfd13-b042-11e2-8469-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0eed2bd6-c23a-11e2-b87c-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{0eed2bd6-c23a-11e2-b87c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0f0cda3f-583a-11e2-a28b-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{0f0cda3f-583a-11e2-a28b-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0f12973b-26c7-11e2-be18-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{0f12973b-26c7-11e2-be18-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{10197f40-356a-11e2-95f3-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{10197f40-356a-11e2-95f3-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{14e47744-3d27-11e2-9046-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{14e47744-3d27-11e2-9046-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{171773ff-3a5b-11e2-84d0-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{171773ff-3a5b-11e2-84d0-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{17b47408-46f8-11e2-b0fc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{17b47408-46f8-11e2-b0fc-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{18a13426-22a8-11e2-8201-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{18a13426-22a8-11e2-8201-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2a17a0e8-c001-11e2-97ab-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2a17a0e8-c001-11e2-97ab-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{2ae232db-20fa-11e2-ae0c-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{2ae232db-20fa-11e2-ae0c-001e101f2500}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{2d952d9d-b515-11e2-965c-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{2d952d9d-b515-11e2-965c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2f170683-ed68-11df-b844-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2f170683-ed68-11df-b844-806e6f6e6963}\Shell\AutoRun\command - "" = E:\JAWSsetup.exe O33 - MountPoints2\{38c68e5e-35a6-11e2-8b9e-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{38c68e5e-35a6-11e2-8b9e-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{407403c8-1550-11e2-9f8c-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{407403c8-1550-11e2-9f8c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{43db5c07-76ab-11e1-8569-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{43db5c07-76ab-11e1-8569-485b399b5ba0}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{45a87aac-c3cf-11e2-823b-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{45a87aac-c3cf-11e2-823b-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{45d704b1-19f3-11e1-8b1f-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{45d704b1-19f3-11e1-8b1f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{46fc08c9-bff4-11e2-ac60-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{46fc08c9-bff4-11e2-ac60-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{48f253cb-cded-11e2-9b15-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{48f253cb-cded-11e2-9b15-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4d036a7f-4774-11e2-8e65-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{4d036a7f-4774-11e2-8e65-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4f6f5ce8-478c-11e2-9c12-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4f6f5ce8-478c-11e2-9c12-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{559c94fb-43db-11e2-bb31-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{559c94fb-43db-11e2-bb31-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{57d95883-22ca-11e2-81df-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{57d95883-22ca-11e2-81df-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{5ea50d18-33f4-11e2-94d8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5ea50d18-33f4-11e2-94d8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5f9d9c7d-1932-11e2-869d-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{5f9d9c7d-1932-11e2-869d-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{61789fa0-356b-11e2-914d-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{61789fa0-356b-11e2-914d-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{61dd76f1-6bdd-11e2-9862-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{61dd76f1-6bdd-11e2-9862-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{63eabf8e-4474-11e2-a64e-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{63eabf8e-4474-11e2-a64e-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{65494461-d2da-11e2-af37-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{65494461-d2da-11e2-af37-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6eabc6bb-2dd4-11e2-a494-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{6eabc6bb-2dd4-11e2-a494-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{74f695fc-46f1-11e2-8dc9-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{74f695fc-46f1-11e2-8dc9-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{760eb031-3f00-11e2-bb0f-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{760eb031-3f00-11e2-bb0f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7eb72733-4883-11e2-9283-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{7eb72733-4883-11e2-9283-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7f33949d-4a1a-11e2-af92-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{7f33949d-4a1a-11e2-af92-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8984d162-c011-11e2-b6a3-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{8984d162-c011-11e2-b6a3-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{958efed5-3977-11e2-973d-001e101f8ed0}\Shell - "" = AutoRun O33 - MountPoints2\{958efed5-3977-11e2-973d-001e101f8ed0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{96460fa5-1546-11e2-99d0-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{96460fa5-1546-11e2-99d0-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{96460fb4-1546-11e2-99d0-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{96460fb4-1546-11e2-99d0-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{96460fe7-1546-11e2-99d0-001e101f57d0}\Shell - "" = AutoRun O33 - MountPoints2\{96460fe7-1546-11e2-99d0-001e101f57d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{971619bd-397c-11e2-912f-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{971619bd-397c-11e2-912f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9937d8d4-5338-11e2-a2ec-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{9937d8d4-5338-11e2-a2ec-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a058a2e3-3261-11e2-a95a-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{a058a2e3-3261-11e2-a95a-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a3ed9559-3ef8-11e2-8301-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{a3ed9559-3ef8-11e2-8301-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a638b329-6be5-11e2-a2ce-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{a638b329-6be5-11e2-a2ce-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac8002a6-189b-11e2-90b8-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{ac8002a6-189b-11e2-90b8-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{afd6be2d-6f06-11e2-87be-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{afd6be2d-6f06-11e2-87be-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b44ce749-3980-11e2-96a7-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{b44ce749-3980-11e2-96a7-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b4f2af3e-1c57-11e2-9f5b-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{b4f2af3e-1c57-11e2-9f5b-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b61be933-68af-11e2-9828-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{b61be933-68af-11e2-9828-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b918f8e8-c24d-11e2-acc8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b918f8e8-c24d-11e2-acc8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{be60f5c4-2f3d-11e2-9f1c-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{be60f5c4-2f3d-11e2-9f1c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bf470a36-b0d3-11e2-886a-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{bf470a36-b0d3-11e2-886a-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c0b2ab0e-49f2-11e2-915d-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{c0b2ab0e-49f2-11e2-915d-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c718fae2-3e57-11e2-ae2c-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{c718fae2-3e57-11e2-ae2c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cbf996f4-26b5-11e2-9667-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{cbf996f4-26b5-11e2-9667-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cc3e49a8-4775-11e2-8711-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cc3e49a8-4775-11e2-8711-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d1de1d5a-28f1-11e2-97c7-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{d1de1d5a-28f1-11e2-97c7-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d33ec85f-787b-11e2-a704-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{d33ec85f-787b-11e2-a704-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d8b90ad2-bfed-11e2-b22e-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{d8b90ad2-bfed-11e2-b22e-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{de616e3c-17a2-11e2-91a3-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{de616e3c-17a2-11e2-91a3-001e101fb45e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e1fc7bf7-c262-11e2-8ae4-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{e1fc7bf7-c262-11e2-8ae4-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e2247bc1-7879-11e2-8875-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{e2247bc1-7879-11e2-8875-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e24690e2-c55a-11e2-a439-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{e24690e2-c55a-11e2-a439-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e32386c8-c002-11e2-8467-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e32386c8-c002-11e2-8467-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ea6a403c-21f5-11e2-a0e1-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{ea6a403c-21f5-11e2-a0e1-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{edf39b09-2e70-11e2-8b3f-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{edf39b09-2e70-11e2-8b3f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f4a6301d-1942-11e2-8607-485b399b5ba0}\Shell - "" = AutoRun O33 - MountPoints2\{f4a6301d-1942-11e2-8607-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f631e289-c240-11e2-9b34-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f631e289-c240-11e2-9b34-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 17:39:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe [2013.07.04 00:30:38 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes [2013.07.04 00:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.04 00:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.30 16:10:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2013.06.30 16:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013.06.30 16:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2013.06.12 