| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook-Wurm winsvc.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2011, 16:18
| #1 |
 |  Facebook-Wurm winsvc.exe Hallo, nun hats mich leider auch erwischt. Hab nen Wurm abbekommen. Eine Bekannte hat mir einen infizierten USB Stick gegeben und dann hat sich das Ding auch in meinem System eingenistet. Zuerst zu meiner Bekannten. Sie hat ein "Bild" mit der Endung .JPG.src über Facebook bekommen und natürlich ausgeführt. Dieses Ding verschickt automatisch Nachrichten im Chat von Facebook mit einem Link zu eben diesem "Bild". Gut ich hab den USB Stick eingesteckt und hab dann gemerkt, dass alle Ordner am Stick als Verknüpfungen angezeigt wurden. Sobald ein Ordner auf den Stick kopiert wird, erscheint eine Verknüpfung mit dem Namen dieses Ordners und der Ordner selbst wird versteckt. Hab dann gemerkt, dass eine Datei im Verzeichnis "C:\User\Name\M-55-23...\winsvc.exe", versuchte nach außen zu kommunizieren. Habs aber mit ESET geblockt. Der Prozess winsvc.exe lies sich nicht stoppen, hab die Datei dann aber im abgesicherten Modus löschen können. Außerdem wurde noch ein Prozess ausgeführt mit einer Zahlenkombination als Namen: 73899.exe wars glaub ich. Das Ding hab ich auch gelöscht. Dann hab ich noch die winsvc.exe Datei aus dem Run und dem Autostart Ordner gelöscht. Bin ich das Mistding nun los? Ein Prozess läuft noch der mir nicht ganz geheuer ist. Und zwar "srvany.exe" aus dem Verzeichnis "C:\Windows\SysWOW64\". Hab mir die Datei aber mal angesehen, diese wurde aber in letzter Zeit weder erstellt, noch geändert. Zu meinem System: Windows 7 64bit ESET SmartSecurity 64bit mit neuester Signatur Was wurde gemacht: -->73899.exe wurde manuell gelöscht -->ESET Vollständiger Scan: Prüfung: Prüfung der Systemstartdateien Datei: Variante von Win32/AutoRun.IRCBot.HO Wurm Name: Arbeitsspeicher Aktion: Säubern nicht möglich -->winsvc.exe wurde manuell gelöscht -->Autorun Einträge wurden manuell gelöscht -->Malwarebytes durchlaufen lassen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7974
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
18.10.2011 22:07:28
mbam-log-2011-10-18 (22-07-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 907712
Laufzeit: 2 Stunde(n), 22 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\$Recycle.Bin\s-1-5-21-3670495240-2986446667-994052142-1000\$R7B5XPF.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Der hat nix gefunden. -->Temp Dateien gelöscht -->Wiederherstellungsdateien und Schattenkopien gelöscht Kann sich das Ding noch irgendwo verstecken? Schließlich hat der Virenscan die winsvc.exe Datei auch nicht erkannt. Wie soll ich weiter vorgehen? Was mir noch aufgefallen ist, es werden anscheinend irgendwelche Systemanwendungen hergenommen und verändert. Bei mir wars winsvc.exe und bei meiner Bekannten taskmgr.exe. Die waren in untypischen Verzeichnissen, liesen sich nicht stoppen und wollten nach außen kommunizieren. |
|
19.10.2011, 19:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Facebook-Wurm winsvc.exe Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
19.10.2011, 19:29
| #3 |
| | Facebook-Wurm winsvc.exe Ich hab 2 log Dateien.
__________________1.) ist die oben gepostete Datei vom Prüfvorgang 2.) ist ein protection log von gestern, wo ein paar Webseiten die ich besuchen wollte blockiert wurden. Das ist alles. Das System ist übrigens Up to date. |
|
19.10.2011, 19:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Wurm winsvc.exe CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2011, 20:13
| #5 |
| | Facebook-Wurm winsvc.exe Danke für die schnelle Antwort: Code:
ATTFilter OTL logfile created on: 19.10.2011 20:36:07 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.96% Memory free 8.00 Gb Paging File | 6.32 Gb Available in Paging File | 78.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.50 Gb Total Space | 11.80 Gb Free Space | 20.17% Space Free | Partition Type: NTFS Drive D: | 407.17 Gb Total Space | 151.86 Gb Free Space | 37.30% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe PRC - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe ========== Modules (No Company Name) ========== MOD - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe MOD - [2007.10.12 16:21:34 | 000,114,784 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileSDK.dll MOD - [2007.10.12 16:20:10 | 000,098,403 | ---- | M] () -- C:\Windows\SysWOW64\Bs2Res.dll MOD - [2007.07.30 10:32:16 | 016,326,769 | ---- | M] () -- C:\Windows\SysWOW64\BsLangInDepRes.dll MOD - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe MOD - [2006.12.11 18:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\AudioControlDLL.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV:64bit: - [2009.04.21 13:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2007.11.08 01:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2007.04.19 14:42:34 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv) SRV - [2011.10.12 16:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.20 17:41:26 | 000,103,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011.08.20 17:41:04 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011.06.26 20:25:41 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.07 12:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- D:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012) SRV - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- D:\Programme\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV - [2010.03.22 10:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.18 16:12:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- D:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009.10.20 23:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess) SRV - [2009.10.20 15:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2009.10.20 15:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009.10.20 15:21:20 | 000,322,096 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd) SRV - [2009.10.20 15:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService) SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.10.12 16:24:40 | 000,113,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2007.02.21 17:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc) SRV - [2007.02.14 22:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2007.02.14 22:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync) SRV - [2007.02.14 22:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds) SRV - [2007.01.29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2007.01.22 11:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.06.26 20:06:54 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.22 21:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.01 23:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror) DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.28 15:10:40 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2009.12.08 18:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2009.11.16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2009.11.16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2009.11.16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2009.11.16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:64bit: - [2009.10.26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial) DRV:64bit: - [2009.10.20 15:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2009.10.20 15:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2009.10.20 15:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2009.10.20 15:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2009.10.20 15:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2009.10.20 15:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2009.10.20 15:21:04 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2009.09.24 14:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2009.09.24 06:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009.09.15 15:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009.08.26 12:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2009.08.26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.07.26 23:34:58 | 000,744,072 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2009.06.15 11:47:00 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.15 11:47:00 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.13 12:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.01.08 12:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2008.01.19 07:36:14 | 000,036,352 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nscirda.sys -- (NSCIRDA) DRV:64bit: - [2008.01.02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV:64bit: - [2007.07.04 08:30:10 | 000,091,136 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMS7SK.sys -- (EMSCR) DRV:64bit: - [2007.07.04 08:30:08 | 000,060,416 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESD7SK.sys -- (ESDCR) DRV:64bit: - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007.06.20 14:49:34 | 000,053,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2007.04.19 18:50:46 | 001,494,912 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini) DRV:64bit: - [2007.03.05 21:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT) DRV:64bit: - [2007.03.05 21:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007.03.05 21:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV - [2011.10.12 16:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2010.01.29 12:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programme\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2006.05.05 20:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\nvport.sys -- (nvport) DRV - [2006.03.29 09:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 03 CE 7E 02 B0 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6241.3.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60 FF - prefs.js..network.proxy.http: "fe80::f91b:74b0:8320:8ca%11" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: D:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.01 15:07:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 14:47:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.07.22 17:35:17 | 000,000,000 | ---D | M] [2011.03.05 19:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.02.18 01:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions [2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\passwordbank@upek.com [2011.10.16 11:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions [2011.05.28 23:48:05 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2011.09.08 20:48:18 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\passwordbank@upek.com [2011.06.17 23:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.05.30 11:35:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.19 12:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.09 18:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 18:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.06.17 23:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.10.01 15:07:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.03 16:10:26 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2011.10.01 15:07:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 15:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 15:07:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 15:07:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 15:07:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 15:07:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.20 22:39:45 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8:64bit: - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://kfzpeissl.ath.cx/DVRemoteAx.cab (DVRemoteControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0722FEF4-EAE6-4234-BF07-756EEC7C083C}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D2AB92-139A-45DE-A3FF-767482710982}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A12DDF5-95BE-4C3C-A310-2517957949E6}: