Battle.net-Acc wurde gehackt nach Echtgeldeinkauf

Seraphim137 · 22.07.2012, 17:58

So bin wieder zu hause und an meinem rechner.

im Anhang sämtliche logs die vom tdssKiller erstellt wurden.

Hier das Letzte Log:

Code:

ATTFilter

01:22:39.0219 4260	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
01:22:39.0566 4260	============================================================
01:22:39.0566 4260	Current date / time: 2012/07/21 01:22:39.0566
01:22:39.0566 4260	SystemInfo:
01:22:39.0566 4260	
01:22:39.0566 4260	OS Version: 6.1.7601 ServicePack: 1.0
01:22:39.0566 4260	Product type: Workstation
01:22:39.0566 4260	ComputerName: ANDREAS-PC
01:22:39.0566 4260	UserName: Andreas
01:22:39.0566 4260	Windows directory: C:\Windows
01:22:39.0566 4260	System windows directory: C:\Windows
01:22:39.0566 4260	Running under WOW64
01:22:39.0566 4260	Processor architecture: Intel x64
01:22:39.0566 4260	Number of processors: 4
01:22:39.0566 4260	Page size: 0x1000
01:22:39.0566 4260	Boot type: Normal boot
01:22:39.0566 4260	============================================================
01:22:40.0695 4260	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0xA8178, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
01:22:41.0263 4260	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:22:41.0270 4260	============================================================
01:22:41.0271 4260	\Device\Harddisk0\DR0:
01:22:41.0271 4260	MBR partitions:
01:22:41.0271 4260	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:22:41.0271 4260	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
01:22:41.0271 4260	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x249F0000
01:22:41.0271 4260	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D40000, BlocksNum 0x7DD47000
01:22:41.0271 4260	\Device\Harddisk1\DR1:
01:22:41.0271 4260	MBR partitions:
01:22:41.0271 4260	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:22:41.0271 4260	============================================================
01:22:41.0302 4260	C: <-> \Device\Harddisk0\DR0\Partition1
01:22:41.0347 4260	D: <-> \Device\Harddisk0\DR0\Partition2
01:22:41.0405 4260	E: <-> \Device\Harddisk0\DR0\Partition3
01:22:41.0436 4260	F: <-> \Device\Harddisk1\DR1\Partition0
01:22:41.0436 4260	============================================================
01:22:41.0436 4260	Initialize success
01:22:41.0436 4260	============================================================
01:22:46.0202 7048	============================================================
01:22:46.0202 7048	Scan started
01:22:46.0202 7048	Mode: Manual; SigCheck; TDLFS; 
01:22:46.0202 7048	============================================================
01:22:47.0030 7048	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:22:47.0108 7048	1394ohci - ok
01:22:47.0168 7048	a2acc           (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
01:22:47.0192 7048	a2acc - ok
01:22:47.0318 7048	a2AntiMalware   (8b75ba256bcada2b73ffa5bd77aa9e6c) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
01:22:47.0371 7048	a2AntiMalware - ok
01:22:47.0577 7048	A2DDA           (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
01:22:47.0592 7048	A2DDA - ok
01:22:47.0693 7048	ABBYY.Licensing.FineReader.Professional.11.0 (656f06850d02baed19f0e2e72b047ce2) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
01:22:47.0715 7048	ABBYY.Licensing.FineReader.Professional.11.0 - ok
01:22:47.0768 7048	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:22:47.0787 7048	ACPI - ok
01:22:47.0802 7048	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:22:47.0821 7048	AcpiPmi - ok
01:22:47.0898 7048	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:22:47.0914 7048	AdobeFlashPlayerUpdateSvc - ok
01:22:47.0961 7048	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:22:47.0982 7048	adp94xx - ok
01:22:48.0006 7048	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:22:48.0025 7048	adpahci - ok
01:22:48.0046 7048	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:22:48.0064 7048	adpu320 - ok
01:22:48.0091 7048	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:22:48.0127 7048	AeLookupSvc - ok
01:22:48.0159 7048	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:22:48.0180 7048	AFD - ok
01:22:48.0197 7048	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:22:48.0212 7048	agp440 - ok
01:22:48.0217 7048	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:22:48.0235 7048	ALG - ok
01:22:48.0242 7048	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:22:48.0258 7048	aliide - ok
01:22:48.0290 7048	AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
01:22:48.0311 7048	AMD External Events Utility - ok
01:22:48.0326 7048	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:22:48.0342 7048	amdide - ok
01:22:48.0359 7048	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:22:48.0379 7048	AmdK8 - ok
01:22:48.0611 7048	amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:48.0709 7048	amdkmdag - ok
01:22:48.0765 7048	amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
01:22:48.0785 7048	amdkmdap - ok
01:22:48.0805 7048	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:22:48.0822 7048	AmdPPM - ok
01:22:48.0838 7048	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:22:48.0854 7048	amdsata - ok
01:22:48.0875 7048	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:22:48.0894 7048	amdsbs - ok
01:22:48.0904 7048	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:22:48.0919 7048	amdxata - ok