18:01:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Google [2013.06.09 21:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAWS 13.0 [2013.06.09 21:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Freedom Scientific [2013.06.09 21:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\ssce [2013.06.09 21:19:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Freedom Scientific Installation Information [2013.06.09 21:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freedom Scientific [2013.06.08 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\.hydrogen [2013.06.08 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hydrogen [2013.06.08 18:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hydrogen [2013.06.08 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe ========== Files - Modified Within 30 Days ========== [2013.07.05 16:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.05 14:55:36 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.05 14:55:36 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.05 14:47:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.05 14:47:39 | 3054,383,104 | -HS- | M] () -- C:\hiberfil.sys [2013.07.04 22:09:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.04 22:09:38 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.04 22:09:38 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.04 22:09:38 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.04 22:09:38 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.04 19:02:06 | 000,000,000 | ---- | M] () -- C:\Users\Marvin\defogger_reenable [2013.07.04 18:55:40 | 000,050,477 | ---- | M] () -- C:\Users\Marvin\Desktop\Defogger.exe [2013.07.04 17:39:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe [2013.07.04 17:04:26 | 000,650,027 | ---- | M] () -- C:\Users\Marvin\Desktop\adwcleaner.exe [2013.07.04 16:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.07.04 16:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.07.04 15:56:49 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.04 15:47:05 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.07.04 15:47:05 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.07.04 15:47:05 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.07.04 15:47:05 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.07.04 15:47:05 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.07.04 15:47:05 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.07.04 15:39:53 | 000,001,596 | ---- | M] () -- C:\Windows\wininit.ini [2013.07.04 14:49:29 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.07.04 14:49:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.09 21:21:01 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Papenmeier Dokumentation.lnk [2013.06.09 21:21:01 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JAWS 13.0.lnk [2013.06.08 18:33:29 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\Hydrogen.lnk [2013.06.08 13:30:26 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk ========== Files Created - No Company Name ========== [2013.07.04 19:02:06 | 000,000,000 | ---- | C] () -- C:\Users\Marvin\defogger_reenable [2013.07.04 18:55:38 | 000,050,477 | ---- | C] () -- C:\Users\Marvin\Desktop\Defogger.exe [2013.07.04 17:04:23 | 000,650,027 | ---- | C] () -- C:\Users\Marvin\Desktop\adwcleaner.exe [2013.07.04 16:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.07.04 16:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.07.04 15:47:05 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.07.04 15:47:05 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.07.04 15:47:05 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.07.04 15:39:50 | 000,001,596 | ---- | C] () -- C:\Windows\wininit.ini [2013.06.09 21:21:01 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Papenmeier Dokumentation.lnk [2013.06.09 21:21:01 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JAWS 13.0.lnk [2013.06.08 18:33:29 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Hydrogen.lnk [2013.06.08 13:30:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.08 13:30:26 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.20 21:20:56 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\ed4mdpg.dll [2013.01.20 21:20:56 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\fjn1z33.dll [2012.10.13 19:05:06 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v8sos1h.dll [2011.08.25 11:51:00 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.06.26 16:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.11 09:40:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.08 07:17:26 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\DVDVideoSoft [2011.04.27 20:49:49 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\EeeStorageUploader [2013.05.22 22:28:49 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\EverAd [2012.10.27 15:16:44 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Freedom Scientific [2011.08.25 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MAGIX [2013.07.04 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MathGame [2012.11.18 20:27:28 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\ProtectDISC [2012.06.25 16:50:04 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Publish Providers [2013.04.15 23:56:31 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Sony [2012.07.03 20:09:27 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Sony Creative Software Inc [2012.10.13 17:13:15 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Telefónica [2012.10.13 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TGCMLog ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.07.04 14:39:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.04.21 22:58:20 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011.06.19 19:15:14 | 000,000,000 | -HSD | M] -- C:\Boot [2012.02.26 20:30:05 | 000,000,000 | ---D | M] -- C:\Brother [2013.07.04 16:48:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013.04.05 19:45:24 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2010.11.11 10:00:40 | 000,000,000 | ---D | M] -- C:\eSupport [2010.11.11 10:02:52 | 000,000,000 | -H-D | M] -- C:\ExpressGateUtil [2010.11.11 09:50:12 | 000,000,000 | ---D | M] -- C:\Intel [2011.04.27 15:59:40 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.07.04 14:39:54 | 000,000,000 | R--D | M] -- C:\Program Files [2013.07.04 17:23:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.07.04 17:23:37 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.04.07 22:03:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.05.13 23:49:13 | 000,000,000 | ---D | M] -- C:\SearchProtect [2013.07.05 16:17:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.07.04 14:40:48 | 000,000,000 | R--D | M] -- C:\Users [2013.07.04 17:27:13 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.31 16:14:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.07 00:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.11.11 09:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.11.11 09:26:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.11 09:37:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.11.11 09:26:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.11.11 09:37:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.11.11 09:26:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.11.11 09:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.11.11 09:26:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_9.5.6.1001\iaStor.sys [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys [2009.12.17 04:25:25 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista32_Win7_32_9.5.6.1001\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.11.11 09:37:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.11.11 09:37:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.07.04 19:02:06 | 000,000,000 | ---- | M] () -- C:\Users\Marvin\defogger_reenable [2013.07.05 16:13:50 | 007,077,888 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat [2013.07.05 16:13:50 | 000,262,144 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat.LOG1 [2013.01.17 00:02:53 | 000,262,144 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat.LOG2 [2011.04.07 22:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.04.07 22:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.04.07 22:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.09.13 14:41:03 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{0c185974-fd98-11e1-9657-485b399b5ba0}.TM.blf [2012.09.13 14:41:03 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{0c185974-fd98-11e1-9657-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2012.09.13 14:41:03 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{0c185974-fd98-11e1-9657-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.06.05 01:20:31 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{109228fd-cd61-11e2-abd2-485b399b5ba0}.TM.blf [2013.06.05 01:20:31 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{109228fd-cd61-11e2-abd2-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.06.05 01:20:31 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{109228fd-cd61-11e2-abd2-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.03.24 19:36:56 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{1511d1a8-94a5-11e2-a180-485b399b5ba0}.TM.blf [2013.03.24 19:36:56 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{1511d1a8-94a5-11e2-a180-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.03.24 19:36:56 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{1511d1a8-94a5-11e2-a180-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.04.03 23:43:37 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{23bea75f-9c97-11e2-b277-485b399b5ba0}.TM.blf [2013.04.03 23:43:37 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{23bea75f-9c97-11e2-b277-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.04.03 23:43:37 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{23bea75f-9c97-11e2-b277-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.04.22 00:08:02 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2870c15b-aac7-11e2-930f-485b399b5ba0}.TM.blf [2013.04.22 00:08:02 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2870c15b-aac7-11e2-930f-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.04.22 00:08:02 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2870c15b-aac7-11e2-930f-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.07.04 14:48:23 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2a621fac-e475-11e2-b60f-485b399b5ba0}.TM.blf [2013.07.04 14:48:23 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2a621fac-e475-11e2-b60f-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.07.04 14:48:23 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2a621fac-e475-11e2-b60f-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.01.19 01:51:21 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{b1c0e0e7-61c4-11e2-9c66-485b399b5ba0}.TM.blf [2013.01.19 01:51:21 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{b1c0e0e7-61c4-11e2-9c66-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.01.19 01:51:21 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{b1c0e0e7-61c4-11e2-9c66-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.03.22 00:45:12 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{bb61ae90-9261-11e2-9d9a-485b399b5ba0}.TM.blf [2013.03.22 00:45:12 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{bb61ae90-9261-11e2-9d9a-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.03.22 00:45:12 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{bb61ae90-9261-11e2-9d9a-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2013.04.28 21:55:29 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{cb86aca9-b03b-11e2-a11e-485b399b5ba0}.TM.blf [2013.04.28 21:55:29 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{cb86aca9-b03b-11e2-a11e-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms [2013.04.28 21:55:29 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{cb86aca9-b03b-11e2-a11e-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms [2011.04.07 22:05:14 | 000,000,020 | -HS- | M] () -- C:\Users\Marvin\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC < End of report > |