NameServer = 192.168.1.2 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (Authentec Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell - "" = AutoRun O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell - "" = AutoRun O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell - "" = AutoRun O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell - "" = AutoRun O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell - "" = AutoRun O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BtTray - hkey= - key= - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe () MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: Update Service - hkey= - key= - C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2B1CBF38-887E-BDC9-304A-FA3B52781B9C} - Browser Customizations ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44618CF4-17A7-34C6-372E-3707DC2BDE8C} - Themes Setup ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5479B944-5F40-6B43-80EC-8A42F7C170D9} - Internet Explorer ActiveX:64bit: {58E0EE38-5ED9-95C1-3A99-3B2A75E10BE9} - DirectX ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {76702958-0B2F-BFF7-18BB-FC5386D670CE} - Browser Customizations ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {8DB3E8F4-8D2E-921D-9445-FE2D9FBA8B73} - Browser Customizations ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {37646EEE-DBA0-96B3-FB70-3CDB9FDA12AC} - Internet Explorer ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A5BBC7CA-1CC1-DD1B-323C-A2CD39400104} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.I420 - File not found Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation) Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.19 18:33:17 | 000,000,000 | R--D | C] -- C:\Sandbox [2011.10.19 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2011.10.19 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\SandboxieInstall [2011.10.19 14:51:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.10.19 00:27:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe [2011.10.18 19:26:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.10.18 19:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.18 19:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.18 19:26:33 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.18 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.18 19:25:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.17 22:46:49 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe [2011.10.17 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.10.17 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.10.17 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD [2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyCAD [2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MoTeC [2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC [2011.10.14 20:15:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations [2011.10.13 13:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70 [2011.10.13 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sPlan 7.0 [2011.10.13 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70(Demo) [2011.10.01 01:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera [2011.10.01 01:04:22 | 000,249,856 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe [2011.10.01 01:04:22 | 000,106,496 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe [2011.10.01 01:04:22 | 000,069,632 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCWIA.dll [2011.10.01 01:04:22 | 000,049,152 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkSSrv.dll [2011.10.01 01:04:22 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCSrv.exe [2011.10.01 01:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoView [2011.10.01 01:04:20 | 006,927,744 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\drivers\StkCPipe.sys [2011.10.01 01:04:19 | 001,494,912 | ---- | C] (Syntek) -- C:\Windows\SysNative\drivers\StkCMini.sys [2011.10.01 00:39:45 | 000,081,920 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysWow64\StkCProp.ax [2011.10.01 00:33:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\D-max2.0M [2011.09.26 22:39:25 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\National Instruments [2011.09.26 22:39:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\National Instruments [2011.09.26 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments [2011.09.26 22:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments [2011.09.26 22:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments [2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte [2011.09.21 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Bizarre Creations [2008.08.14 09:21:12 | 000,086,920 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp00014172 ========== Files - Modified Within 30 Days ========== [2011.10.19 20:35:19 | 000,001,820 | ---- | M] () -- C:\Windows\Sandboxie.ini [2011.10.19 20:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.19 19:01:46 | 000,000,664 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.10.19 19:01:29 | 000,000,664 | RHS- | M] () -- C:\Users\****\ntuser.pol [2011.10.19 18:30:53 | 000,000,858 | ---- | M] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk [2011.10.19 17:28:47 | 002,034,741 | ---- | M] () -- C:\Users\****\Desktop\SandboxieInstall.zip [2011.10.19 16:07:16 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 16:07:16 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 16:01:05 | 000,001,038 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini [2011.10.19 15:58:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.10.19 15:58:16 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.10.19 00:27:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe [2011.10.18 19:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.18 19:26:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.18 19:05:25 | 000,000,374 | ---- | M] () -- C:\Windows\DCEBOOT.RST [2011.10.18 19:02:31 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe [2011.10.18 19:02:31 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe [2011.10.18 16:17:14 | 009,311,393 | ---- | M] () -- C:\Users\****\AppData\Local\census.cache [2011.10.18 16:07:38 | 000,155,090 | ---- | M] () -- C:\Users\****\AppData\Local\ars.cache [2011.10.17 22:46:59 | 000,000,036 | ---- | M] () -- C:\Users\****\AppData\Local\housecall.guid.cache [2011.10.17 22:46:51 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe [2011.10.17 21:56:43 | 002,086,240 | ---- | M] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe [2011.10.17 21:41:29 | 002,100,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.17 21:41:29 | 000,876,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.17 21:41:29 | 000,819,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.17 21:41:29 | 000,218,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.17 21:41:29 | 000,185,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.16 22:13:07 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn.autosave [2011.10.16 16:49:06 | 000,009,514 | ---- | M] () -- C:\Users\****\Desktop\Modul.gif [2011.10.15 13:09:25 | 000,000,654 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD.lnk [2011.10.15 13:09:10 | 004,357,917 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe [2011.10.15 12:57:50 | 000,079,872 | ---- | M] () -- C:\Users\****\Desktop\edge.TCLib [2011.10.14 21:50:08 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn [2011.10.14 20:16:38 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk [2011.10.13 13:41:37 | 000,000,612 | ---- | M] () -- C:\Users\****\Desktop\sPlan 7.0.lnk [2011.10.12 02:47:39 | 003,151,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.09 17:44:29 | 000,001,745 | ---- | M] () -- C:\Users\****\Desktop\TU-Racing.lnk [2011.10.09 15:44:41 | 000,603,430 | ---- | M] () -- C:\Users\****\Desktop\09102011188.jpg [2011.10.09 15:38:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2011.10.09 15:37:05 | 000,000,341 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2011.10.09 15:32:40 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2011.10.01 01:10:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\VideoView.lnk [2011.09.26 22:30:30 | 000,000,444 | ---- | M] () -- C:\Users\****\Desktop\multisimLicense.lic [2011.09.26 22:28:05 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND [2011.09.26 15:00:17 | 003,414,749 | ---- | M] () -- C:\Users\****\Desktop\Hirschmann.pdf ========== Files Created - No Company Name ========== [2011.10.19 19:01:11 | 000,000,664 | RHS- | C] () -- C:\Users\****\ntuser.pol [2011.10.19 19:00:08 | 000,000,664 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.10.19 18:31:18 | 000,000,858 | ---- | C] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk [2011.10.19 18:31:16 | 000,001,820 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.10.19 17:28:42 | 002,034,741 | ---- | C] () -- C:\Users\****\Desktop\SandboxieInstall.zip [2011.10.18 19:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.18 19:05:25 | 000,000,374 | ---- | C] () -- C:\Windows\DCEBOOT.RST [2011.10.18 19:02:31 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2011.10.18 19:02:31 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe [2011.10.18 16:17:14 | 009,311,393 | ---- | C] () -- C:\Users\****\AppData\Local\census.cache [2011.10.18 16:07:38 | 000,155,090 | ---- | C] () -- C:\Users\****\AppData\Local\ars.cache [2011.10.17 22:46:59 | 000,000,036 | ---- | C] () -- C:\Users\****\AppData\Local\housecall.guid.cache [2011.10.17 21:56:37 | 002,086,240 | ---- | C] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe [2011.10.16 22:03:07 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn.autosave [2011.10.16 16:47:12 | 000,009,514 | ---- | C] () -- C:\Users\****\Desktop\Modul.gif [2011.10.15 13:10:38 | 000,079,872 | ---- | C] () -- C:\Users\****\Desktop\edge.TCLib [2011.10.15 13:10:38 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn [2011.10.15 13:09:25 | 000,000,654 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD.lnk [2011.10.15 13:09:02 | 004,357,917 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe [2011.10.14 20:16:38 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk [2011.10.13 13:41:37 | 000,000,612 | ---- | C] () -- C:\Users\****\Desktop\sPlan 7.0.lnk [2011.10.13 13:40:36 | 011,173,171 | ---- | C] () -- C:\Users\****\Desktop\Abacom.Splan.v7.0.build.09.05.2011.7z [2011.10.09 15:43:03 | 000,603,430 | ---- | C] () -- C:\Users\****\Desktop\09102011188.jpg [2011.10.01 01:07:11 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\VideoView.lnk [2011.10.01 01:07:10 | 000,000,093 | ---- | C] () -- C:\Windows\OEM.ini [2011.09.26 22:30:30 | 000,000,444 | ---- | C] () -- C:\Users\****\Desktop\multisimLicense.lic [2011.09.26 15:00:17 | 003,414,749 | ---- | C] () -- C:\Users\****\Desktop\Hirschmann.pdf [2011.09.23 01:00:50 | 002,717,416 | ---- | C] () -- C:\Users\****\Desktop\User’s Guide DS1000E.pdf [2011.08.20 17:41:18 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.20 17:41:04 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.15 20:24:27 | 000,000,322 | ---- | C] () -- C:\Windows\game.ini [2011.07.22 13:44:14 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI [2011.07.22 13:17:04 | 001,153,006 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.06.10 18:26:01 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2011.06.04 17:21:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.05.17 00:04:55 | 000,000,063 | ---- | C] () -- C:\Windows\SubCreator.INI [2011.04.08 12:06:00 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.03.30 12:18:46 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2011.01.29 14:36:18 | 000,016,629 | ---- | C] () -- C:\Windows\LxFrame.ini [2011.01.29 14:33:59 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2011.01.29 01:47:38 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2011.01.29 01:36:35 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2011.01.29 01:35:41 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011.01.20 12:54:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.12.31 01:04:16 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe [2010.09.28 11:08:32 | 000,266,165 | ---- | C] () -- C:\Windows\hpwins23.dat [2010.08.07 13:08:56 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt.INI [2010.08.07 12:16:47 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt_x64.INI [2010.08.07 10:10:37 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.07.11 19:24:46 | 000,007,607 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2010.07.03 17:37:25 | 000,012,800 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.21 15:59:54 | 000,000,036 | ---- | C] () -- C:\Windows\TSNPL.dat [2010.05.21 15:59:53 | 000,001,636 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat [2010.05.20 11:25:46 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.05.06 16:47:45 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.04.20 10:00:41 | 002,082,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.02.18 21:23:18 | 000,537,892 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2010.02.18 21:23:18 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2010.02.18 21:17:41 | 000,186,949 | ---- | C] () -- C:\Windows\hpoins21.dat [2010.02.18 16:08:32 | 000,004,839 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI [2010.02.18 16:08:23 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2010.02.18 00:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.02.18 00:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2010.02.18 00:37:51 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2010.02.18 00:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI [2009.11.06 11:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2009.11.05 11:16:36 | 000,083,525 | ---- | C] () -- C:\Windows\hpqins13.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.06 21:40:56 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys [2008.11.26 22:20:02 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2008.11.25 18:46:38 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2008.11.25 18:43:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2008.11.25 18:42:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2008.11.15 20:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll [2008.04.05 19:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll [2008.02.13 11:15:09 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat [2007.10.12 16:24:06 | 000,401,493 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll [2007.10.12 16:23:46 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll [2007.10.12 16:23:24 | 000,569,445 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll [2007.10.12 16:23:16 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll [2007.10.12 16:21:34 | 000,114,784 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll [2007.10.12 16:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll [2007.10.12 16:20:10 | 000,098,403 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll [2007.10.11 18:08:22 | 000,001,038 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini [2007.07.30 10:32:16 | 016,326,769 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll [2007.03.19 11:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll [2005.09.13 05:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll [2004.02.13 07:49:44 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll [2004.01.24 04:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll [2002.07.13 12:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\tsseCryp.dll [2001.12.12 14:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll [2001.12.12 14:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll Mir fällt da nichts auf  |
|
19.10.2011, 20:15
| #6 |
| | Facebook-Wurm winsvc.exe Der ganze log passt leider nicht in einen Post. Hier der Rest: Code:
ATTFilter ========== LOP Check ==========
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.10.01 19:41:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.05.10 08:04:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AccurateRip
[2011.09.15 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2010.05.14 11:16:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2010.02.21 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ArcSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.10.09 19:19:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\codeblocks
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.01.05 02:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX
[2011.06.03 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Download Manager
[2011.03.06 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dvdcss
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.03.30 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HP
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.02.17 20:19:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.02.17 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2010.02.18 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.10.18 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.10.14 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MathWorks
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2010.02.21 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Player Classic
[2011.09.15 12:12:59 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.07.01 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.12.24 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NVIDIA
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.10.19 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.10.19 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.08.05 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2010.07.12 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VMware
[2010.02.18 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011.06.26 20:21:35 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Files - Unicode (All) ==========
[2011.07.22 13:35:56 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011.07.22 13:35:56 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:FB1B13D8
< End of report >
|
|
20.10.2011, 12:37
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Wurm winsvc.exe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 03 CE 7E 02 B0 CA 01 [binary data]
FF - prefs.js..network.proxy.http: "fe80::f91b:74b0:8320:8ca%11"
FF - prefs.js..network.proxy.http_port: 80
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell - "" = AutoRun
O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell - "" = AutoRun
O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell - "" = AutoRun
O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell - "" = AutoRun
O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2008.08.14 09:21:12 | 000,086,920 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp00014172
[2011.10.18 19:05:25 | 000,000,374 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011.10.18 19:02:31 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2011.10.18 19:02:31 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:FB1B13D8
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2011, 13:30
| #8 |
| | Facebook-Wurm winsvc.exe Danke hab ich gemacht! Es kam dann eine Fehlermeldung - Kritischer Fehler - Windows wird in einer Minute neu gestartet... In der "Custom Scan/Fixes" Box stand nur mehr: [emptytemp] [resethosts] Weiß also nicht ob er das noch ausführen konnte. Die 4 Dateien wurden allerdings gelöscht. Nach dem Reboot poppte folgendes auf: Code:
ATTFilter Files\Folders moved on Reboot...
C:\Users\Name\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Wie soll ich weiter vorgehen? Könntest du mir bitte noch erklären was genau dein Skript gemacht hat? Ein paar Dinge kann ich mir glaub ich selbst erklären: Bei den ersten IE und FF Zeilen werden einfach nur die Standardeinstellungen der Browser wiederhergestellt um sicherzugehen, dass keine manipulierten html Seiten als Startseite und eventuelle Proxies eingestellt wurden um meinen Traffic mitzuloggen? FF - prefs.js..network.proxy.http: wird hier die Localhost IPv6 Adresse eingestellt? O4: es wird ein Autoruneintrag gelöscht bei dem das zugehörige File nicht mehr gefunden wird? O32: Die Autorunfunktion des Laufwerks wird deaktiviert? O33: Was machen die? Nächsten 4 Zeilen: Es werden die infizierten Dateien gelöscht? @Alternate Data Stream... Wird eine LogDatei geschrieben? emptytemp: Tempdateien werden gelöscht? resethosts: hostdatei wird zurückgesetzt? Wäre echt super wennst mir das beantworten könntest .mfg |
|
20.10.2011, 13:47
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Wurm winsvc.exe Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten Mach danach bitte ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2011, 13:54
| #10 |
| | Facebook-Wurm winsvc.exe Habs hochgeladen, werde nun OTL durchlaufen lassen. |
|
20.10.2011, 14:21
| #11 |
| | Facebook-Wurm winsvc.exe So hab jetzt OTL durchlaufen lassen: Code:
ATTFilter OTL logfile created on: 20.10.2011 14:55:14 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.50% Memory free 8.00 Gb Paging File | 6.54 Gb Available in Paging File | 81.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.50 Gb Total Space | 12.32 Gb Free Space | 21.07% Space Free | Partition Type: NTFS Drive D: | 407.17 Gb Total Space | 150.08 Gb Free Space | 36.86% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe PRC - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe ========== Modules (No Company Name) ========== MOD - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe MOD - [2007.10.12 16:21:34 | 000,114,784 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileSDK.dll MOD - [2007.10.12 16:20:10 | 000,098,403 | ---- | M] () -- C:\Windows\SysWOW64\Bs2Res.dll MOD - [2007.07.30 10:32:16 | 016,326,769 | ---- | M] () -- C:\Windows\SysWOW64\BsLangInDepRes.dll MOD - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe MOD - [2006.12.11 18:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\AudioControlDLL.