01:22:48.0941 7048	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:22:48.0976 7048	AppID - ok
01:22:48.0989 7048	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:22:49.0024 7048	AppIDSvc - ok
01:22:49.0050 7048	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:22:49.0084 7048	Appinfo - ok
01:22:49.0110 7048	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:22:49.0128 7048	AppMgmt - ok
01:22:49.0139 7048	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:22:49.0155 7048	arc - ok
01:22:49.0165 7048	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:22:49.0181 7048	arcsas - ok
01:22:49.0256 7048	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:22:49.0270 7048	aspnet_state - ok
01:22:49.0287 7048	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:49.0321 7048	AsyncMac - ok
01:22:49.0324 7048	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:22:49.0339 7048	atapi - ok
01:22:49.0372 7048	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:22:49.0388 7048	AtiHDAudioService - ok
01:22:49.0420 7048	AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
01:22:49.0435 7048	AtiHdmiService - ok
01:22:49.0710 7048	atikmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:49.0809 7048	atikmdag - ok
01:22:49.0867 7048	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
01:22:49.0885 7048	atksgt - ok
01:22:49.0936 7048	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:49.0975 7048	AudioEndpointBuilder - ok
01:22:49.0980 7048	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:50.0020 7048	AudioSrv - ok
01:22:50.0079 7048	AVP             (946d70667b0119f2beeae0849e1d46a2) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
01:22:50.0096 7048	AVP - ok
01:22:50.0120 7048	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:22:50.0141 7048	AxInstSV - ok
01:22:50.0174 7048	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:22:50.0194 7048	b06bdrv - ok
01:22:50.0217 7048	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:22:50.0236 7048	b57nd60a - ok
01:22:50.0254 7048	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:22:50.0271 7048	BDESVC - ok
01:22:50.0285 7048	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:22:50.0320 7048	Beep - ok
01:22:50.0365 7048	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:22:50.0404 7048	BFE - ok
01:22:50.0443 7048	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
01:22:50.0486 7048	BITS - ok
01:22:50.0492 7048	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:22:50.0510 7048	blbdrive - ok
01:22:50.0520 7048	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:22:50.0536 7048	bowser - ok
01:22:50.0554 7048	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:22:50.0573 7048	BrFiltLo - ok
01:22:50.0583 7048	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:22:50.0602 7048	BrFiltUp - ok
01:22:50.0626 7048	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:22:50.0660 7048	Browser - ok
01:22:50.0688 7048	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:22:50.0708 7048	Brserid - ok
01:22:50.0723 7048	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:22:50.0744 7048	BrSerWdm - ok
01:22:50.0751 7048	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:22:50.0770 7048	BrUsbMdm - ok
01:22:50.0778 7048	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:22:50.0795 7048	BrUsbSer - ok
01:22:50.0816 7048	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:22:50.0835 7048	BTHMODEM - ok
01:22:50.0851 7048	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:22:50.0887 7048	bthserv - ok
01:22:50.0893 7048	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:50.0928 7048	cdfs - ok
01:22:50.0955 7048	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:50.0974 7048	cdrom - ok
01:22:50.0988 7048	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:22:51.0023 7048	CertPropSvc - ok
01:22:51.0039 7048	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:22:51.0061 7048	circlass - ok
01:22:51.0094 7048	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:22:51.0113 7048	CLFS - ok
01:22:51.0206 7048	CLPSLS          (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
01:22:51.0234 7048	CLPSLS - ok
01:22:51.0307 7048	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:22:51.0322 7048	clr_optimization_v2.0.50727_32 - ok
01:22:51.0369 7048	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:22:51.0383 7048	clr_optimization_v2.0.50727_64 - ok
01:22:51.0420 7048	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:22:51.0435 7048	clr_optimization_v4.0.30319_32 - ok
01:22:51.0477 7048	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:22:51.0492 7048	clr_optimization_v4.0.30319_64 - ok
01:22:51.0531 7048	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:22:51.0548 7048	CmBatt - ok
01:22:51.0669 7048	cmdAgent        (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
01:22:51.0720 7048	cmdAgent - ok
01:22:51.0762 7048	cmderd          (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
01:22:51.0776 7048	cmderd - ok
01:22:51.0806 7048	cmdGuard        (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
01:22:51.0826 7048	cmdGuard - ok
01:22:51.0841 7048	cmdHlp          (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
01:22:51.0856 7048	cmdHlp - ok
01:22:51.0877 7048	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:22:51.0892 7048	cmdide - ok
01:22:51.0936 7048	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
01:22:51.0961 7048	CNG - ok
01:22:51.0971 7048	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:22:51.0986 7048	Compbatt - ok