|
05.07.2013, 19:02
| #4 |
| /// Malware-holic | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht hi, anhängen nur, wenn das/die Log(s) zu lang sind. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 21:19
| #5 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Erledigt, hier das TDSSKiller log mit 6 Funden: 22:02:27.0932 4828 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:02:27.0947 4828 ============================================================ 22:02:27.0947 4828 Current date / time: 2013/07/05 22:02:27.0947 22:02:27.0947 4828 SystemInfo: 22:02:27.0947 4828 22:02:27.0947 4828 OS Version: 6.1.7601 ServicePack: 1.0 22:02:27.0947 4828 Product type: Workstation 22:02:27.0947 4828 ComputerName: MARVIN-ASUS-PC 22:02:27.0947 4828 UserName: Marvin 22:02:27.0947 4828 Windows directory: C:\Windows 22:02:27.0947 4828 System windows directory: C:\Windows 22:02:27.0947 4828 Running under WOW64 22:02:27.0947 4828 Processor architecture: Intel x64 22:02:27.0947 4828 Number of processors: 4 22:02:27.0947 4828 Page size: 0x1000 22:02:27.0947 4828 Boot type: Normal boot 22:02:27.0947 4828 ============================================================ 22:02:28.0743 4828 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:02:28.0758 4828 ============================================================ 22:02:28.0758 4828 \Device\Harddisk0\DR0: 22:02:28.0758 4828 MBR partitions: 22:02:28.0758 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B8, BlocksNum 0xE8E1800 22:02:28.0774 4828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x113DC000, BlocksNum 0x28FA9800 22:02:28.0774 4828 ============================================================ 22:02:28.0821 4828 C: <-> \Device\Harddisk0\DR0\Partition1 22:02:28.0852 4828 D: <-> \Device\Harddisk0\DR0\Partition2 22:02:28.0852 4828 ============================================================ 22:02:28.0852 4828 Initialize success 22:02:28.0852 4828 ============================================================ 22:02:53.0906 4864 ============================================================ 22:02:53.0906 4864 Scan started 22:02:53.0906 4864 Mode: Manual; SigCheck; TDLFS; 22:02:53.0906 4864 ============================================================ 22:02:54.0296 4864 ================ Scan system memory ======================== 22:02:54.0296 4864 System memory - ok 22:02:54.0296 4864 ================ Scan services ============================= 22:02:54.0514 4864 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:02:54.0639 4864 1394ohci - ok 22:02:54.0717 4864 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys 22:02:54.0779 4864 acedrv11 - ok 22:02:54.0826 4864 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:02:54.0857 4864 ACPI - ok 22:02:54.0920 4864 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:02:54.0967 4864 AcpiPmi - ok 22:02:55.0123 4864 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:02:55.0138 4864 AdobeARMservice - ok 22:02:55.0279 4864 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:02:55.0310 4864 AdobeFlashPlayerUpdateSvc - ok 22:02:55.0372 4864 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:02:55.0403 4864 adp94xx - ok 22:02:55.0435 4864 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:02:55.0466 4864 adpahci - ok 22:02:55.0481 4864 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:02:55.0513 4864 adpu320 - ok 22:02:55.0544 4864 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:02:55.0637 4864 AeLookupSvc - ok 22:02:55.0715 4864 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe 22:02:55.0747 4864 AFBAgent - ok 22:02:55.0809 4864 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:02:55.0871 4864 AFD - ok 22:02:55.0903 4864 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:02:55.0934 4864 agp440 - ok 22:02:55.0981 4864 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:02:56.0043 4864 ALG - ok 22:02:56.0090 4864 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:02:56.0105 4864 aliide - ok 22:02:56.0137 4864 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:02:56.0168 4864 amdide - ok 22:02:56.0199 4864 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:02:56.0230 4864 AmdK8 - ok 22:02:56.0261 4864 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:02:56.0293 4864 AmdPPM - ok 22:02:56.0324 4864 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:02:56.0355 4864 amdsata - ok 22:02:56.0371 4864 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:02:56.0402 4864 amdsbs - ok 22:02:56.0417 4864 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:02:56.0433 4864 amdxata - ok 22:02:56.0495 4864 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:02:56.0589 4864 AppID - ok 22:02:56.0620 4864 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:02:56.0729 4864 AppIDSvc - ok 22:02:56.0792 4864 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 22:02:56.0839 4864 Appinfo - ok 22:02:56.0885 4864 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:02:56.0901 4864 arc - ok 22:02:56.0932 4864 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:02:56.0948 4864 arcsas - ok 22:02:57.0026 4864 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 22:02:57.0057 4864 ASLDRService - ok 22:02:57.0073 4864 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 22:02:57.0088 4864 ASMMAP64 - ok 22:02:57.0135 4864 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 22:02:57.0151 4864 aswFsBlk - ok 22:02:57.0244 4864 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 22:02:57.0260 4864 aswKbd - ok 22:02:57.0338 4864 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 22:02:57.0369 4864 aswMonFlt - ok 22:02:57.0431 4864 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 22:02:57.0447 4864 aswRdr - ok 22:02:57.0509 4864 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 22:02:57.0541 4864 aswRvrt - ok 22:02:57.0603 4864 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 22:02:57.0681 4864 aswSnx - ok 22:02:57.0697 4864 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys 22:02:57.0743 4864 aswSP - ok 22:02:57.0806 4864 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 22:02:57.0821 4864 aswTdi - ok 22:02:57.0868 4864 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 22:02:57.0915 4864 aswVmm - ok 22:02:57.0946 4864 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:02:58.0040 4864 AsyncMac - ok 22:02:58.0071 4864 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:02:58.0087 4864 atapi - ok 22:02:58.0180 4864 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys 22:02:58.0321 4864 athr - ok 22:02:58.0352 4864 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 22:02:58.0383 4864 ATKGFNEXSrv - ok 22:02:58.0430 4864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:02:58.0539 4864 AudioEndpointBuilder - ok 22:02:58.0586 4864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:02:58.0664 4864 AudioSrv - ok 22:02:58.0742 4864 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 22:02:58.0773 4864 avast! Antivirus - ok 22:02:58.0820 4864 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:02:58.0882 4864 AxInstSV - ok 22:02:58.0929 4864 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:02:58.0976 4864 b06bdrv - ok 22:02:59.0007 4864 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:02:59.0054 4864 b57nd60a - ok 22:02:59.0101 4864 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:02:59.0147 4864 BDESVC - ok 22:02:59.0163 4864 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:02:59.0257 4864 Beep - ok 22:02:59.0319 4864 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:02:59.0444 4864 BFE - ok 22:02:59.0475 4864 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 22:02:59.0615 4864 BITS - ok 22:02:59.0647 4864 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:02:59.0678 4864 blbdrive - ok 22:02:59.0725 4864 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:02:59.0771 4864 bowser - ok 22:02:59.0803 4864 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:02:59.0849 4864 BrFiltLo - ok 22:02:59.0865 4864 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:02:59.0912 4864 BrFiltUp - ok 22:02:59.0959 4864 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 22:02:59.0990 4864 Browser - ok 22:03:00.0037 4864 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:03:00.0083 4864 Brserid - ok 22:03:00.0115 4864 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:03:00.0146 4864 BrSerWdm - ok 22:03:00.0177 4864 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:03:00.0224 4864 BrUsbMdm - ok 22:03:00.0239 4864 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:03:00.0286 4864 BrUsbSer - ok 22:03:00.0333 4864 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 22:03:00.0380 4864 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 22:03:00.0380 4864 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 22:03:00.0411 4864 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:03:00.0458 4864 BTHMODEM - ok 22:03:00.0505 4864 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:03:00.0598 4864 bthserv - ok 22:03:00.0629 4864 [ 7B70ED64ECCD8EE837EDA4245050AB9F ] Bulk C:\Windows\system32\Drivers\HDJBulk.sys 22:03:00.0676 4864 Bulk - ok 22:03:00.0707 4864 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:03:00.0801 4864 cdfs - ok 22:03:00.0832 4864 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:03:00.0879 4864 cdrom - ok 22:03:00.0926 4864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:03:01.0019 4864 CertPropSvc - ok 22:03:01.0066 4864 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:03:01.0097 4864 circlass - ok 22:03:01.0160 4864 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:03:01.0191 4864 CLFS - ok 22:03:01.0269 4864 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:03:01.0285 4864 clr_optimization_v2.0.50727_32 - ok 22:03:01.0331 4864 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:03:01.0347 4864 clr_optimization_v2.0.50727_64 - ok 22:03:01.0441 