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV:64bit: - [2009.04.21 13:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2007.11.08 01:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2007.04.19 14:42:34 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv) SRV - [2011.10.12 16:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.20 17:41:26 | 000,103,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011.08.20 17:41:04 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011.06.26 20:25:41 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.07 12:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- D:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012) SRV - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- D:\Programme\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV - [2010.03.22 10:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.18 16:12:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- D:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009.10.20 23:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess) SRV - [2009.10.20 15:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2009.10.20 15:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009.10.20 15:21:20 | 000,322,096 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd) SRV - [2009.10.20 15:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService) SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.10.12 16:24:40 | 000,113,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2007.02.21 17:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc) SRV - [2007.02.14 22:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2007.02.14 22:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync) SRV - [2007.02.14 22:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds) SRV - [2007.01.29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2007.01.22 11:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.06.26 20:06:54 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.22 21:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.01 23:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror) DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.28 15:10:40 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2009.12.08 18:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2009.11.16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2009.11.16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2009.11.16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2009.11.16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:64bit: - [2009.10.26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial) DRV:64bit: - [2009.10.20 15:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2009.10.20 15:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2009.10.20 15:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2009.10.20 15:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2009.10.20 15:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2009.10.20 15:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2009.10.20 15:21:04 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2009.09.24 14:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2009.09.24 06:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009.09.15 15:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009.08.26 12:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2009.08.26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.07.26 23:34:58 | 000,744,072 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2009.06.15 11:47:00 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.15 11:47:00 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.13 12:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.01.08 12:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2008.01.19 07:36:14 | 000,036,352 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nscirda.sys -- (NSCIRDA) DRV:64bit: - [2008.01.02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV:64bit: - [2007.07.04 08:30:10 | 000,091,136 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMS7SK.sys -- (EMSCR) DRV:64bit: - [2007.07.04 08:30:08 | 000,060,416 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESD7SK.sys -- (ESDCR) DRV:64bit: - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007.06.20 14:49:34 | 000,053,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2007.04.19 18:50:46 | 001,494,912 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini) DRV:64bit: - [2007.03.05 21:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT) DRV:64bit: - [2007.03.05 21:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007.03.05 21:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV - [2011.10.12 16:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2010.01.29 12:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programme\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2006.05.05 20:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\nvport.sys -- (nvport) DRV - [2006.03.29 09:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6241.3.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: D:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.01 15:07:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 14:47:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.07.22 17:35:17 | 000,000,000 | ---D | M] [2011.03.05 19:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.02.18 01:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions [2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\passwordbank@upek.com [2011.10.16 11:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions [2011.05.28 23:48:05 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2011.09.08 20:48:18 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\passwordbank@upek.com [2011.06.17 23:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.05.30 11:35:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.19 12:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.09 18:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 18:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.06.17 23:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.10.01 15:07:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.03 16:10:26 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2011.10.01 15:07:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 15:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 15:07:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 15:07:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 15:07:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 15:07:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.20 22:39:45 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8:64bit: - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://kfzpeissl.ath.cx/DVRemoteAx.cab (DVRemoteControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0722FEF4-EAE6-4234-BF07-756EEC7C083C}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D2AB92-139A-45DE-A3FF-767482710982}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A12DDF5-95BE-4C3C-A310-2517957949E6}: NameServer = 192.168.1.2 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (Authentec Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BtTray - hkey= - key= - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe () MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: Update Service - hkey= - key= - C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2B1CBF38-887E-BDC9-304A-FA3B52781B9C} - Browser Customizations ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44618CF4-17A7-34C6-372E-3707DC2BDE8C} - Themes Setup ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5479B944-5F40-6B43-80EC-8A42F7C170D9} - Internet Explorer ActiveX:64bit: {58E0EE38-5ED9-95C1-3A99-3B2A75E10BE9} - DirectX ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {76702958-0B2F-BFF7-18BB-FC5386D670CE} - Browser Customizations ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {8DB3E8F4-8D2E-921D-9445-FE2D9FBA8B73} - Browser Customizations ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {37646EEE-DBA0-96B3-FB70-3CDB9FDA12AC} - Internet Explorer ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A5BBC7CA-1CC1-DD1B-323C-A2CD39400104} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.I420 - File not found Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation) Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.20 14:37:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.10.20 14:10:24 | 000,000,000 | ---D | C] -- C:\_OTL [2011.10.19 18:33:17 | 000,000,000 | R--D | C] -- C:\Sandbox [2011.10.19 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2011.10.19 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\SandboxieInstall [2011.10.19 14:51:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.10.19 00:27:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe [2011.10.18 19:26:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.10.18 19:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.18 19:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.18 19:26:33 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.18 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.18 19:25:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.17 22:46:49 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe [2011.10.17 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.10.17 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.10.17 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD [2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyCAD [2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MoTeC [2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC [2011.10.14 20:15:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations [2011.10.13 13:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70 [2011.10.13 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sPlan 7.0 [2011.10.13 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70(Demo) [2011.10.01 01:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera [2011.10.01 01:04:22 | 000,249,856 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe [2011.10.01 01:04:22 | 000,106,496 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe [2011.10.01 01:04:22 | 000,069,632 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCWIA.dll [2011.10.01 01:04:22 | 000,049,152 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkSSrv.dll [2011.10.01 01:04:22 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCSrv.exe [2011.10.01 01:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoView [2011.10.01 01:04:20 | 006,927,744 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\drivers\StkCPipe.sys [2011.10.01 01:04:19 | 001,494,912 | ---- | C] (Syntek) -- C:\Windows\SysNative\drivers\StkCMini.sys [2011.10.01 00:39:45 | 000,081,920 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysWow64\StkCProp.ax [2011.10.01 00:33:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\D-max2.0M [2011.09.26 22:39:25 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\National Instruments [2011.09.26 22:39:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\National Instruments [2011.09.26 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments [2011.09.26 22:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments [2011.09.26 22:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments [2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte [2011.09.21 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Bizarre Creations ========== Files - Modified Within 30 Days ========== [2011.10.20 14:20:11 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.20 14:20:11 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.20 14:14:53 | 000,001,038 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini [2011.10.20 14:12:39 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.10.20 14:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.20 14:12:22 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2011.10.20 00:38:13 | 000,001,820 | ---- | M] () -- C:\Windows\Sandboxie.ini [2011.10.19 19:01:46 | 000,000,664 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.10.19 19:01:29 | 000,000,664 | RHS- | M] () -- C:\Users\****\ntuser.pol [2011.10.19 18:30:53 | 000,000,858 | ---- | M] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk [2011.10.19 17:28:47 | 002,034,741 | ---- | M] () -- C:\Users\****\Desktop\SandboxieInstall.zip [2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.10.19 00:27:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe [2011.10.18 19:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.18 19:26:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.18 16:17:14 | 009,311,393 | ---- | M] () -- C:\Users\****\AppData\Local\census.cache [2011.10.18 16:07:38 | 000,155,090 | ---- | M] () -- C:\Users\****\AppData\Local\ars.cache [2011.10.17 22:46:59 | 000,000,036 | ---- | M] () -- C:\Users\****\AppData\Local\housecall.guid.cache [2011.10.17 22:46:51 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe [2011.10.17 21:56:43 | 002,086,240 | ---- | M] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe [2011.10.17 21:41:29 | 002,100,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.17 21:41:29 | 000,876,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.17 