01:22:52.0007 7048	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:22:52.0026 7048	CompositeBus - ok
01:22:52.0029 7048	COMSysApp - ok
01:22:52.0062 7048	cpuz130 - ok
01:22:52.0065 7048	cpuz132 - ok
01:22:52.0079 7048	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:22:52.0095 7048	crcdisk - ok
01:22:52.0118 7048	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:22:52.0136 7048	CryptSvc - ok
01:22:52.0169 7048	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:22:52.0190 7048	CSC - ok
01:22:52.0226 7048	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:22:52.0249 7048	CscService - ok
01:22:52.0309 7048	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) d:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
01:22:52.0322 7048	DAUpdaterSvc - ok
01:22:52.0358 7048	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:22:52.0400 7048	DcomLaunch - ok
01:22:52.0433 7048	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:22:52.0472 7048	defragsvc - ok
01:22:52.0500 7048	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:22:52.0535 7048	DfsC - ok
01:22:52.0556 7048	dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
01:22:52.0570 7048	dgderdrv - ok
01:22:52.0819 7048	dgdersvc        (10b8f89d146d0e20b1284d47bb4ec6c9) C:\Windows\SysWOW64\dgdersvc.exe
01:22:52.0834 7048	dgdersvc - ok
01:22:52.0858 7048	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:22:52.0895 7048	Dhcp - ok
01:22:52.0905 7048	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:22:52.0941 7048	discache - ok
01:22:52.0946 7048	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:22:52.0962 7048	Disk - ok
01:22:52.0991 7048	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:22:53.0009 7048	Dnscache - ok
01:22:53.0034 7048	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:22:53.0069 7048	dot3svc - ok
01:22:53.0094 7048	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:22:53.0129 7048	DPS - ok
01:22:53.0153 7048	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:22:53.0172 7048	drmkaud - ok
01:22:53.0227 7048	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:53.0253 7048	DXGKrnl - ok
01:22:53.0280 7048	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:22:53.0316 7048	EapHost - ok
01:22:53.0446 7048	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:22:53.0492 7048	ebdrv - ok
01:22:53.0555 7048	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:22:53.0573 7048	EFS - ok
01:22:53.0634 7048	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:22:53.0657 7048	ehRecvr - ok
01:22:53.0677 7048	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:22:53.0696 7048	ehSched - ok
01:22:53.0725 7048	ElbyCDFL        (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
01:22:53.0740 7048	ElbyCDFL - ok
01:22:53.0767 7048	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
01:22:53.0782 7048	ElbyCDIO - ok
01:22:53.0818 7048	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:22:53.0839 7048	elxstor - ok
01:22:53.0858 7048	ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
01:22:53.0873 7048	ENTECH64 - ok
01:22:53.0899 7048	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:22:53.0917 7048	ErrDev - ok
01:22:53.0956 7048	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:22:53.0995 7048	EventSystem - ok
01:22:54.0018 7048	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:22:54.0056 7048	exfat - ok
01:22:54.0078 7048	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:22:54.0114 7048	fastfat - ok
01:22:54.0165 7048	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:22:54.0199 7048	Fax - ok
01:22:54.0213 7048	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:22:54.0230 7048	fdc - ok
01:22:54.0247 7048	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:22:54.0282 7048	fdPHost - ok
01:22:54.0293 7048	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:22:54.0330 7048	FDResPub - ok
01:22:54.0344 7048	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:22:54.0360 7048	FileInfo - ok
01:22:54.0375 7048	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:22:54.0410 7048	Filetrace - ok
01:22:54.0417 7048	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:22:54.0435 7048	flpydisk - ok
01:22:54.0448 7048	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:22:54.0466 7048	FltMgr - ok
01:22:54.0539 7048	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:22:54.0565 7048	FontCache - ok
01:22:54.0644 7048	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:22:54.0658 7048	FontCache3.0.0.0 - ok
01:22:54.0672 7048	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:22:54.0688 7048	FsDepends - ok
01:22:54.0709 7048	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:54.0725 7048	Fs_Rec - ok
01:22:54.0749 7048	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:22:54.0769 7048	fvevol - ok
01:22:54.0780 7048	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:22:54.0796 7048	gagp30kx - ok
01:22:54.0823 7048	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:22:54.0836 7048	GEARAspiWDM - ok
01:22:54.0891 7048	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:22:54.0931 7048	gpsvc - ok
01:22:54.0985 7048	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:55.0002 7048	gupdate - ok
01:22:55.0005 7048	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:55.0020 7048	gupdatem - ok
01:22:55.0041 7048	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:22:55.0058 7048	hcw85cir - ok