4864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:03:01.0456 4864 clr_optimization_v4.0.30319_32 - ok 22:03:01.0503 4864 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:03:01.0519 4864 clr_optimization_v4.0.30319_64 - ok 22:03:01.0565 4864 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:03:01.0597 4864 CmBatt - ok 22:03:01.0628 4864 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:03:01.0643 4864 cmdide - ok 22:03:01.0721 4864 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:03:01.0799 4864 CNG - ok 22:03:01.0846 4864 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:03:01.0877 4864 Compbatt - ok 22:03:01.0924 4864 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:03:01.0987 4864 CompositeBus - ok 22:03:02.0002 4864 COMSysApp - ok 22:03:02.0033 4864 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:03:02.0065 4864 crcdisk - ok 22:03:02.0111 4864 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:03:02.0158 4864 CryptSvc - ok 22:03:02.0221 4864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:03:02.0314 4864 DcomLaunch - ok 22:03:02.0345 4864 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:03:02.0439 4864 defragsvc - ok 22:03:02.0486 4864 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:03:02.0579 4864 DfsC - ok 22:03:02.0626 4864 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:03:02.0673 4864 Dhcp - ok 22:03:02.0720 4864 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:03:02.0798 4864 discache - ok 22:03:02.0860 4864 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:03:02.0876 4864 Disk - ok 22:03:02.0923 4864 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:03:02.0969 4864 Dnscache - ok 22:03:03.0016 4864 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:03:03.0110 4864 dot3svc - ok 22:03:03.0157 4864 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:03:03.0250 4864 DPS - ok 22:03:03.0281 4864 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:03:03.0313 4864 drmkaud - ok 22:03:03.0359 4864 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:03:03.0437 4864 DXGKrnl - ok 22:03:03.0469 4864 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:03:03.0562 4864 EapHost - ok 22:03:03.0640 4864 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:03:03.0796 4864 ebdrv - ok 22:03:03.0827 4864 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:03:03.0890 4864 EFS - ok 22:03:03.0952 4864 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:03:04.0030 4864 ehRecvr - ok 22:03:04.0061 4864 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:03:04.0108 4864 ehSched - ok 22:03:04.0171 4864 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:03:04.0202 4864 elxstor - ok 22:03:04.0233 4864 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:03:04.0280 4864 ErrDev - ok 22:03:04.0342 4864 [ E59037B5A671A67C579CBEF0439A5DD1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 22:03:04.0373 4864 ETD - ok 22:03:04.0420 4864 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:03:04.0514 4864 EventSystem - ok 22:03:04.0576 4864 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 22:03:04.0607 4864 ewusbnet - ok 22:03:04.0623 4864 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 22:03:04.0670 4864 ew_hwusbdev - ok 22:03:04.0717 4864 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:03:04.0795 4864 exfat - ok 22:03:04.0873 4864 Fabs - ok 22:03:04.0888 4864 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:03:04.0982 4864 fastfat - ok 22:03:05.0029 4864 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:03:05.0091 4864 Fax - ok 22:03:05.0122 4864 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:03:05.0169 4864 fdc - ok 22:03:05.0216 4864 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:03:05.0294 4864 fdPHost - ok 22:03:05.0309 4864 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:03:05.0403 4864 FDResPub - ok 22:03:05.0419 4864 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:03:05.0434 4864 FileInfo - ok 22:03:05.0450 4864 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:03:05.0528 4864 Filetrace - ok 22:03:05.0637 4864 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe 22:03:05.0793 4864 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 22:03:05.0793 4864 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 22:03:05.0824 4864 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:03:05.0871 4864 flpydisk - ok 22:03:05.0918 4864 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:03:05.0949 4864 FltMgr - ok 22:03:05.0996 4864 [ E546FB34A4986316AFC4DBACB32AE80E ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys 22:03:06.0027 4864 FLxHCIc - ok 22:03:06.0089 4864 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 22:03:06.0183 4864 FontCache - ok 22:03:06.0261 4864 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:03:06.0277 4864 FontCache3.0.0.0 - ok 22:03:06.0355 4864 [ 95AADF874417137E9ACE411F9900816F ] Freedom Scientific Kernel Manager C:\Windows\system32\fsKMgr.dll 22:03:06.0386 4864 Freedom Scientific Kernel Manager - ok 22:03:06.0417 4864 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:03:06.0433 4864 FsDepends - ok 22:03:06.0464 4864 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 22:03:06.0495 4864 fssfltr - ok 22:03:06.0542 4864 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 22:03:06.0604 4864 fsssvc - ok 22:03:06.0682 4864 [ 108464D10DC071D4DC8EB7EBFF23765F ] fsvidmir_service C:\Windows\system32\DRIVERS\fsvidmir.sys 22:03:06.0698 4864 fsvidmir_service - ok 22:03:06.0729 4864 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:03:06.0760 4864 Fs_Rec - ok 22:03:06.0791 4864 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:03:06.0823 4864 fvevol - ok 22:03:06.0869 4864 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:03:06.0885 4864 gagp30kx - ok 22:03:06.0932 4864 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:03:07.0041 4864 gpsvc - ok 22:03:07.0072 4864 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:03:07.0103 4864 hcw85cir - ok 22:03:07.0150 4864 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:03:07.0213 4864 HdAudAddService - ok 22:03:07.0244 4864 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:03:07.0291 4864 HDAudBus - ok 22:03:07.0337 4864 [ 606A8AB506D02EB454340DB1FE26C92C ] HDJAsioK C:\Windows\system32\Drivers\HDJAsioK.sys 22:03:07.0369 4864 HDJAsioK - ok 22:03:07.0384 4864 [ 91B8F0F989454A0A21242BB38EA6C408 ] HDJMidi C:\Windows\system32\DRIVERS\HDJMidi.sys 22:03:07.0431 4864 HDJMidi - ok 22:03:07.0462 4864 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 22:03:07.0478 4864 HECIx64 - ok 22:03:07.0556 4864 [ 0CBEFE7357A2C0EDDF1E287EBCB749C1 ] HerculesDJControlMP3 C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE 22:03:07.0587 4864 HerculesDJControlMP3 ( UnsignedFile.Multi.Generic ) - warning 22:03:07.0587 4864 HerculesDJControlMP3 - detected UnsignedFile.Multi.Generic (1) 22:03:07.0603 4864 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:03:07.0649 4864 HidBatt - ok 22:03:07.0665 4864 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:03:07.0712 4864 HidBth - ok 22:03:07.0743 4864 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:03:07.0790 4864 HidIr - ok 22:03:07.0821 4864 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:03:07.0899 4864 hidserv - ok 22:03:07.0961 4864 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:03:07.0993 4864 HidUsb - ok 22:03:08.0039 4864 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:03:08.0117 4864 hkmsvc - ok 22:03:08.0164 4864 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:03:08.0211 4864 HomeGroupListener - ok 22:03:08.0242 4864 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:03:08.0289 4864 HomeGroupProvider - ok 22:03:08.0320 4864 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:03:08.0351 4864 HpSAMD - ok 22:03:08.0414 4864 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:03:08.0539 4864 HTTP - ok 22:03:08.0570 4864 [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 22:03:08.0601 4864 huawei_enumerator - ok 22:03:08.0632 4864 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 22:03:08.0679 4864 hwdatacard - ok 22:03:08.0710 4864 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:03:08.0726 4864 hwpolicy - ok 22:03:08.0773 4864 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:03:08.0788 4864 i8042prt - ok 22:03:08.0835 4864 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 22:03:08.0882 4864 iaStor - ok 22:03:08.0929 4864 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:03:08.0960 4864 iaStorV - ok 22:03:09.0022 4864 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:03:09.0085 4864 idsvc - ok 22:03:09.0381 4864 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 22:03:09.0818 4864 igfx - ok 22:03:09.0865 4864 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:03:09.0880 4864 iirsp - ok 22:03:09.0943 4864 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:03:10.0067 4864 IKEEXT - ok 22:03:10.0114 4864 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 22:03:10.0161 4864 Impcd - ok 22:03:10.0270 4864 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:03:10.0395 4864 IntcAzAudAddService - ok 22:03:10.0442 4864 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 22:03:10.0473 4864 IntcDAud - ok 22:03:10.0504 4864 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:03:10.0520 4864 intelide - ok 22:03:10.0551 4864 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:03:10.0598 4864 intelppm - ok 22:03:10.0645 4864 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:03:10.0723 4864 IPBusEnum - ok 22:03:10.0754 4864 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:03:10.0847 4864 IpFilterDriver - ok 22:03:10.0879 4864 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:03:10.0941 4864 iphlpsvc - ok 22:03:10.0988 4864 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:03:11.0019 4864 IPMIDRV - ok 22:03:11.0066 4864 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:03:11.0159 4864 IPNAT - ok 22:03:11.0191 4864 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:03:11.0237 4864 IRENUM - ok 22:03:11.0284 4864 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:03:11.0300 4864 isapnp - ok 22:03:11.0315 4864 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:03:11.0347 4864 iScsiPrt - ok 22:03:11.0471 4864 [ F81AF7F5AA4688039A9F2B822E6C90DC ] JTVNCProxy_13.0 C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe 22:03:11.0487 4864 JTVNCProxy_13.0 - ok 22:03:11.0518 4864 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:03:11.0549 4864 kbdclass - ok 22:03:11.0581 4864 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:03:11.0627 4864 kbdhid - ok 22:03:11.0659 4864 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 22:03:11.0674 4864 kbfiltr - ok 22:03:11.0705 4864 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:03:11.0737 4864 KeyIso - ok 22:03:11.0752 4864 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:03:11.0783 4864 KSecDD - ok 22:03:11.0815 4864 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:03:11.0830 4864 KSecPkg - ok 22:03:11.0877 4864 