21:41:29 | 000,819,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.17 21:41:29 | 000,218,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.17 21:41:29 | 000,185,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.16 22:13:07 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn.autosave [2011.10.16 16:49:06 | 000,009,514 | ---- | M] () -- C:\Users\****\Desktop\Modul.gif [2011.10.15 13:09:25 | 000,000,654 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD.lnk [2011.10.15 13:09:10 | 004,357,917 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe [2011.10.15 12:57:50 | 000,079,872 | ---- | M] () -- C:\Users\****\Desktop\edge.TCLib [2011.10.14 21:50:08 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn [2011.10.14 20:16:38 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk [2011.10.13 13:41:37 | 000,000,612 | ---- | M] () -- C:\Users\****\Desktop\sPlan 7.0.lnk [2011.10.12 02:47:39 | 003,151,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.09 15:44:41 | 000,603,430 | ---- | M] () -- C:\Users\****\Desktop\09102011188.jpg [2011.10.09 15:38:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2011.10.09 15:37:05 | 000,000,341 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2011.10.09 15:32:40 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2011.10.01 01:10:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\VideoView.lnk [2011.09.26 22:28:05 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND [2011.09.26 15:00:17 | 003,414,749 | ---- | M] () -- C:\Users\****\Desktop\Hirschmann.pdf ========== Files Created - No Company Name ========== [2011.10.19 19:01:11 | 000,000,664 | RHS- | C] () -- C:\Users\****\ntuser.pol [2011.10.19 19:00:08 | 000,000,664 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.10.19 18:31:18 | 000,000,858 | ---- | C] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk [2011.10.19 18:31:16 | 000,001,820 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.10.19 17:28:42 | 002,034,741 | ---- | C] () -- C:\Users\****\Desktop\SandboxieInstall.zip [2011.10.18 19:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.18 16:17:14 | 009,311,393 | ---- | C] () -- C:\Users\****\AppData\Local\census.cache [2011.10.18 16:07:38 | 000,155,090 | ---- | C] () -- C:\Users\****\AppData\Local\ars.cache [2011.10.17 22:46:59 | 000,000,036 | ---- | C] () -- C:\Users\****\AppData\Local\housecall.guid.cache [2011.10.17 21:56:37 | 002,086,240 | ---- | C] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe [2011.10.16 22:03:07 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn.autosave [2011.10.16 16:47:12 | 000,009,514 | ---- | C] () -- C:\Users\****\Desktop\Modul.gif [2011.10.15 13:10:38 | 000,079,872 | ---- | C] () -- C:\Users\****\Desktop\edge.TCLib [2011.10.15 13:10:38 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn [2011.10.15 13:09:25 | 000,000,654 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD.lnk [2011.10.15 13:09:02 | 004,357,917 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe [2011.10.14 20:16:38 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk [2011.10.13 13:41:37 | 000,000,612 | ---- | C] () -- C:\Users\****\Desktop\sPlan 7.0.lnk [2011.10.13 13:40:36 | 011,173,171 | ---- | C] () -- C:\Users\****\Desktop\Abacom.Splan.v7.0.build.09.05.2011.7z [2011.10.09 15:43:03 | 000,603,430 | ---- | C] () -- C:\Users\****\Desktop\09102011188.jpg [2011.10.01 01:07:11 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\VideoView.lnk [2011.10.01 01:07:10 | 000,000,093 | ---- | C] () -- C:\Windows\OEM.ini [2011.09.26 15:00:17 | 003,414,749 | ---- | C] () -- C:\Users\****\Desktop\Hirschmann.pdf [2011.09.23 01:00:50 | 002,717,416 | ---- | C] () -- C:\Users\****\Desktop\User’s Guide DS1000E.pdf [2011.08.20 17:41:18 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.20 17:41:04 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.15 20:24:27 | 000,000,322 | ---- | C] () -- C:\Windows\game.ini [2011.07.22 13:44:14 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI [2011.07.22 13:17:04 | 001,153,006 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.06.10 18:26:01 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2011.06.04 17:21:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.05.17 00:04:55 | 000,000,063 | ---- | C] () -- C:\Windows\SubCreator.INI [2011.04.08 12:06:00 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.03.30 12:18:46 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2011.01.29 14:36:18 | 000,016,629 | ---- | C] () -- C:\Windows\LxFrame.ini [2011.01.29 14:33:59 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2011.01.29 01:47:38 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2011.01.29 01:36:35 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2011.01.29 01:35:41 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011.01.20 12:54:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.12.31 01:04:16 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe [2010.09.28 11:08:32 | 000,266,165 | ---- | C] () -- C:\Windows\hpwins23.dat [2010.08.07 13:08:56 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt.INI [2010.08.07 12:16:47 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt_x64.INI [2010.08.07 10:10:37 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.07.11 19:24:46 | 000,007,607 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2010.07.03 17:37:25 | 000,012,800 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.21 15:59:54 | 000,000,036 | ---- | C] () -- C:\Windows\TSNPL.dat [2010.05.21 15:59:53 | 000,001,636 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat [2010.05.20 11:25:46 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.05.06 16:47:45 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.04.20 10:00:41 | 002,082,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.02.18 21:23:18 | 000,537,892 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2010.02.18 21:23:18 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2010.02.18 21:17:41 | 000,186,949 | ---- | C] () -- C:\Windows\hpoins21.dat [2010.02.18 16:08:32 | 000,004,839 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI [2010.02.18 16:08:23 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2010.02.18 00:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.02.18 00:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2010.02.18 00:37:51 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2010.02.18 00:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI [2009.11.06 11:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2009.11.05 11:16:36 | 000,083,525 | ---- | C] () -- C:\Windows\hpqins13.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.06 21:40:56 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys [2008.11.26 22:20:02 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2008.11.25 18:46:38 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2008.11.25 18:43:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2008.11.25 18:42:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2008.11.15 20:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll [2008.04.05 19:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll [2008.02.13 11:15:09 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat [2007.10.12 16:24:06 | 000,401,493 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll [2007.10.12 16:23:46 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll [2007.10.12 16:23:24 | 000,569,445 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll [2007.10.12 16:23:16 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll [2007.10.12 16:21:34 | 000,114,784 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll [2007.10.12 16:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll [2007.10.12 16:20:10 | 000,098,403 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll [2007.10.11 18:08:22 | 000,001,038 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini [2007.07.30 10:32:16 | 016,326,769 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll [2007.03.19 11:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll [2005.09.13 05:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll [2004.02.13 07:49:44 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll [2004.01.24 04:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll [2002.07.13 12:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\tsseCryp.dll [2001.12.12 14:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll [2001.12.12 14:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll |
|
20.10.2011, 14:23
| #12 |
| | Facebook-Wurm winsvc.exe Und Teil 2: Code:
ATTFilter ========== LOP Check ==========
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.10.01 19:41:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.05.10 08:04:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AccurateRip
[2011.09.15 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2010.05.14 11:16:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2010.02.21 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ArcSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.10.09 19:19:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\codeblocks
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.01.05 02:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX
[2011.06.03 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Download Manager
[2011.03.06 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dvdcss
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.03.30 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HP
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.02.17 20:19:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.02.17 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2010.02.18 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.10.18 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.10.14 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MathWorks
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2010.02.21 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Player Classic
[2011.09.15 12:12:59 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.07.01 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.12.24 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NVIDIA
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.10.19 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.10.19 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.08.05 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2010.07.12 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VMware
[2010.02.18 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011.06.26 20:21:35 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Files - Unicode (All) ==========
[2011.07.22 13:35:56 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011.07.22 13:35:56 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
< End of report >
|
|
20.10.2011, 14:47
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Wurm winsvc.exe Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2011, 15:01
| #14 |
| | Facebook-Wurm winsvc.exe Hier der Log: Code:
ATTFilter 15:51:27.0510 2772 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
15:51:29.0511 2772 ============================================================
15:51:29.0511 2772 Current date / time: 2011/10/20 15:51:29.0511
15:51:29.0512 2772 SystemInfo:
15:51:29.0512 2772
15:51:29.0512 2772 OS Version: 6.1.7601 ServicePack: 1.0
15:51:29.0512 2772 Product type: Workstation
15:51:29.0512 2772 ComputerName: ****-PC
15:51:29.0512 2772 UserName: ****
15:51:29.0512 2772 Windows directory: C:\Windows
15:51:29.0512 2772 System windows directory: C:\Windows
15:51:29.0512 2772 Running under WOW64
15:51:29.0512 2772 Processor architecture: Intel x64
15:51:29.0512 2772 Number of processors: 2
15:51:29.0512 2772 Page size: 0x1000
15:51:29.0512 2772 Boot type: Normal boot