01:22:55.0086 7048	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:22:55.0108 7048	HdAudAddService - ok
01:22:55.0128 7048	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:22:55.0148 7048	HDAudBus - ok
01:22:55.0168 7048	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:22:55.0185 7048	HidBatt - ok
01:22:55.0204 7048	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:22:55.0224 7048	HidBth - ok
01:22:55.0244 7048	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:22:55.0264 7048	HidIr - ok
01:22:55.0281 7048	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:22:55.0317 7048	hidserv - ok
01:22:55.0346 7048	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:55.0364 7048	HidUsb - ok
01:22:55.0388 7048	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:22:55.0424 7048	hkmsvc - ok
01:22:55.0453 7048	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:22:55.0473 7048	HomeGroupListener - ok
01:22:55.0495 7048	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:22:55.0514 7048	HomeGroupProvider - ok
01:22:55.0537 7048	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:22:55.0553 7048	HpSAMD - ok
01:22:55.0604 7048	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:22:55.0644 7048	HTTP - ok
01:22:55.0648 7048	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:22:55.0664 7048	hwpolicy - ok
01:22:55.0680 7048	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:22:55.0697 7048	i8042prt - ok
01:22:55.0734 7048	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:22:55.0753 7048	iaStorV - ok
01:22:55.0793 7048	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:22:55.0816 7048	idsvc - ok
01:22:55.0822 7048	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:22:55.0838 7048	iirsp - ok
01:22:55.0889 7048	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:22:55.0930 7048	IKEEXT - ok
01:22:55.0962 7048	inspect         (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
01:22:55.0978 7048	inspect - ok
01:22:55.0991 7048	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:22:56.0006 7048	intelide - ok
01:22:56.0022 7048	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:56.0041 7048	intelppm - ok
01:22:56.0048 7048	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:22:56.0086 7048	IPBusEnum - ok
01:22:56.0113 7048	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:56.0147 7048	IpFilterDriver - ok
01:22:56.0192 7048	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:22:56.0231 7048	iphlpsvc - ok
01:22:56.0249 7048	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:22:56.0267 7048	IPMIDRV - ok
01:22:56.0288 7048	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:22:56.0324 7048	IPNAT - ok
01:22:56.0398 7048	iPod Service    (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
01:22:56.0421 7048	iPod Service - ok
01:22:56.0434 7048	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:22:56.0454 7048	IRENUM - ok
01:22:56.0471 7048	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:22:56.0486 7048	isapnp - ok
01:22:56.0508 7048	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:22:56.0527 7048	iScsiPrt - ok
01:22:56.0558 7048	ivusb           (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
01:22:56.0572 7048	ivusb - ok
01:22:56.0578 7048	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:56.0594 7048	kbdclass - ok
01:22:56.0607 7048	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:56.0625 7048	kbdhid - ok
01:22:56.0651 7048	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:56.0669 7048	KeyIso - ok
01:22:56.0695 7048	KL1             (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
01:22:56.0713 7048	KL1 - ok
01:22:56.0735 7048	kl2             (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
01:22:56.0749 7048	kl2 - ok
01:22:56.0780 7048	KLIF            (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
01:22:56.0799 7048	KLIF - ok
01:22:56.0818 7048	KLIM6           (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
01:22:56.0831 7048	KLIM6 - ok
01:22:56.0848 7048	klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
01:22:56.0862 7048	klmouflt - ok
01:22:56.0886 7048	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
01:22:56.0903 7048	KSecDD - ok
01:22:56.0929 7048	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
01:22:56.0946 7048	KSecPkg - ok
01:22:56.0969 7048	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:22:57.0005 7048	ksthunk - ok
01:22:57.0033 7048	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:22:57.0072 7048	KtmRm - ok
01:22:57.0098 7048	L8042Kbd        (7d80a55b6d0c2a54728158e846f4696d) C:\Windows\system32\DRIVERS\L8042Kbd.sys
01:22:57.0113 7048	L8042Kbd - ok
01:22:57.0139 7048	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:22:57.0176 7048	LanmanServer - ok
01:22:57.0199 7048	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:22:57.0236 7048	LanmanWorkstation - ok
01:22:57.0313 7048	LBTServ         (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:22:57.0331 7048	LBTServ - ok
01:22:57.0350 7048	LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:22:57.0365 7048	LHidFilt - ok
01:22:57.0397 7048	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
01:22:57.0412 7048	lirsgt - ok
01:22:57.0423 7048	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:22:57.0458 7048	lltdio - ok
01:22:57.0489 7048	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:22:57.0526 7048	lltdsvc - ok
01:22:57.0542 7048	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:22:57.0577 7048	lmhosts - ok