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:03:11.0955 4864 ksthunk - ok 22:03:11.0986 4864 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:03:12.0064 4864 KtmRm - ok 22:03:12.0111 4864 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 22:03:12.0142 4864 L1C - ok 22:03:12.0189 4864 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:03:12.0283 4864 LanmanServer - ok 22:03:12.0314 4864 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:03:12.0407 4864 LanmanWorkstation - ok 22:03:12.0454 4864 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:03:12.0548 4864 lltdio - ok 22:03:12.0579 4864 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:03:12.0673 4864 lltdsvc - ok 22:03:12.0704 4864 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:03:12.0782 4864 lmhosts - ok 22:03:12.0860 4864 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 22:03:12.0875 4864 LMS ( UnsignedFile.Multi.Generic ) - warning 22:03:12.0875 4864 LMS - detected UnsignedFile.Multi.Generic (1) 22:03:12.0907 4864 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:03:12.0938 4864 LSI_FC - ok 22:03:12.0969 4864 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:03:12.0985 4864 LSI_SAS - ok 22:03:13.0000 4864 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:03:13.0016 4864 LSI_SAS2 - ok 22:03:13.0047 4864 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:03:13.0063 4864 LSI_SCSI - ok 22:03:13.0078 4864 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:03:13.0156 4864 luafv - ok 22:03:13.0203 4864 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:03:13.0250 4864 Mcx2Svc - ok 22:03:13.0265 4864 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:03:13.0281 4864 megasas - ok 22:03:13.0312 4864 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:03:13.0328 4864 MegaSR - ok 22:03:13.0375 4864 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:03:13.0468 4864 MMCSS - ok 22:03:13.0484 4864 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:03:13.0562 4864 Modem - ok 22:03:13.0593 4864 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:03:13.0640 4864 monitor - ok 22:03:13.0671 4864 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:03:13.0702 4864 mouclass - ok 22:03:13.0733 4864 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:03:13.0765 4864 mouhid - ok 22:03:13.0811 4864 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:03:13.0827 4864 mountmgr - ok 22:03:13.0936 4864 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:03:13.0952 4864 MozillaMaintenance - ok 22:03:13.0967 4864 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:03:13.0999 4864 mpio - ok 22:03:14.0014 4864 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:03:14.0092 4864 mpsdrv - ok 22:03:14.0139 4864 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:03:14.0264 4864 MpsSvc - ok 22:03:14.0295 4864 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:03:14.0342 4864 MRxDAV - ok 22:03:14.0373 4864 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:03:14.0404 4864 mrxsmb - ok 22:03:14.0435 4864 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:03:14.0467 4864 mrxsmb10 - ok 22:03:14.0482 4864 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:03:14.0513 4864 mrxsmb20 - ok 22:03:14.0545 4864 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:03:14.0576 4864 msahci - ok 22:03:14.0607 4864 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:03:14.0623 4864 msdsm - ok 22:03:14.0654 4864 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:03:14.0685 4864 MSDTC - ok 22:03:14.0732 4864 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:03:14.0810 4864 Msfs - ok 22:03:14.0841 4864 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:03:14.0919 4864 mshidkmdf - ok 22:03:14.0935 4864 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:03:14.0966 4864 msisadrv - ok 22:03:14.0997 4864 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:03:15.0075 4864 MSiSCSI - ok 22:03:15.0091 4864 msiserver - ok 22:03:15.0122 4864 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:03:15.0215 4864 MSKSSRV - ok 22:03:15.0231 4864 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:03:15.0309 4864 MSPCLOCK - ok 22:03:15.0309 4864 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:03:15.0403 4864 MSPQM - ok 22:03:15.0449 4864 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:03:15.0481 4864 MsRPC - ok 22:03:15.0496 4864 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:03:15.0527 4864 mssmbios - ok 22:03:15.0559 4864 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:03:15.0652 4864 MSTEE - ok 22:03:15.0668 4864 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:03:15.0683 4864 MTConfig - ok 22:03:15.0699 4864 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys 22:03:15.0730 4864 MTsensor - ok 22:03:15.0746 4864 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:03:15.0761 4864 Mup - ok 22:03:15.0793 4864 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:03:15.0902 4864 napagent - ok 22:03:15.0964 4864 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:03:15.0995 4864 NativeWifiP - ok 22:03:16.0073 4864 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:03:16.0136 4864 NDIS - ok 22:03:16.0167 4864 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:03:16.0245 4864 NdisCap - ok 22:03:16.0276 4864 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:03:16.0370 4864 NdisTapi - ok 22:03:16.0401 4864 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:03:16.0479 4864 Ndisuio - ok 22:03:16.0510 4864 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:03:16.0604 4864 NdisWan - ok 22:03:16.0635 4864 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:03:16.0713 4864 NDProxy - ok 22:03:16.0760 4864 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:03:16.0838 4864 NetBIOS - ok 22:03:16.0869 4864 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:03:16.0947 4864 NetBT - ok 22:03:16.0978 4864 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:03:17.0009 4864 Netlogon - ok 22:03:17.0041 4864 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:03:17.0134 4864 Netman - ok 22:03:17.0165 4864 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:03:17.0275 4864 netprofm - ok 22:03:17.0306 4864 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:03:17.0321 4864 NetTcpPortSharing - ok 22:03:17.0368 4864 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:03:17.0384 4864 nfrd960 - ok 22:03:17.0431 4864 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:03:17.0477 4864 NlaSvc - ok 22:03:17.0493 4864 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:03:17.0555 4864 Npfs - ok 22:03:17.0587 4864 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:03:17.0680 4864 nsi - ok 22:03:17.0711 4864 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:03:17.0789 4864 nsiproxy - ok 22:03:17.0852 4864 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:03:17.0961 4864 Ntfs - ok 22:03:17.0977 4864 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:03:18.0055 4864 Null - ok 22:03:18.0351 4864 [ CE546130D7DBF7CB64B63D465CA15935 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:03:18.0913 4864 nvlddmkm - ok 22:03:19.0069 4864 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:03:19.0100 4864 nvraid - ok 22:03:19.0115 4864 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:03:19.0147 4864 nvstor - ok 22:03:19.0193 4864 [ 58B429FC99F6D5AA8D4CF2E7B94D5A0B ] nvsvc C:\Windows\system32\nvvsvc.exe 22:03:19.0225 4864 nvsvc - ok 22:03:19.0303 4864 [ 55A30D736FEA4419AA621F998457B2A9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 22:03:19.0396 4864 nvUpdatusService - ok 22:03:19.0443 4864 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:03:19.0459 4864 nv_agp - ok 22:03:19.0568 4864 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:03:19.0599 4864 odserv - ok 22:03:19.0630 4864 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:03:19.0677 4864 ohci1394 - ok 22:03:19.0708 4864 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:03:19.0724 4864 ose - ok 22:03:19.0755 4864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:03:19.0802 4864 p2pimsvc - ok 22:03:19.0833 4864 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:03:19.0895 4864 p2psvc - ok 22:03:19.0911 4864 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:03:19.0942 4864 Parport - ok 22:03:19.0973 4864 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:03:20.0005 4864 partmgr - ok 22:03:20.0020 4864 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:03:20.0083 4864 PcaSvc - ok 22:03:20.0098 4864 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:03:20.0129 4864 pci - ok 22:03:20.0145 4864 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:03:20.0161 4864 pciide - ok 22:03:20.0192 4864 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:03:20.0223 4864 pcmcia - ok 22:03:20.0239 4864 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:03:20.0270 4864 pcw - ok 22:03:20.0285 4864 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:03:20.0395 4864 PEAUTH - ok 22:03:20.0488 4864 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:03:20.0519 4864 PerfHost - ok 22:03:20.0597 4864 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:03:20.0738 4864 pla - ok 22:03:20.0785 4864 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:03:20.0831 4864 PlugPlay - ok 22:03:20.0863 4864 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:03:20.0909 4864 PNRPAutoReg - ok 22:03:20.0925 4864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:03:20.0956 4864 PNRPsvc - ok 22:03:20.0987 4864 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:03:21.0097 4864 PolicyAgent - ok 22:03:21.0143 4864 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:03:21.0221 4864 Power - ok 22:03:21.0284 4864 [ 899AB3ACE3474CBF8BE4852AAA92B412 ] PowerBrl C:\Windows\system32\Drivers\powerbrl.sys 22:03:21.0315 4864 PowerBrl - ok 22:03:21.0362 4864 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:03:21.0424 4864 PptpMiniport - ok 22:03:21.0455 4864 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:03:21.0487 4864 Processor - ok 22:03:21.0533 4864 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:03:21.0565 4864 ProfSvc - ok 22:03:21.0580 4864 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:03:21.0611 4864 ProtectedStorage - ok 22:03:21.0643 4864 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:03:21.0721 4864 Psched - ok 22:03:21.0783 4864 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 22:03:21.0799 4864 PSI - ok 22:03:21.0877 4864 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:03:21.0970 4864 ql2300 - ok 22:03:21.0986 4864 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:03:22.0017 4864 ql40xx - ok 22:03:22.0048 4864 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:03:22.0095 4864 QWAVE - ok 22:03:22.0095 4864 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:03:22.0142 4864 QWAVEdrv - ok 22:03:22.0157 4864 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:03:22.0235 4864 RasAcd - ok 22:03:22.0282 4864 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:03:22.0360 4864 RasAgileVpn - ok 