15:51:29.0512 2772 ============================================================
15:51:30.0813 2772 Initialize success
15:52:23.0385 1212 ============================================================
15:52:23.0385 1212 Scan started
15:52:23.0385 1212 Mode: Manual; SigCheck; TDLFS;
15:52:23.0385 1212 ============================================================
15:52:24.0508 1212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:52:24.0633 1212 1394ohci - ok
15:52:24.0664 1212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:52:24.0680 1212 ACPI - ok
15:52:24.0727 1212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:52:24.0820 1212 AcpiPmi - ok
15:52:24.0930 1212 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
15:52:24.0976 1212 adfs - ok
15:52:25.0039 1212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:25.0086 1212 adp94xx - ok
15:52:25.0304 1212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:52:25.0351 1212 adpahci - ok
15:52:25.0366 1212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:52:25.0398 1212 adpu320 - ok
15:52:25.0444 1212 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:52:25.0522 1212 AFD - ok
15:52:25.0632 1212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:52:25.0663 1212 agp440 - ok
15:52:25.0710 1212 aksdf (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys
15:52:25.0772 1212 aksdf - ok
15:52:25.0803 1212 aksfridge (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\drivers\aksfridge.sys
15:52:25.0850 1212 aksfridge - ok
15:52:25.0959 1212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:52:25.0990 1212 aliide - ok
15:52:26.0006 1212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:52:26.0022 1212 amdide - ok
15:52:26.0053 1212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:52:26.0115 1212 AmdK8 - ok
15:52:26.0131 1212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:52:26.0162 1212 AmdPPM - ok
15:52:26.0209 1212 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:52:26.0209 1212 amdsata - ok
15:52:26.0287 1212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:26.0318 1212 amdsbs - ok
15:52:26.0349 1212 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:52:26.0365 1212 amdxata - ok
15:52:26.0427 1212 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
15:52:26.0443 1212 AnyDVD - ok
15:52:26.0552 1212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:52:26.0614 1212 AppID - ok
15:52:26.0677 1212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:52:26.0692 1212 arc - ok
15:52:26.0708 1212 archlp - ok
15:52:26.0724 1212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:52:26.0739 1212 arcsas - ok
15:52:26.0817 1212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:26.0989 1212 AsyncMac - ok
15:52:27.0082 1212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:52:27.0114 1212 atapi - ok
15:52:27.0207 1212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:27.0270 1212 b06bdrv - ok
15:52:27.0348 1212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:27.0410 1212 b57nd60a - ok
15:52:27.0457 1212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:52:27.0504 1212 Beep - ok
15:52:27.0550 1212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:27.0597 1212 blbdrive - ok
15:52:27.0722 1212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:52:27.0784 1212 bowser - ok
15:52:27.0800 1212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:27.0862 1212 BrFiltLo - ok
15:52:27.0878 1212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:27.0894 1212 BrFiltUp - ok
15:52:27.0972 1212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:52:28.0034 1212 Brserid - ok
15:52:28.0081 1212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:28.0128 1212 BrSerWdm - ok
15:52:28.0143 1212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:28.0190 1212 BrUsbMdm - ok
15:52:28.0221 1212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:28.0237 1212 BrUsbSer - ok
15:52:28.0346 1212 BT (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys
15:52:28.0377 1212 BT - ok
15:52:28.0408 1212 Btcsrusb (7c5893ea5aa483e051b8311bdb36e19a) C:\Windows\system32\Drivers\btcusb.sys
15:52:28.0408 1212 Btcsrusb - ok
15:52:28.0471 1212 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:52:28.0518 1212 BthEnum - ok
15:52:28.0611 1212 BtHidBus (88b11d73cc023274e590fbc3565ae519) C:\Windows\system32\Drivers\BtHidBus.sys
15:52:28.0627 1212 BtHidBus - ok
15:52:28.0658 1212 BTHidEnum (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys
15:52:28.0674 1212 BTHidEnum - ok
15:52:28.0689 1212 BTHidMgr (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys
15:52:28.0705 1212 BTHidMgr - ok
15:52:28.0736 1212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:28.0767 1212 BTHMODEM - ok
15:52:28.0861 1212 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:52:28.0923 1212 BthPan - ok
15:52:28.0986 1212 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:52:29.0032 1212 BTHPORT - ok
15:52:29.0142 1212 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:52:29.0188 1212 BTHUSB - ok
15:52:29.0235 1212 btnetBUs (23ef863df7e0b3185b60ec71c2b291a7) C:\Windows\system32\Drivers\btnetBus.sys
15:52:29.0282 1212 btnetBUs - ok
15:52:29.0313 1212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:29.0360 1212 cdfs - ok
15:52:29.0469 1212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:29.0516 1212 cdrom - ok
15:52:29.0578 1212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:52:29.0625 1212 circlass - ok
15:52:29.0656 1212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:52:29.0688 1212 CLFS - ok
15:52:29.0766 1212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:29.0828 1212 CmBatt - ok
15:52:29.0844 1212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:52:29.0859 1212 cmdide - ok
15:52:29.0906 1212 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:52:29.0937 1212 CNG - ok
15:52:30.0015 1212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:30.0046 1212 Compbatt - ok
15:52:30.0093 1212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:52:30.0124 1212 CompositeBus - ok
15:52:30.0156 1212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:30.0171 1212 crcdisk - ok
15:52:30.0234 1212 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:52:30.0312 1212 CSC - ok
15:52:30.0421 1212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:52:30.0499 1212 DfsC - ok
15:52:30.0546 1212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:52:30.0624 1212 discache - ok
15:52:30.0655 1212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:52:30.0655 1212 Disk - ok
15:52:30.0780 1212 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:52:30.0826 1212 Dot4 - ok
15:52:30.0858 1212 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:52:30.0904 1212 Dot4Print - ok
15:52:30.0920 1212 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:52:30.0951 1212 dot4usb - ok
15:52:30.0982 1212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:52:31.0045 1212 drmkaud - ok
15:52:31.0154 1212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:31.0201 1212 DXGKrnl - ok
15:52:31.0232 1212 eamon (85e3ed13ec107a20d9b018328e0c9737) C:\Windows\system32\DRIVERS\eamon.sys
15:52:31.0248 1212 eamon - ok
15:52:31.0357 1212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:31.0419 1212 ebdrv - ok
15:52:31.0528 1212 ehdrv (518fb66d5e21b2c246f96c1d9153cadc) C:\Windows\system32\DRIVERS\ehdrv.sys
15:52:31.0544 1212 ehdrv - ok
15:52:31.0638 1212 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:52:31.0669 1212 ElbyCDIO - ok
15:52:31.0700 1212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:31.0716 1212 elxstor - ok
15:52:31.0794 1212 EMSCR (2327e9bc434279674dfa93977fc5f3b3) C:\Windows\system32\DRIVERS\EMS7SK.sys
15:52:31.0856 1212 EMSCR - ok
15:52:31.0887 1212 epfw (99698ff43533c0fdc75967d48001c25f) C:\Windows\system32\DRIVERS\epfw.sys
15:52:31.0903 1212 epfw - ok
15:52:31.0950 1212 Epfwndis (be1f150790123e1077cf95990394339d) C:\Windows\system32\DRIVERS\Epfwndis.sys
15:52:31.0965 1212 Epfwndis - ok
15:52:32.0059 1212 epfwwfp (6eb1d07c86913ad53ec5afa67b9453fd) C:\Windows\system32\DRIVERS\epfwwfp.sys
15:52:32.0074 1212 epfwwfp - ok
15:52:32.0106 1212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:52:32.0168 1212 ErrDev - ok
15:52:32.0215 1212 ESDCR (c58d23711057d7e643fcc8428f60f133) C:\Windows\system32\DRIVERS\ESD7SK.sys
15:52:32.0277 1212 ESDCR - ok
15:52:32.0371 1212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:32.0449 1212 exfat - ok
15:52:32.0527 1212 Ext2Fsd (77541bb9ea03008ff40035f2d3ef114e) C:\Windows\system32\drivers\Ext2Fsd.sys
15:52:32.0558 1212 Ext2Fsd - ok
15:52:32.0652 1212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:32.0730 1212 fastfat - ok
15:52:32.0761 1212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:32.0776 1212 fdc - ok
15:52:32.0808 1212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:32.0808 1212 FileInfo - ok
15:52:32.0823 1212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:32.0854 1212 Filetrace - ok
15:52:32.0964 1212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:33.0010 1212 flpydisk - ok
15:52:33.0042 1212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:52:33.0057 1212 FltMgr - ok
15:52:33.0073 1212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:33.0088 1212 FsDepends - ok
15:52:33.0104 1212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:33.0120 1212 Fs_Rec - ok
15:52:33.0166 1212 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
15:52:33.0182 1212 FTDIBUS - ok
15:52:33.0260 1212 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
15:52:33.0276 1212 FTSER2K - ok
15:52:33.0322 1212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:33.0369 1212 fvevol - ok
15:52:33.0385 1212 FXDrv32 - ok
15:52:33.0400 1212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:33.0416 1212 gagp30kx - ok
15:52:33.0525 1212 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
15:52:33.0588 1212 hardlock - ok
15:52:33.0634 1212 hcmon (edb09f2df76c352b7af56d0b473049d6) C:\Windows\system32\drivers\hcmon.sys
15:52:33.0650 1212 hcmon - ok
15:52:33.0666 1212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:33.0697 1212 hcw85cir - ok
15:52:33.0759 1212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:52:33.0822 1212 HdAudAddService - ok
15:52:33.0915 1212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:52:33.0978 1212 HDAudBus - ok
15:52:34.0009 1212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:34.0040 1212 HidBatt - ok
15:52:34.0056 1212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:34.0087 1212 HidBth - ok
15:52:34.0118 1212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:34.0149 1212 HidIr - ok
15:52:34.0258 1212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:34.0290 1212 HidUsb - ok
15:52:34.0336 1212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:52:34.0336 1212 HpSAMD - ok
15:52:34.0399 1212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:52:34.0492 1212 HTTP - ok
15:52:34.0586 1212 hwdatacard (4b5c07db91a0099272faae732e1152bd) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:52:34.0633 1212 hwdatacard - ok
15:52:34.0664 1212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:52:34.0680 1212 hwpolicy - ok
15:52:34.0726 1212 hwusbdev (230c041af8df1d2308c3ac5146e3ff4f) C:\Windows\system32\DRIVERS\ewusbdev.sys
15:52:34.0758 1212 hwusbdev ( UnsignedFile.Multi.Generic ) - warning
15:52:34.0758 1212 hwusbdev - detected UnsignedFile.Multi.Generic (1)
15:52:34.0851 1212 hwusbfake (1f24cf1f7db6d4461ac65a86db8e4bc2) C:\Windows\system32\DRIVERS\ewusbfake.sys
15:52:34.0898 1212 hwusbfake - ok
15:52:34.0945 1212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:52:34.0960 1212 i8042prt - ok
15:52:35.0023 1212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:52:35.0054 1212 iaStorV - ok
15:52:35.0163 1212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:35.0194 1212 iirsp - ok