01:22:57.0593 7048	LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:22:57.0608 7048	LMouFilt - ok
01:22:57.0630 7048	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:22:57.0646 7048	LSI_FC - ok
01:22:57.0666 7048	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:22:57.0684 7048	LSI_SAS - ok
01:22:57.0703 7048	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:22:57.0722 7048	LSI_SAS2 - ok
01:22:57.0730 7048	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:22:57.0747 7048	LSI_SCSI - ok
01:22:57.0755 7048	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:22:57.0791 7048	luafv - ok
01:22:57.0816 7048	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:22:57.0834 7048	Mcx2Svc - ok
01:22:57.0850 7048	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:22:57.0866 7048	megasas - ok
01:22:57.0895 7048	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:22:57.0913 7048	MegaSR - ok
01:22:57.0962 7048	Microsoft SharePoint Workspace Audit Service - ok
01:22:57.0974 7048	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:22:58.0011 7048	MMCSS - ok
01:22:58.0031 7048	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:22:58.0065 7048	Modem - ok
01:22:58.0092 7048	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:22:58.0112 7048	monitor - ok
01:22:58.0146 7048	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:22:58.0161 7048	mouclass - ok
01:22:58.0176 7048	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:22:58.0194 7048	mouhid - ok
01:22:58.0207 7048	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:22:58.0223 7048	mountmgr - ok
01:22:58.0262 7048	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:22:58.0277 7048	MozillaMaintenance - ok
01:22:58.0310 7048	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:22:58.0327 7048	mpio - ok
01:22:58.0341 7048	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:22:58.0376 7048	mpsdrv - ok
01:22:58.0431 7048	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:22:58.0472 7048	MpsSvc - ok
01:22:58.0507 7048	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:22:58.0529 7048	MRxDAV - ok
01:22:58.0547 7048	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:22:58.0564 7048	mrxsmb - ok
01:22:58.0591 7048	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:22:58.0610 7048	mrxsmb10 - ok
01:22:58.0621 7048	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:22:58.0638 7048	mrxsmb20 - ok
01:22:58.0656 7048	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:22:58.0672 7048	msahci - ok
01:22:58.0689 7048	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:22:58.0705 7048	msdsm - ok
01:22:58.0731 7048	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:22:58.0752 7048	MSDTC - ok
01:22:58.0763 7048	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:22:58.0798 7048	Msfs - ok
01:22:58.0809 7048	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:22:58.0843 7048	mshidkmdf - ok
01:22:58.0863 7048	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:22:58.0878 7048	msisadrv - ok
01:22:58.0908 7048	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:22:58.0945 7048	MSiSCSI - ok
01:22:58.0950 7048	msiserver - ok
01:22:58.0967 7048	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:22:59.0003 7048	MSKSSRV - ok
01:22:59.0018 7048	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:22:59.0056 7048	MSPCLOCK - ok
01:22:59.0064 7048	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:22:59.0099 7048	MSPQM - ok
01:22:59.0135 7048	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:22:59.0154 7048	MsRPC - ok
01:22:59.0169 7048	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:22:59.0185 7048	mssmbios - ok
01:22:59.0239 7048	MSSQL$SQLEXPRESS - ok
01:22:59.0287 7048	MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
01:22:59.0302 7048	MSSQLServerADHelper100 - ok
01:22:59.0307 7048	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:22:59.0342 7048	MSTEE - ok
01:22:59.0353 7048	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:22:59.0369 7048	MTConfig - ok
01:22:59.0396 7048	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
01:22:59.0410 7048	MTsensor - ok
01:22:59.0423 7048	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:22:59.0439 7048	Mup - ok
01:22:59.0477 7048	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:22:59.0514 7048	napagent - ok
01:22:59.0541 7048	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:22:59.0564 7048	NativeWifiP - ok
01:22:59.0658 7048	NBService       (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
01:22:59.0680 7048	NBService - ok
01:22:59.0730 7048	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:22:59.0756 7048	NDIS - ok
01:22:59.0771 7048	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:22:59.0807 7048	NdisCap - ok
01:22:59.0820 7048	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:22:59.0855 7048	NdisTapi - ok
01:22:59.0884 7048	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:22:59.0918 7048	Ndisuio - ok
01:22:59.0942 7048	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:22:59.0977 7048	NdisWan - ok
01:23:00.0000 7048	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:23:00.0034 7048	NDProxy - ok
01:23:00.0041 7048	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:23:00.0076 7048	NetBIOS - ok
01:23:00.0095 7048	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:23:00.0130 7048	NetBT - ok
01:23:00.0155 7048	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:00.0173 7048	Netlogon - ok