22:03:22.0407 4864 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:03:22.0501 4864 RasAuto - ok 22:03:22.0532 4864 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:03:22.0625 4864 Rasl2tp - ok 22:03:22.0657 4864 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:03:22.0750 4864 RasMan - ok 22:03:22.0781 4864 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:03:22.0875 4864 RasPppoe - ok 22:03:22.0891 4864 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:03:22.0984 4864 RasSstp - ok 22:03:23.0015 4864 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:03:23.0093 4864 rdbss - ok 22:03:23.0109 4864 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:03:23.0140 4864 rdpbus - ok 22:03:23.0171 4864 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:03:23.0234 4864 RDPCDD - ok 22:03:23.0249 4864 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:03:23.0327 4864 RDPENCDD - ok 22:03:23.0359 4864 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:03:23.0452 4864 RDPREFMP - ok 22:03:23.0483 4864 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:03:23.0515 4864 RDPWD - ok 22:03:23.0561 4864 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:03:23.0577 4864 rdyboost - ok 22:03:23.0608 4864 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:03:23.0702 4864 RemoteAccess - ok 22:03:23.0749 4864 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:03:23.0842 4864 RemoteRegistry - ok 22:03:23.0936 4864 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 22:03:23.0967 4864 RichVideo ( UnsignedFile.Multi.Generic ) - warning 22:03:23.0967 4864 RichVideo - detected UnsignedFile.Multi.Generic (1) 22:03:24.0014 4864 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:03:24.0092 4864 RpcEptMapper - ok 22:03:24.0107 4864 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:03:24.0154 4864 RpcLocator - ok 22:03:24.0185 4864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:03:24.0263 4864 RpcSs - ok 22:03:24.0326 4864 [ 0103AA79589FCA09DF1DF9B31273B16D ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 22:03:24.0357 4864 RSPCIESTOR - ok 22:03:24.0404 4864 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:03:24.0482 4864 rspndr - ok 22:03:24.0513 4864 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:03:24.0529 4864 SamSs - ok 22:03:24.0560 4864 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:03:24.0575 4864 sbp2port - ok 22:03:24.0669 4864 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 22:03:24.0747 4864 SBSDWSCService - ok 22:03:24.0778 4864 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:03:24.0887 4864 SCardSvr - ok 22:03:24.0919 4864 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:03:24.0981 4864 scfilter - ok 22:03:25.0028 4864 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:03:25.0153 4864 Schedule - ok 22:03:25.0199 4864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:03:25.0262 4864 SCPolicySvc - ok 22:03:25.0324 4864 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 22:03:25.0371 4864 sdbus - ok 22:03:25.0402 4864 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:03:25.0449 4864 SDRSVC - ok 22:03:25.0480 4864 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:03:25.0574 4864 secdrv - ok 22:03:25.0605 4864 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:03:25.0699 4864 seclogon - ok 22:03:25.0761 4864 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 22:03:25.0839 4864 Secunia PSI Agent - ok 22:03:25.0855 4864 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 22:03:25.0886 4864 Secunia Update Agent - ok 22:03:25.0933 4864 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:03:26.0011 4864 SENS - ok 22:03:26.0042 4864 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:03:26.0089 4864 SensrSvc - ok 22:03:26.0104 4864 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys 22:03:26.0135 4864 Sentinel64 - ok 22:03:26.0151 4864 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:03:26.0167 4864 Serenum - ok 22:03:26.0213 4864 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:03:26.0245 4864 Serial - ok 22:03:26.0276 4864 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:03:26.0323 4864 sermouse - ok 22:03:26.0369 4864 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:03:26.0447 4864 SessionEnv - ok 22:03:26.0479 4864 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:03:26.0510 4864 sffdisk - ok 22:03:26.0525 4864 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:03:26.0557 4864 sffp_mmc - ok 22:03:26.0572 4864 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:03:26.0603 4864 sffp_sd - ok 22:03:26.0635 4864 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:03:26.0681 4864 sfloppy - ok 22:03:26.0728 4864 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:03:26.0806 4864 SharedAccess - ok 22:03:26.0837 4864 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:03:26.0947 4864 ShellHWDetection - ok 22:03:26.0993 4864 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 22:03:27.0040 4864 SiSGbeLH - ok 22:03:27.0071 4864 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:03:27.0087 4864 SiSRaid2 - ok 22:03:27.0103 4864 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:03:27.0134 4864 SiSRaid4 - ok 22:03:27.0165 4864 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:03:27.0243 4864 Smb - ok 22:03:27.0305 4864 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:03:27.0337 4864 SNMPTRAP - ok 22:03:27.0430 4864 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 22:03:27.0508 4864 SNP2UVC - ok 22:03:27.0539 4864 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:03:27.0555 4864 spldr - ok 22:03:27.0586 4864 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 22:03:27.0664 4864 Spooler - ok 22:03:27.0758 4864 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:03:27.0945 4864 sppsvc - ok 22:03:27.0976 4864 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:03:28.0070 4864 sppuinotify - ok 22:03:28.0148 4864 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:03:28.0195 4864 srv - ok 22:03:28.0226 4864 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:03:28.0273 4864 srv2 - ok 22:03:28.0304 4864 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:03:28.0319 4864 srvnet - ok 22:03:28.0382 4864 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:03:28.0475 4864 SSDPSRV - ok 22:03:28.0491 4864 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:03:28.0585 4864 SstpSvc - ok 22:03:28.0600 4864 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:03:28.0631 4864 stexstor - ok 22:03:28.0678 4864 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:03:28.0741 4864 stisvc - ok 22:03:28.0772 4864 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:03:28.0803 4864 swenum - ok 22:03:28.0834 4864 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:03:28.0928 4864 swprv - ok 22:03:28.0990 4864 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:03:29.0084 4864 SysMain - ok 22:03:29.0115 4864 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:03:29.0162 4864 TabletInputService - ok 22:03:29.0193 4864 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:03:29.0287 4864 TapiSrv - ok 22:03:29.0333 4864 [ 93F0F5EF8A4CA261372DF98B31B2BD05 ] tbhsd C:\Windows\system32\drivers\tbhsd.sys 22:03:29.0365 4864 tbhsd - ok 22:03:29.0396 4864 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:03:29.0474 4864 TBS - ok 22:03:29.0552 4864 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:03:29.0645 4864 Tcpip - ok 22:03:29.0708 4864 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:03:29.0786 4864 TCPIP6 - ok 22:03:29.0817 4864 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:03:29.0864 4864 tcpipreg - ok 22:03:29.0895 4864 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:03:29.0926 4864 TDPIPE - ok 22:03:29.0957 4864 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:03:29.0989 4864 TDTCP - ok 22:03:30.0035 4864 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:03:30.0129 4864 tdx - ok 22:03:30.0160 4864 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:03:30.0176 4864 TermDD - ok 22:03:30.0207 4864 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:03:30.0301 4864 TermService - ok 22:03:30.0347 4864 [ AB10AFD7809ABA275A8E20F215C5C0BD ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe 22:03:30.0363 4864 TGCM_ImportWiFiSvc - ok 22:03:30.0394 4864 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:03:30.0425 4864 Themes - ok 22:03:30.0457 4864 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:03:30.0519 4864 THREADORDER - ok 22:03:30.0566 4864 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:03:30.0659 4864 TrkWks - ok 22:03:30.0706 4864 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:03:30.0800 4864 TrustedInstaller - ok 22:03:30.0831 4864 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:03:30.0893 4864 tssecsrv - ok 22:03:30.0925 4864 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:03:30.0956 4864 TsUsbFlt - ok 22:03:31.0018 4864 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:03:31.0096 4864 tunnel - ok 22:03:31.0127 4864 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 22:03:31.0159 4864 TurboB - ok 22:03:31.0237 4864 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 22:03:31.0252 4864 TurboBoost - ok 22:03:31.0299 4864 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:03:31.0315 4864 uagp35 - ok 22:03:31.0346 4864 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:03:31.0439 4864 udfs - ok 22:03:31.0471 4864 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:03:31.0502 4864 UI0Detect - ok 22:03:31.0533 4864 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:03:31.0564 4864 uliagpkx - ok 22:03:31.0611 4864 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 22:03:31.0658 4864 umbus - ok 22:03:31.0705 4864 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:03:31.0751 4864 UmPass - ok 22:03:31.0861 4864 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 22:03:31.0939 4864 UNS ( UnsignedFile.Multi.Generic ) - warning 22:03:31.0939 4864 UNS - detected UnsignedFile.Multi.Generic (1) 22:03:31.0970 4864 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:03:32.0063 4864 upnphost - ok 22:03:32.0110 4864 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:03:32.0157 4864 usbaudio - ok 22:03:32.0188 4864 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:03:32.0219 4864 usbccgp - ok 22:03:32.0251 4864 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:03:32.0297 4864 usbcir - ok 22:03:32.0329 4864 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 22:03:32.0360 4864 usbehci - ok 22:03:32.0391 4864 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:03:32.0438 4864 usbhub - ok 22:03:32.0469 4864 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:03:32.0500 4864 usbohci - ok 22:03:32.0547 4864 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:03:32.0578 4864 usbprint - ok 22:03:32.0609 4864 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:03:32.0641 4864 USBSTOR - ok 22:03:32.0641 4864 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:03:32.0672 4864 usbuhci - ok 22:03:32.0719 