15:52:35.0272 1212 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
15:52:35.0335 1212 IntcAzAudAddService - ok
15:52:35.0428 1212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:52:35.0460 1212 intelide - ok
15:52:35.0475 1212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:35.0522 1212 intelppm - ok
15:52:35.0569 1212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:35.0616 1212 IpFilterDriver - ok
15:52:35.0647 1212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:52:35.0662 1212 IPMIDRV - ok
15:52:35.0756 1212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:35.0850 1212 IPNAT - ok
15:52:35.0881 1212 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
15:52:35.0974 1212 irda - ok
15:52:36.0052 1212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:36.0099 1212 IRENUM - ok
15:52:36.0177 1212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:52:36.0208 1212 isapnp - ok
15:52:36.0224 1212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:52:36.0240 1212 iScsiPrt - ok
15:52:36.0333 1212 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) D:\Programme\UltraISO\drivers\ISODrv64.sys
15:52:36.0364 1212 ISODrive - ok
15:52:36.0442 1212 itecir (7fd00dc971ab5f8f878587e90ed111c8) C:\Windows\system32\DRIVERS\itecir.sys
15:52:36.0505 1212 itecir - ok
15:52:36.0536 1212 IvtBtBUs (70ebda3ed637b0212450c5542edd11a7) C:\Windows\system32\Drivers\IvtBtBus.sys
15:52:36.0552 1212 IvtBtBUs - ok
15:52:36.0598 1212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:36.0614 1212 kbdclass - ok
15:52:36.0630 1212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:36.0661 1212 kbdhid - ok
15:52:36.0801 1212 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:52:36.0832 1212 KSecDD - ok
15:52:36.0864 1212 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:36.0910 1212 KSecPkg - ok
15:52:36.0926 1212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:36.0973 1212 ksthunk - ok
15:52:37.0144 1212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:37.0207 1212 lltdio - ok
15:52:37.0238 1212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:37.0254 1212 LSI_FC - ok
15:52:37.0269 1212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:37.0285 1212 LSI_SAS - ok
15:52:37.0300 1212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:37.0300 1212 LSI_SAS2 - ok
15:52:37.0316 1212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:37.0332 1212 LSI_SCSI - ok
15:52:37.0347 1212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:37.0378 1212 luafv - ok
15:52:37.0503 1212 LUMDriver (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
15:52:37.0534 1212 LUMDriver - ok
15:52:37.0550 1212 massfilter - ok
15:52:37.0612 1212 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
15:52:37.0644 1212 MBAMProtector - ok
15:52:37.0675 1212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:37.0690 1212 megasas - ok
15:52:37.0706 1212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:37.0722 1212 MegaSR - ok
15:52:37.0878 1212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:37.0940 1212 Modem - ok
15:52:37.0971 1212 MODEMCSA (e38aef079cd3bcfa19f2072a214f829d) C:\Windows\system32\drivers\MODEMCSA.sys
15:52:38.0002 1212 MODEMCSA - ok
15:52:38.0034 1212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:38.0049 1212 monitor - ok
15:52:38.0127 1212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:38.0158 1212 mouclass - ok
15:52:38.0190 1212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:38.0221 1212 mouhid - ok
15:52:38.0268 1212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:52:38.0299 1212 mountmgr - ok
15:52:38.0330 1212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:52:38.0377 1212 mpio - ok
15:52:38.0408 1212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:52:38.0439 1212 mpsdrv - ok
15:52:38.0533 1212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:52:38.0595 1212 MRxDAV - ok
15:52:38.0626 1212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:38.0689 1212 mrxsmb - ok
15:52:38.0720 1212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:38.0751 1212 mrxsmb10 - ok
15:52:38.0767 1212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:38.0782 1212 mrxsmb20 - ok
15:52:38.0876 1212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:52:38.0907 1212 msahci - ok
15:52:38.0938 1212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:52:38.0954 1212 msdsm - ok
15:52:38.0985 1212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:52:39.0032 1212 Msfs - ok
15:52:39.0048 1212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:52:39.0094 1212 mshidkmdf - ok
15:52:39.0126 1212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:52:39.0141 1212 msisadrv - ok
15:52:39.0219 1212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:39.0297 1212 MSKSSRV - ok
15:52:39.0313 1212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:39.0360 1212 MSPCLOCK - ok
15:52:39.0375 1212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:52:39.0484 1212 MSPQM - ok
15:52:39.0531 1212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:52:39.0547 1212 MsRPC - ok
15:52:39.0578 1212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:52:39.0594 1212 mssmbios - ok
15:52:39.0765 1212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:52:39.0843 1212 MSTEE - ok
15:52:39.0874 1212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:39.0921 1212 MTConfig - ok
15:52:39.0952 1212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:52:39.0968 1212 Mup - ok
15:52:40.0077 1212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:40.0124 1212 NativeWifiP - ok
15:52:40.0202 1212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:52:40.0249 1212 NDIS - ok
15:52:40.0327 1212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:40.0420 1212 NdisCap - ok
15:52:40.0545 1212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:40.0639 1212 NdisTapi - ok
15:52:40.0670 1212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:40.0748 1212 Ndisuio - ok
15:52:40.0795 1212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:40.0842 1212 NdisWan - ok
15:52:40.0935 1212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:52:41.0013 1212 NDProxy - ok
15:52:41.0076 1212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:52:41.0138 1212 NetBIOS - ok
15:52:41.0185 1212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:52:41.0232 1212 NetBT - ok
15:52:41.0450 1212 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:52:41.0559 1212 netw5v64 - ok
15:52:41.0653 1212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:41.0684 1212 nfrd960 - ok
15:52:41.0762 1212 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
15:52:41.0824 1212 nmwcd - ok
15:52:41.0949 1212 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
15:52:41.0996 1212 nmwcdc - ok
15:52:42.0058 1212 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:52:42.0121 1212 nmwcdnsucx64 - ok
15:52:42.0152 1212 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
15:52:42.0183 1212 nmwcdnsux64 - ok
15:52:42.0214 1212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:52:42.0292 1212 Npfs - ok
15:52:42.0370 1212 NSCIRDA (228c7cf50a584dd58e72fcefac7d8914) C:\Windows\system32\DRIVERS\nscirda.sys
15:52:42.0433 1212 NSCIRDA - ok
15:52:42.0464 1212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:52:42.0526 1212 nsiproxy - ok
15:52:42.0573 1212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:52:42.0620 1212 Ntfs - ok
15:52:42.0714 1212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:52:42.0792 1212 Null - ok
15:52:43.0244 1212 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:52:43.0556 1212 nvlddmkm - ok
15:52:43.0696 1212 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
15:52:43.0712 1212 nvoclk64 - ok
15:52:43.0728 1212 nvport - ok
15:52:43.0774 1212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:52:43.0806 1212 nvraid - ok
15:52:43.0837 1212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:52:43.0837 1212 nvstor - ok
15:52:43.0899 1212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:52:43.0930 1212 nv_agp - ok
15:52:44.0024 1212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:52:44.0071 1212 ohci1394 - ok
15:52:44.0164 1212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:52:44.0196 1212 Parport - ok
15:52:44.0227 1212 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:52:44.0242 1212 partmgr - ok
15:52:44.0320 1212 pccsmcfd - ok
15:52:44.0352 1212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:52:44.0383 1212 pci - ok
15:52:44.0398 1212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:52:44.0414 1212 pciide - ok
15:52:44.0445 1212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:44.0461 1212 pcmcia - ok
15:52:44.0476 1212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:52:44.0492 1212 pcw - ok
15:52:44.0523 1212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:52:44.0586 1212 PEAUTH - ok
15:52:44.0664 1212 pfc - ok
15:52:44.0788 1212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:44.0882 1212 PptpMiniport - ok
15:52:44.0913 1212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:52:44.0929 1212 Processor - ok
15:52:45.0038 1212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:52:45.0116 1212 Psched - ok
15:52:45.0163 1212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:52:45.0210 1212 ql2300 - ok
15:52:45.0241 1212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:45.0241 1212 ql40xx - ok
15:52:45.0319 1212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:52:45.0381 1212 QWAVEdrv - ok
15:52:45.0412 1212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:45.0475 1212 RasAcd - ok
15:52:45.0506 1212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:45.0537 1212 RasAgileVpn - ok
15:52:45.0584 1212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:45.0678 1212 Rasl2tp - ok
15:52:45.0740 1212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:45.0834 1212 RasPppoe - ok
15:52:45.0849 1212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:45.0927 1212 RasSstp - ok
15:52:45.0958 1212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:45.0990 1212 rdbss - ok
15:52:46.0021 1212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:46.0068 1212 rdpbus - ok
15:52:46.0099 1212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:46.0146 1212 RDPCDD - ok
15:52:46.0239 1212 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:52:46.0317 1212 RDPDR - ok
15:52:46.0333 1212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:52:46.0364 1212 RDPENCDD - ok
15:52:46.0380 1212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:52:46.0411 1212 RDPREFMP - ok
15:52:46.0442 1212 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:52:46.0489 1212 RDPWD - ok
15:52:46.0536 1212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:52:46.0567 1212 rdyboost - ok
15:52:46.0676 1212 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:52:46.0723 1212 RFCOMM - ok
15:52:46.0785 1212 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
15:52:46.0816 1212 RsFx0150 - ok
15:52:46.0848 1212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:46.0910 1212 rspndr - ok
15:52:46.0988 1212 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:52:47.0050 1212 RTL8167 - ok
15:52:47.0097 1212 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:52:47.0128 1212 s3cap - ok
15:52:47.0222 1212 SbieDrv (c7e399dbc7b70fda979013389b1a8dab) D:\Programme\Sandboxie\SbieDrv.sys
15:52:47.0253 1212 SbieDrv - ok
15:52:47.0347 1212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:52:47.0378 1212 sbp2port - ok
15:52:47.0440 1212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:52:47.0518 1212 scfilter - ok
15:52:47.0550 1212 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:52:47.0581 1212 sdbus - ok
15:52:47.0674 1212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:47.0752 1212 secdrv - ok