01:23:00.0203 7048	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:23:00.0243 7048	Netman - ok
01:23:00.0316 7048	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0330 7048	NetMsmqActivator - ok
01:23:00.0334 7048	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0349 7048	NetPipeActivator - ok
01:23:00.0378 7048	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:23:00.0419 7048	netprofm - ok
01:23:00.0424 7048	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0439 7048	NetTcpActivator - ok
01:23:00.0444 7048	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0459 7048	NetTcpPortSharing - ok
01:23:00.0498 7048	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:23:00.0514 7048	nfrd960 - ok
01:23:00.0547 7048	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:23:00.0584 7048	NlaSvc - ok
01:23:00.0627 7048	NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
01:23:00.0642 7048	NMIndexingService - ok
01:23:00.0649 7048	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:23:00.0685 7048	Npfs - ok
01:23:00.0710 7048	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:23:00.0747 7048	nsi - ok
01:23:00.0752 7048	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:23:00.0788 7048	nsiproxy - ok
01:23:00.0858 7048	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:23:00.0892 7048	Ntfs - ok
01:23:00.0965 7048	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:23:01.0000 7048	Null - ok
01:23:01.0031 7048	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:23:01.0048 7048	nvraid - ok
01:23:01.0070 7048	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:23:01.0087 7048	nvstor - ok
01:23:01.0101 7048	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:23:01.0118 7048	nv_agp - ok
01:23:01.0136 7048	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:23:01.0154 7048	ohci1394 - ok
01:23:01.0196 7048	ose64           (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:23:01.0211 7048	ose64 - ok
01:23:01.0390 7048	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:23:01.0465 7048	osppsvc - ok
01:23:01.0527 7048	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:01.0548 7048	p2pimsvc - ok
01:23:01.0574 7048	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:23:01.0595 7048	p2psvc - ok
01:23:01.0621 7048	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:23:01.0639 7048	Parport - ok
01:23:01.0702 7048	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:23:01.0718 7048	partmgr - ok
01:23:01.0735 7048	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:23:01.0758 7048	PcaSvc - ok
01:23:01.0772 7048	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:23:01.0789 7048	pci - ok
01:23:01.0804 7048	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:23:01.0819 7048	pciide - ok
01:23:01.0857 7048	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:23:01.0875 7048	pcmcia - ok
01:23:01.0882 7048	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:23:01.0898 7048	pcw - ok
01:23:01.0936 7048	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:23:01.0977 7048	PEAUTH - ok
01:23:02.0048 7048	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:23:02.0077 7048	PeerDistSvc - ok
01:23:02.0123 7048	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:23:02.0142 7048	PerfHost - ok
01:23:02.0254 7048	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:23:02.0301 7048	pla - ok
01:23:02.0358 7048	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
01:23:02.0364 7048	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
01:23:02.0365 7048	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
01:23:02.0438 7048	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:23:02.0460 7048	PlugPlay - ok
01:23:02.0480 7048	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:23:02.0499 7048	PNRPAutoReg - ok
01:23:02.0520 7048	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:02.0541 7048	PNRPsvc - ok
01:23:02.0578 7048	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:23:02.0617 7048	PolicyAgent - ok
01:23:02.0632 7048	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:23:02.0669 7048	Power - ok
01:23:02.0694 7048	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:23:02.0729 7048	PptpMiniport - ok
01:23:02.0748 7048	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:23:02.0767 7048	Processor - ok
01:23:02.0807 7048	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:23:02.0839 7048	ProfSvc - ok
01:23:02.0855 7048	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:02.0873 7048	ProtectedStorage - ok
01:23:02.0914 7048	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:23:02.0949 7048	Psched - ok
01:23:02.0962 7048	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:23:02.0976 7048	PxHlpa64 - ok
01:23:03.0047 7048	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:23:03.0082 7048	ql2300 - ok
01:23:03.0130 7048	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:23:03.0146 7048	ql40xx - ok
01:23:03.0178 7048	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:23:03.0201 7048	QWAVE - ok
01:23:03.0221 7048	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:23:03.0241 7048	QWAVEdrv - ok
01:23:03.0262 7048	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:23:03.0298 7048	RasAcd - ok
01:23:03.0323 7048	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:23:03.0359 7048	RasAgileVpn - ok
01:23:03.0388 7048	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:23:03.0425 7048	RasAuto - ok