4864 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:03:32.0750 4864 usbvideo - ok 22:03:32.0781 4864 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:03:32.0859 4864 UxSms - ok 22:03:32.0890 4864 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:03:32.0921 4864 VaultSvc - ok 22:03:32.0968 4864 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:03:32.0984 4864 vdrvroot - ok 22:03:33.0015 4864 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:03:33.0124 4864 vds - ok 22:03:33.0155 4864 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:03:33.0202 4864 vga - ok 22:03:33.0218 4864 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:03:33.0311 4864 VgaSave - ok 22:03:33.0343 4864 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:03:33.0374 4864 vhdmp - ok 22:03:33.0389 4864 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:03:33.0421 4864 viaide - ok 22:03:33.0452 4864 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:03:33.0467 4864 volmgr - ok 22:03:33.0499 4864 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:03:33.0545 4864 volmgrx - ok 22:03:33.0561 4864 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:03:33.0592 4864 volsnap - ok 22:03:33.0639 4864 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:03:33.0655 4864 vsmraid - ok 22:03:33.0733 4864 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:03:33.0873 4864 VSS - ok 22:03:33.0889 4864 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:03:33.0920 4864 vwifibus - ok 22:03:33.0935 4864 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:03:33.0982 4864 vwififlt - ok 22:03:34.0013 4864 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:03:34.0045 4864 vwifimp - ok 22:03:34.0091 4864 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:03:34.0201 4864 W32Time - ok 22:03:34.0232 4864 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:03:34.0263 4864 WacomPen - ok 22:03:34.0325 4864 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:03:34.0388 4864 WANARP - ok 22:03:34.0388 4864 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:03:34.0466 4864 Wanarpv6 - ok 22:03:34.0528 4864 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:03:34.0606 4864 wbengine - ok 22:03:34.0637 4864 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:03:34.0669 4864 WbioSrvc - ok 22:03:34.0700 4864 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:03:34.0762 4864 wcncsvc - ok 22:03:34.0778 4864 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:03:34.0809 4864 WcsPlugInService - ok 22:03:34.0856 4864 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:03:34.0871 4864 Wd - ok 22:03:34.0918 4864 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:03:34.0981 4864 Wdf01000 - ok 22:03:34.0996 4864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:03:35.0059 4864 WdiServiceHost - ok 22:03:35.0059 4864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:03:35.0105 4864 WdiSystemHost - ok 22:03:35.0137 4864 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:03:35.0183 4864 WebClient - ok 22:03:35.0215 4864 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:03:35.0293 4864 Wecsvc - ok 22:03:35.0308 4864 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:03:35.0402 4864 wercplsupport - ok 22:03:35.0433 4864 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:03:35.0527 4864 WerSvc - ok 22:03:35.0558 4864 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:03:35.0651 4864 WfpLwf - ok 22:03:35.0698 4864 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 22:03:35.0714 4864 WimFltr - ok 22:03:35.0729 4864 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:03:35.0745 4864 WIMMount - ok 22:03:35.0776 4864 WinDefend - ok 22:03:35.0792 4864 WinHttpAutoProxySvc - ok 22:03:35.0870 4864 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:03:35.0948 4864 Winmgmt - ok 22:03:36.0010 4864 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:03:36.0151 4864 WinRM - ok 22:03:36.0229 4864 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:03:36.0260 4864 WinUsb - ok 22:03:36.0291 4864 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:03:36.0369 4864 Wlansvc - ok 22:03:36.0416 4864 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:03:36.0447 4864 WmiAcpi - ok 22:03:36.0494 4864 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:03:36.0541 4864 wmiApSrv - ok 22:03:36.0572 4864 WMPNetworkSvc - ok 22:03:36.0587 4864 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:03:36.0619 4864 WPCSvc - ok 22:03:36.0650 4864 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:03:36.0681 4864 WPDBusEnum - ok 22:03:36.0712 4864 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:03:36.0790 4864 ws2ifsl - ok 22:03:36.0806 4864 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 22:03:36.0868 4864 wscsvc - ok 22:03:36.0868 4864 WSearch - ok 22:03:36.0962 4864 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:03:37.0087 4864 wuauserv - ok 22:03:37.0118 4864 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:03:37.0165 4864 WudfPf - ok 22:03:37.0196 4864 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:03:37.0243 4864 WUDFRd - ok 22:03:37.0258 4864 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:03:37.0289 4864 wudfsvc - ok 22:03:37.0321 4864 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 22:03:37.0367 4864 WwanSvc - ok 22:03:38.0179 4864 ================ Scan global =============================== 22:03:38.0210 4864 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:03:38.0241 4864 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:03:38.0257 4864 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:03:38.0288 4864 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:03:38.0319 4864 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:03:38.0335 4864 [Global] - ok 22:03:38.0335 4864 ================ Scan MBR ================================== 22:03:38.0366 4864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:03:39.0130 4864 \Device\Harddisk0\DR0 - ok 22:03:39.0130 4864 ================ Scan VBR ================================== 22:03:39.0130 4864 [ 952E352DDDF5D6EC2711D85063A88FA8 ] \Device\Harddisk0\DR0\Partition1 22:03:39.0146 4864 \Device\Harddisk0\DR0\Partition1 - ok 22:03:39.0177 4864 [ AFD05CBBAE2F4DCD30AE28E5BA6D77B0 ] \Device\Harddisk0\DR0\Partition2 22:03:39.0177 4864 \Device\Harddisk0\DR0\Partition2 - ok 22:03:39.0177 4864 ============================================================ 22:03:39.0177 4864 Scan finished 22:03:39.0177 4864 ============================================================ 22:03:39.0193 5608 Detected object count: 6 22:03:39.0193 5608 Actual detected object count: 6 22:05:11.0358 5608 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:11.0358 5608 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:11.0358 5608 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:11.0358 5608 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:11.0358 5608 HerculesDJControlMP3 ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:11.0358 5608 HerculesDJControlMP3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:11.0358 5608 LMS ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:11.0358 5608 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:11.0373 5608 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:11.0373 5608 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:11.0373 5608 UNS ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:11.0373 5608 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
05.07.2013, 21:48
| #6 |
| /// Malware-holic | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hi, Scan mit Combofix
__________________ --> Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht |
|
06.07.2013, 00:13
| #7 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht OK, das habe ich gemacht, hat aber nicht funktioniert, denn kurz nach dem Start der Suche erscheint nur die Zeile "Syntaxfehler." -und dann passiert nichts mehr, habe nach 45 min. abgebrochen. Ein echtes Puzzle ... geht da noch was? |
|
06.07.2013, 00:16
| #8 |
| /// Malware-holic | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.07.2013, 08:43
| #9 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht OK, hierzu muß ich noch Kontakt mit einem anderen Nutzer (Familienmitglied) aufnehmen, ich mache die Liste bis spätestens 7.7. fertig. Schon mal DANKE bis hierher! |
|
06.07.2013, 12:58
| #10 |
| /// Malware-holic | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Ok, immer mit der Ruhe.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.07.2013, 13:02
| #11 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hi Markus, also, hier kommt die Liste, ich habe die Kommentare VOR die Programme geschrieben, damit es übersichtlicher ist. Ich habe 2 veraltete Programme gefunden, ein unnötiges und 2 für Treiberinstallationen, von denen ich nicht weiß, wozu sie gebraucht wurden, also unbekannt. Noch ein paar Infos dazu: - notwendig mE = notwendig mit Einschränkung, wird gar nicht oder selten benutzt, könnte man eventuell mal gebrauchen. Betrifft alles von Cyberlink, Sony und Oberon. - Ich habe alle Programme getestet. Die Spiele im Game Park von Oberon, die sich beim Kauf auf der Festplatte befanden, laufen nicht mehr, es erscheint die Meldung in der Game Shell: "Game Launcher funktioniert nicht mehr". Diese Spiele sind "nice to have", aber nicht unbedingt notwendig. - Die Microsoft-Spiele im Ordner Games laufen aber. - Das Programm JAWS 13.0 mit allen Ablegern von Freedom Scientific (markiert mit unnötig *) ist eine Testversion und wurde für einen Freund installiert. Es wird höchstens noch ein paar Wochen benötigt, kann aber falls nötig auch jetzt schon deinstalliert werden. - Im Prinzip kann jedes Programm aus 2012 - 2013 deinstalliert und später bei Bedarf wieder von sicheren Quellen installiert werden, falls das hilft. Ich habe aber auch noch einen Wiederherstellungspunkt (Systemabbild) vom 5.12.2011 auf der Festplatte, falls wir anders nicht weiterkommen. So, nun bin ich gespannt. Ciao! Code:
ATTFilter notwendig 7-Zip 9.20 05.07.2013
unnötig Acrobat.com Adobe Systems Incorporated 10.11.2010 1,60MB 1.6.65
unnötig Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 01.05.2011 6,00MB 10.3.162.28
notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 04.07.2013 6,00MB 11.7.700.224
notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 04.07.2013 6,00MB 11.7.700.224
notwendig Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 08.06.2013 127MB 11.0.03
notwendig Alarm für Cobra 11 - Das Syndikat dtp 18.11.2012 1,88GB
notwendig ASUS AI Recovery ASUS 11.11.2010 2,76MB 1.0.9
notwendig ASUS FancyStart ASUSTeK Computer Inc. 11.11.2010 12,0MB 1.0.8
notwendig ASUS LifeFrame3 ASUS 11.11.2010 27,7MB 3.0.20
notwendig ASUS Live Update ASUS 11.11.2010 2.5.9
notwendig ASUS MultiFrame ASUS 11.11.2010 1.0.0021
notwendig ASUS Power4Gear Hybrid ASUS 11.11.2010 12,2MB 1.1.37
notwendig ASUS SmartLogon ASUS 11.11.2010 10,9MB 1.0.0008
notwendig ASUS Splendid Video Enhancement Technology ASUS 11.11.2010 24,4MB 1.02.0028
notwendig ASUS Video Magic CyberLink Corp. 10.11.2010 11,9MB 6.0.4015