15:52:47.0815 1212 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
15:52:47.0830 1212 Sentinel64 - ok
15:52:47.0846 1212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:52:47.0862 1212 Serenum - ok
15:52:47.0862 1212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:52:47.0893 1212 Serial - ok
15:52:47.0940 1212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:52:47.0940 1212 sermouse - ok
15:52:48.0049 1212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:52:48.0080 1212 sffdisk - ok
15:52:48.0111 1212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:48.0142 1212 sffp_mmc - ok
15:52:48.0174 1212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:52:48.0205 1212 sffp_sd - ok
15:52:48.0236 1212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:48.0283 1212 sfloppy - ok
15:52:48.0392 1212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:48.0423 1212 SiSRaid2 - ok
15:52:48.0439 1212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:48.0454 1212 SiSRaid4 - ok
15:52:48.0486 1212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:52:48.0517 1212 Smb - ok
15:52:48.0564 1212 smserial (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
15:52:48.0626 1212 smserial - ok
15:52:48.0673 1212 speedfan - ok
15:52:48.0751 1212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:52:48.0782 1212 spldr - ok
15:52:48.0860 1212 sptd (4b3f898dc1378ced2f35d04e5b0ce0df) C:\Windows\System32\Drivers\sptd.sys
15:52:48.0860 1212 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
15:52:48.0860 1212 sptd ( LockedFile.Multi.Generic ) - warning
15:52:48.0860 1212 sptd - detected LockedFile.Multi.Generic (1)
15:52:49.0000 1212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:52:49.0078 1212 srv - ok
15:52:49.0110 1212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:52:49.0141 1212 srv2 - ok
15:52:49.0234 1212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:49.0281 1212 srvnet - ok
15:52:49.0344 1212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:52:49.0344 1212 stexstor - ok
15:52:49.0390 1212 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:52:49.0390 1212 StillCam - ok
15:52:49.0546 1212 StkCMini (8c74684d421f18dfa7ac1c0f6018955f) C:\Windows\system32\Drivers\StkCMini.sys
15:52:49.0624 1212 StkCMini - ok
15:52:49.0718 1212 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:52:49.0749 1212 storflt - ok
15:52:49.0765 1212 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:52:49.0780 1212 storvsc - ok
15:52:49.0812 1212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:52:49.0812 1212 swenum - ok
15:52:49.0905 1212 SynTP (08425cd92972c6430f350a9697f4a553) C:\Windows\system32\DRIVERS\SynTP.sys
15:52:49.0952 1212 SynTP - ok
15:52:50.0092 1212 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:52:50.0155 1212 Tcpip - ok
15:52:50.0202 1212 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:50.0233 1212 TCPIP6 - ok
15:52:50.0280 1212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:52:50.0358 1212 tcpipreg - ok
15:52:50.0467 1212 TcUsb (ccf4225a78d2ca2983c38d60cffbadc8) C:\Windows\system32\Drivers\tcusb.sys
15:52:50.0498 1212 TcUsb - ok
15:52:50.0529 1212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:52:50.0592 1212 TDPIPE - ok
15:52:50.0607 1212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:52:50.0638 1212 TDTCP - ok
15:52:50.0685 1212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:52:50.0779 1212 tdx - ok
15:52:50.0841 1212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:52:50.0872 1212 TermDD - ok
15:52:50.0982 1212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:51.0060 1212 tssecsrv - ok
15:52:51.0122 1212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:52:51.0153 1212 TsUsbFlt - ok
15:52:51.0216 1212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:51.0294 1212 tunnel - ok
15:52:51.0372 1212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:52:51.0403 1212 uagp35 - ok
15:52:51.0434 1212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:52:51.0512 1212 udfs - ok
15:52:51.0559 1212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:52:51.0590 1212 uliagpkx - ok
15:52:51.0637 1212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:52:51.0668 1212 umbus - ok
15:52:51.0684 1212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:52:51.0715 1212 UmPass - ok
15:52:51.0871 1212 upperdev (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:52:51.0933 1212 upperdev - ok
15:52:51.0964 1212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:51.0996 1212 usbccgp - ok
15:52:52.0042 1212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:52:52.0074 1212 usbcir - ok
15:52:52.0152 1212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:52:52.0198 1212 usbehci - ok
15:52:52.0245 1212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:52.0292 1212 usbhub - ok
15:52:52.0339 1212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:52:52.0370 1212 usbohci - ok
15:52:52.0401 1212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:52.0432 1212 usbprint - ok
15:52:52.0526 1212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:52.0588 1212 usbscan - ok
15:52:52.0651 1212 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:52:52.0682 1212 usbser - ok
15:52:52.0776 1212 UsbserFilt (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:52:52.0838 1212 UsbserFilt - ok
15:52:52.0916 1212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:52.0963 1212 USBSTOR - ok
15:52:52.0994 1212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:52:53.0041 1212 usbuhci - ok
15:52:53.0088 1212 VComm (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys
15:52:53.0103 1212 VComm - ok
15:52:53.0150 1212 VcommMgr (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys
15:52:53.0166 1212 VcommMgr - ok
15:52:53.0244 1212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:52:53.0275 1212 vdrvroot - ok
15:52:53.0306 1212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:53.0322 1212 vga - ok
15:52:53.0353 1212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:52:53.0400 1212 VgaSave - ok
15:52:53.0431 1212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:52:53.0462 1212 vhdmp - ok
15:52:53.0478 1212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:52:53.0493 1212 viaide - ok
15:52:53.0556 1212 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:52:53.0587 1212 vmbus - ok
15:52:53.0618 1212 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:52:53.0649 1212 VMBusHID - ok
15:52:53.0696 1212 vmci (69f38919ff1510560d67f9a0b2375b01) C:\Windows\system32\drivers\vmci.sys
15:52:53.0727 1212 vmci - ok
15:52:53.0774 1212 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:52:53.0805 1212 VMnetAdapter - ok
15:52:53.0852 1212 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:52:53.0852 1212 VMnetBridge - ok
15:52:53.0930 1212 VMnetuserif (ea48bef5bc53d6cb5fec8f9be088b337) C:\Windows\system32\drivers\vmnetuserif.sys
15:52:53.0946 1212 VMnetuserif - ok
15:52:54.0008 1212 vmusb (5d5c96c4ad3cfcffb8d5691dd749322a) C:\Windows\system32\Drivers\vmusb.sys
15:52:54.0024 1212 vmusb - ok
15:52:54.0133 1212 vmx86 (1286147733e31fe4e40237eb289cd7a8) C:\Windows\system32\drivers\vmx86.sys
15:52:54.0148 1212 vmx86 - ok
15:52:54.0211 1212 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
15:52:54.0273 1212 vncmirror - ok
15:52:54.0320 1212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:52:54.0336 1212 volmgr - ok
15:52:54.0414 1212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:52:54.0460 1212 volmgrx - ok
15:52:54.0476 1212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:52:54.0492 1212 volsnap - ok
15:52:54.0554 1212 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
15:52:54.0585 1212 vpcbus - ok
15:52:54.0616 1212 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:52:54.0648 1212 vpcnfltr - ok
15:52:54.0679 1212 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
15:52:54.0710 1212 vpcusb - ok
15:52:54.0788 1212 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
15:52:54.0819 1212 vpcuxd - ok
15:52:54.0928 1212 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
15:52:54.0975 1212 vpcvmm - ok
15:52:55.0006 1212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:55.0006 1212 vsmraid - ok
15:52:55.0038 1212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:52:55.0084 1212 vwifibus - ok
15:52:55.0131 1212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:52:55.0162 1212 WacomPen - ok
15:52:55.0225 1212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:55.0303 1212 WANARP - ok
15:52:55.0303 1212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:55.0334 1212 Wanarpv6 - ok
15:52:55.0412 1212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:52:55.0428 1212 Wd - ok
15:52:55.0459 1212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:55.0474 1212 Wdf01000 - ok
15:52:55.0552 1212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:55.0615 1212 WfpLwf - ok
15:52:55.0630 1212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:52:55.0646 1212 WIMMount - ok
15:52:55.0740 1212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:55.0786 1212 WinUsb - ok
15:52:55.0864 1212 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
15:52:55.0880 1212 WmBEnum - ok
15:52:55.0942 1212 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
15:52:55.0974 1212 WmFilter - ok
15:52:56.0005 1212 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
15:52:56.0020 1212 WmHidLo - ok
15:52:56.0098 1212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:52:56.0145 1212 WmiAcpi - ok
15:52:56.0192 1212 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
15:52:56.0208 1212 WmVirHid - ok
15:52:56.0270 1212 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
15:52:56.0286 1212 WmXlCore - ok
15:52:56.0332 1212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:56.0364 1212 ws2ifsl - ok
15:52:56.0442 1212 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:52:56.0504 1212 WSDPrintDevice - ok
15:52:56.0535 1212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:52:56.0629 1212 WudfPf - ok
15:52:56.0707 1212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:56.0785 1212 WUDFRd - ok
15:52:56.0832 1212 ZTEusbmdm6k - ok
15:52:56.0863 1212 ZTEusbnmea - ok
15:52:56.0894 1212 ZTEusbser6k - ok
15:52:56.0941 1212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:52:57.0159 1212 \Device\Harddisk0\DR0 - ok
15:52:57.0175 1212 Boot (0x1200) (3f3ff1582e573afb1d717a7c20180216) \Device\Harddisk0\DR0\Partition0
15:52:57.0175 1212 \Device\Harddisk0\DR0\Partition0 - ok
15:52:57.0206 1212 Boot (0x1200) (85f7fc6054658e95b79d0181b21c6015) \Device\Harddisk0\DR0\Partition1
15:52:57.0206 1212 \Device\Harddisk0\DR0\Partition1 - ok
15:52:57.0222 1212 Boot (0x1200) (1388759a79cd3892c42b86f310b3dff3) \Device\Harddisk0\DR0\Partition2
15:52:57.0222 1212 \Device\Harddisk0\DR0\Partition2 - ok
15:52:57.0237 1212 ============================================================
15:52:57.0237 1212 Scan finished
15:52:57.0237 1212 ============================================================
15:52:57.0237 4208 Detected object count: 2
15:52:57.0237 4208 Actual detected object count: 2
15:58:43.0060 4208 hwusbdev ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:43.0060 4208 hwusbdev ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:43.0060 4208 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:58:43.0060 4208 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
20.10.2011, 15:09
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Wurm winsvc.exe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Facebook-Wurm winsvc.exe |
| anti-malware, automatisch, autostart, backdoor.ircbot, bild, chat, code, datei, explorer, infizierte, link, löschen, malwarebytes, namen, online, ordner, prozess, recycle.bin, scan, schattenkopien, security, stick, system, temp, usb, usb stick, windows, wurm |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