01:23:03.0435 7048	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:23:03.0471 7048	Rasl2tp - ok
01:23:03.0512 7048	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:23:03.0550 7048	RasMan - ok
01:23:03.0558 7048	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:23:03.0594 7048	RasPppoe - ok
01:23:03.0602 7048	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:23:03.0639 7048	RasSstp - ok
01:23:03.0663 7048	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:23:03.0699 7048	rdbss - ok
01:23:03.0706 7048	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:23:03.0726 7048	rdpbus - ok
01:23:03.0739 7048	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:23:03.0773 7048	RDPCDD - ok
01:23:03.0802 7048	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:23:03.0820 7048	RDPDR - ok
01:23:03.0826 7048	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:23:03.0861 7048	RDPENCDD - ok
01:23:03.0871 7048	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:23:03.0907 7048	RDPREFMP - ok
01:23:03.0967 7048	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:23:03.0984 7048	RdpVideoMiniport - ok
01:23:04.0020 7048	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:23:04.0038 7048	RDPWD - ok
01:23:04.0065 7048	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:23:04.0083 7048	rdyboost - ok
01:23:04.0114 7048	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:23:04.0150 7048	RemoteAccess - ok
01:23:04.0166 7048	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:23:04.0202 7048	RemoteRegistry - ok
01:23:04.0219 7048	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:23:04.0255 7048	RpcEptMapper - ok
01:23:04.0272 7048	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:23:04.0292 7048	RpcLocator - ok
01:23:04.0333 7048	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:23:04.0373 7048	RpcSs - ok
01:23:04.0402 7048	RsFx0103        (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
01:23:04.0420 7048	RsFx0103 - ok
01:23:04.0439 7048	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:23:04.0477 7048	rspndr - ok
01:23:04.0503 7048	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:23:04.0520 7048	s3cap - ok
01:23:04.0547 7048	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:04.0564 7048	SamSs - ok
01:23:04.0588 7048	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:23:04.0605 7048	sbp2port - ok
01:23:04.0637 7048	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:23:04.0675 7048	SCardSvr - ok
01:23:04.0695 7048	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:23:04.0729 7048	scfilter - ok
01:23:04.0800 7048	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:23:04.0844 7048	Schedule - ok
01:23:04.0872 7048	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:23:04.0906 7048	SCPolicySvc - ok
01:23:04.0932 7048	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:23:04.0951 7048	SDRSVC - ok
01:23:04.0977 7048	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:23:05.0012 7048	secdrv - ok
01:23:05.0030 7048	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:23:05.0064 7048	seclogon - ok
01:23:05.0084 7048	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:23:05.0121 7048	SENS - ok
01:23:05.0134 7048	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:23:05.0164 7048	SensrSvc - ok
01:23:05.0178 7048	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:23:05.0195 7048	Serenum - ok
01:23:05.0219 7048	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:23:05.0236 7048	Serial - ok
01:23:05.0273 7048	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:23:05.0291 7048	sermouse - ok
01:23:05.0552 7048	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:23:05.0589 7048	SessionEnv - ok
01:23:05.0620 7048	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:23:05.0640 7048	sffdisk - ok
01:23:05.0659 7048	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:23:05.0679 7048	sffp_mmc - ok
01:23:05.0694 7048	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:23:05.0714 7048	sffp_sd - ok
01:23:05.0726 7048	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:23:05.0745 7048	sfloppy - ok
01:23:05.0797 7048	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:23:05.0836 7048	SharedAccess - ok
01:23:05.0880 7048	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:23:05.0919 7048	ShellHWDetection - ok
01:23:05.0937 7048	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:23:05.0953 7048	SiSRaid2 - ok
01:23:05.0979 7048	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:23:05.0996 7048	SiSRaid4 - ok
01:23:06.0016 7048	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:23:06.0051 7048	Smb - ok
01:23:06.0079 7048	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:23:06.0098 7048	SNMPTRAP - ok
01:23:06.0111 7048	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:23:06.0127 7048	spldr - ok
01:23:06.0161 7048	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:23:06.0200 7048	Spooler - ok
01:23:06.0338 7048	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:23:06.0406 7048	sppsvc - ok
01:23:06.0475 7048	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:23:06.0513 7048	sppuinotify - ok
01:23:06.0573 7048	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
01:23:06.0598 7048	sptd - ok
01:23:06.0690 7048	SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
01:23:06.0709 7048	SQLAgent$SQLEXPRESS - ok
01:23:06.0769 7048	SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:23:06.0785 7048	SQLBrowser - ok