notwendig ASUS Virtual Camera asus 11.11.2010 3,11MB 1.0.19
notwendig ASUS_N3_Series ASUS 11.11.2010 61,7MB 1.0.0001
notwendig ATK Package ASUS 10.11.2010 13,7MB 1.0.0003
notwendig Audiograbber 1.83 SE Audiograbber 20.04.2011 1.83 SE
notwendig Audiograbber MP3-Plugin AG 20.04.2011 1.0
notwendig avast! Free Antivirus AVAST Software 08.06.2013 8.0.1489.0
notwendig Boingo Wi-Fi Boingo Wireless, Inc. 10.11.2010 25,4MB 1.7.0048
notwendig mE Bookworm Deluxe Oberon Media Inc. 11.11.2010
notwendig BrainSpeeder 3.4.102 www.BrainSpeeder.com 17.04.2011 3.4.102
notwendig CCleaner Piriform 19.06.2013 4.03
notwendig Cobra 11 - Burning Wheels (remove only) 30.12.2011
notwendig Cobra 11 - Crash Time (remove only) 25.04.2011
notwendig ControlDeck ASUS 11.11.2010 1,81MB 1.0.7
notwendig mE Cooking Dash Oberon Media Inc. 11.11.2010
notwendig mE CyberLink LabelPrint CyberLink Corp. 10.11.2010 137MB 2.5.1908
notwendig mE CyberLink MediaShow Espresso CyberLink Corp. 10.11.2010 21,6MB 1.1.6904
notwendig mE CyberLink Power2Go CyberLink Corp. 10.11.2010 110MB 6.1.3602c
notwendig mE CyberLink PowerDirector CyberLink Corp. 10.11.2010 614MB 8.0.2609a
notwendig mE CyberLink PowerDVD 9 CyberLink Corp. 10.11.2010 132MB 9.0.3009.50
notwendig mE DVD Architect Studio 5.0 Sony 25.06.2012 250MB 5.0.156
notwendig ETDWare PS/2-x64 7.0.5.12_WHQL ELAN Microelectronics Corp. 11.11.2010 7.0.5.12
notwendig ExpressGate Cloud Asus 11.11.2010 472MB 2.1.62.301
notwendig Fast Boot ASUS 11.11.2010 1,46MB 1.0.5
notwendig Firebird SQL Server - MAGIX Edition MAGIX AG 25.08.2011 10,1MB 2.1.27.0
notwendig Free YouTube to MP3 Converter version 3.12.1.320 DVDVideoSoft Ltd. 05.04.2013 76,1MB 3.12.1.320
unnötig * Freedom Scientific FSReader 2.0 Freedom Scientific 27.10.2012 2.0.1039
unnötig * Freedom Scientific Grafiktreiber Freedom Scientific 09.06.2013 11.0.1090
unnötig * Freedom Scientific JAWS 13.0 Freedom Scientific 09.06.2013 13.0.1081
unnötig * Freedom Scientific Ocr Freedom Scientific 09.06.2013 12.0.089
unnötig * Freedom Scientific Ocr Freedom Scientific 09.06.2013 12.0.089
unnötig * Freedom Scientific Sprechende Installation 13.0 Freedom Scientific 09.06.2013 19,9MB 13.0.1081
unnötig * Freedom Scientific Synthesizer EloquenceFreedom Scientific 09.06.2013 10,9MB 6.1.004
notwendig Fresco Logic USB3.0 Host Controller Fresco Logic Inc. 10.11.2010 3,44MB 3.0.89.14
notwendig mE Governor of Poker Oberon Media Inc. 11.11.2010
notwendig Hercules DJ Products Series drivers Hercules 26.12.2011 4.HDJS.2011
notwendig HL-2130 Brother Industries, Ltd. 26.02.2012 1.0.6.0
notwendig Hotel Dash Suite Success Oberon Media Inc. 11.11.2010
notwendig HUAWEI DataCard Driver 4.20.12.00 Huawei technologies Co., Ltd. 13.10.2012 4.20.12.00
notwendig Hydrogen 0.9.6 preview release hydrogen-music.org 08.06.2013 72,8MB
notwendig Intel(R) Control Center Intel Corporation 08.04.2011 1.2.1.1007
notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 28.04.2011 8.15.10.2131
notwendig Intel(R) Management Engine Components Intel Corporation 25.03.2011 6.0.0.1179
notwendig Intel(R) Turbo Boost Technology Monitor Intel 10.11.2010 1,11MB 1.0.115.11
notwendig mE Jewel Quest 3 Oberon Media Inc. 11.11.2010
notwendig mE Luxor 3 Oberon Media Inc. 11.11.2010
notwendig MAGIX Music Maker silver 15.0.1.9 (UK) MAGIX AG 25.08.2011 15.0.1.9
notwendig mE Mahjongg dimensions Oberon Media Inc. 11.11.2010
unnötig MathGame 3.x 27.04.2011
notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.04.2011 38,8MB 4.0.30319
notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.04.2011 2,93MB 4.0.30319
notwendig Microsoft Games for Windows - LIVE Microsoft Corporation 18.11.2012 7,86MB 3.3.24.0
notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 18.11.2012 32,3MB 3.2.3.0
notwendig Microsoft Office File Validation Add-In Microsoft Corporation 30.09.2011 7,95MB 14.0.5130.5003
notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 22.01.2012 12.0.6612.1000
notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 13.06.2012 508KB 2.0.4024.1
notwendig Microsoft Silverlight Microsoft Corporation 15.03.2013 50,6MB 5.1.20125.0
notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.04.2011 1,72MB 3.1.notwendig0000
notwendig Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 07.04.2011 625KB 1.0.1215.0
notwendig Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 07.04.2011 1,44MB 1.0.1215.0
notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 16.04.2011 252KB 8.0.50727.4053
notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 300KB 8.0.59193
notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 27.10.2012 620KB 8.0.61000
notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 16.04.2011 200KB 9.0.30729.4148
notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Corporation 28.04.2011 598KB 9.0.30729.5570
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.11.2010 596KB 9.0.30729
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.04.2011 594KB 9.0.30729.4148
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 600KB 9.0.30729.6161
notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 11.06.2013 13,8MB 10.0.40219
notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.06.2013 11,1MB 10.0.40219
notwendig Mobile Connection Manager Mobile Connection Manager 13.10.2012 8.7.6.756
notwendig Mozilla Firefox 22.0 (x86 en-US)Mozilla 04.07.2013 46,5MB 22.0
notwendig Mozilla Maintenance Service Mozilla 04.07.2013 333KB 22.0
notwendig MSXML 4.0 SP3 Parser (KB2721691)Microsoft Corporation 02.08.2012 1,53MB 4.30.2114.0
notwendig MSXML 4.0 SP3 Parser (KB2758694)Microsoft Corporation 20.01.2013 1,54MB 4.30.2117.0
notwendig MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 10.11.2010 1,53MB 4.30.2107.0
notwendig Need for Speed™ SHIFT Electronic Arts 13.11.2011 5,19GB 1.0.0.0
notwendig NVIDIA Display Control Panel NVIDIA Corporation 11.11.2010 135MB 6.14.12.5737
notwendig NVIDIA Drivers NVIDIA Corporation 11.11.2010 63,0MB 1.10.61.39
notwendig NVIDIA PhysX NVIDIA Corporation 13.11.2011 120MB 9.09.0720
notwendig mE Plants vs Zombies Oberon Media Inc. 11.11.2010
unbekannt ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 18.11.2012 11.0.0.14
notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.08.2012 6.0.1.6215
notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 10.11.2010 6.1.7600.00049
notwendig Secunia PSI (2.0.0.3003) 27.04.2011
unbekannt Sentinel System Driver Installer 7.5.0 SafeNet, Inc. 27.10.2012 1,26MB 7.5.0
notwendig mE Sound Forge Audio Studio 10.0 Sony 25.06.2012 221MB 10.0.176
notwendig Spybot - Search & Destroy Safer Networking Limited 16.04.2011 1.6.2
notwendig SRS Premium Sound Control Panel SRS Labs, Inc. 30.05.2011 1,80MB 1.8.5900
notwendig USB2.0 UVC 2M WebCam Sonix 11.11.2010 5.8.54000.207
notwendig mE Vegas Movie Studio HD Platinum 11.0 Sony 25.06.2012 297MB 11.0.322
notwendig Virtual DJ - Atomix Productions 26.12.2011
notwendig Windows Live Anmelde-Assistent Microsoft Corporation 14.04.2011 1,93MB 5.000.818.6
notwendig Windows Live Essentials Microsoft Corporation 07.04.2011 14.0.8050.1202
notwendig Windows Live Sync Microsoft Corporation 07.04.2011 2,79MB 14.0.8050.1202
notwendig Windows Live-Uploadtool Microsoft Corporation 07.04.2011 224KB 14.0.8014.1029
notwendig WinFlash ASUS 11.11.2010 836KB 2.30.1
notwendig Wireless Console 3 ASUS 11.11.2010 2,43MB 3.0.15
notwendig mE World of Goo Oberon Media Inc. 11.11.2010
|
|
08.07.2013, 13:24
| #12 |
| /// Malware-holic | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht deinstaliere: Freedom Scientific : alle MathGame Spybot : kann man drauf verzichten, findet kaum noch relevantes Öffne CCleaner, analysieren, starten, pc neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 18:18
| #13 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hi, diese Aufgaben sind erledigt. adwcleaner hatte ich ja schon drauf und auch schon benutzt (siehe oben), er fand jetzt noch eine Datei, siehe log. Ciao Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 19:04:59 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Marvin - MARVIN-ASUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marvin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Marvin\AppData\Local\Temp\Uninstall.exe
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16618
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (en-US)
Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\0qglo99j.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13723 octets] - [04/07/2013 17:20:20]
AdwCleaner[R2].txt - [983 octets] - [04/07/2013 17:33:06]
AdwCleaner[R3].txt - [1042 octets] - [04/07/2013 19:11:45]
AdwCleaner[R4].txt - [1103 octets] - [04/07/2013 23:42:25]
AdwCleaner[R5].txt - [1231 octets] - [08/07/2013 19:01:48]
AdwCleaner[S1].txt - [13897 octets] - [04/07/2013 17:23:27]
AdwCleaner[S2].txt - [1164 octets] - [08/07/2013 19:04:59]
########## EOF - C:\AdwCleaner[S2].txt - [1224 octets] ##########
|
|
08.07.2013, 18:21
| #14 |
| /// Malware-holic | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Hi HitmanPro - Download - Filepony lade bitte Hitmanpro, Doppelklicken, auf Scan klicken. Nichts löschen. Auf weiter klicken Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 19:00
| #15 |
| | Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht Wir haben hiermit nur noch Spuren: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : MARVIN-ASUS-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Marvin-Asus-PC\Marvin
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-07-08 19:40:20
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 48s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 88
Objects scanned . . . : 1.894.286
Files scanned . . . . : 13.762
Remnants scanned . . : 301.050 files / 1.579.474 keys
Cookies _____________________________________________________________________
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:adtech.de
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:adtechus.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:invitemedia.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:pool-eu-ie.creative-serving.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:revsci.net
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:serving-sys.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:smartadserver.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:track.adform.net
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:tribalfusion.com
C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\jbnu8mbo.default\cookies.sqlite:ww251.smartadserver.com
|
|
| Themen zu Win32.Downloader.gen und Conduit Search: Internet Explorer funktioniert nicht |
| anchor.hss, appdatalow, browser, conduit, conduit search, conduitinstaller, dateien, desktop, diverse, explorer, explorer funktioniert nicht, firefox, forum, funktioniert nicht mehr, gelöscht, hijack, home, internet, internet browser, internet explorer, internet explorer funktoniert nicht mehr, löschen, microsoft, ordner, programme, registrierungsdatenbank, schließen, server, software, suche, systemwiederherstellung, temp, update, win32.downloader.gen, windows, öffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