01:23:06.0831 7048	SQLWriter       (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:23:06.0847 7048	SQLWriter - ok
01:23:06.0905 7048	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:23:06.0925 7048	srv - ok
01:23:06.0945 7048	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:23:06.0966 7048	srv2 - ok
01:23:06.0978 7048	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:23:06.0997 7048	srvnet - ok
01:23:07.0021 7048	ssadbus         (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
01:23:07.0040 7048	ssadbus - ok
01:23:07.0053 7048	ssadmdfl        (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
01:23:07.0071 7048	ssadmdfl - ok
01:23:07.0093 7048	ssadmdm         (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
01:23:07.0113 7048	ssadmdm - ok
01:23:07.0138 7048	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:23:07.0177 7048	SSDPSRV - ok
01:23:07.0199 7048	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:23:07.0238 7048	SstpSvc - ok
01:23:07.0254 7048	Steam Client Service - ok
01:23:07.0267 7048	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:23:07.0284 7048	stexstor - ok
01:23:07.0323 7048	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:23:07.0351 7048	stisvc - ok
01:23:07.0371 7048	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:23:07.0387 7048	storflt - ok
01:23:07.0404 7048	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:23:07.0420 7048	storvsc - ok
01:23:07.0433 7048	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:23:07.0449 7048	swenum - ok
01:23:07.0504 7048	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:23:07.0517 7048	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
01:23:07.0517 7048	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
01:23:07.0551 7048	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:23:07.0592 7048	swprv - ok
01:23:07.0599 7048	Synth3dVsc - ok
01:23:07.0696 7048	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:23:07.0734 7048	SysMain - ok
01:23:07.0767 7048	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:23:07.0790 7048	TabletInputService - ok
01:23:07.0821 7048	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:23:07.0860 7048	TapiSrv - ok
01:23:07.0874 7048	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:23:07.0911 7048	TBS - ok
01:23:07.0985 7048	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:23:08.0024 7048	Tcpip - ok
01:23:08.0128 7048	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:23:08.0166 7048	TCPIP6 - ok
01:23:08.0212 7048	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:23:08.0247 7048	tcpipreg - ok
01:23:08.0272 7048	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:23:08.0289 7048	TDPIPE - ok
01:23:08.0318 7048	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:23:08.0335 7048	TDTCP - ok
01:23:08.0376 7048	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:23:08.0414 7048	tdx - ok
01:23:08.0422 7048	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:23:08.0439 7048	TermDD - ok
01:23:08.0477 7048	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:23:08.0518 7048	TermService - ok
01:23:08.0542 7048	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
01:23:08.0557 7048	TFsExDisk - ok
01:23:08.0570 7048	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:23:08.0593 7048	Themes - ok
01:23:08.0624 7048	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:23:08.0661 7048	THREADORDER - ok
01:23:08.0681 7048	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:23:08.0719 7048	TrkWks - ok
01:23:08.0736 7048	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:23:08.0771 7048	TrustedInstaller - ok
01:23:08.0811 7048	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:23:08.0845 7048	tssecsrv - ok
01:23:08.0868 7048	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:23:08.0885 7048	TsUsbFlt - ok
01:23:08.0892 7048	tsusbhub - ok
01:23:09.0017 7048	TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
01:23:09.0055 7048	TuneUp.UtilitiesSvc - ok
01:23:09.0075 7048	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
01:23:09.0089 7048	TuneUpUtilitiesDrv - ok
01:23:09.0124 7048	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:23:09.0159 7048	tunnel - ok
01:23:09.0179 7048	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:23:09.0195 7048	uagp35 - ok
01:23:09.0227 7048	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:23:09.0264 7048	udfs - ok
01:23:09.0290 7048	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:23:09.0310 7048	UI0Detect - ok
01:23:09.0328 7048	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:23:09.0345 7048	uliagpkx - ok
01:23:09.0369 7048	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:23:09.0387 7048	umbus - ok
01:23:09.0403 7048	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:23:09.0421 7048	UmPass - ok
01:23:09.0451 7048	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:23:09.0472 7048	UmRdpService - ok
01:23:09.0507 7048	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:23:09.0546 7048	upnphost - ok
01:23:09.0569 7048	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:23:09.0587 7048	usbccgp - ok
01:23:09.0625 7048	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:23:09.0645 7048	usbcir - ok
01:23:09.0662 7048	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:23:09.0680 7048	usbehci - ok
01:23:09.0698 7048	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:23:09.0718 7048	usbhub - ok
01:23:09.0742 7048	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:23:09.0760 7048	usbohci - ok
01:23:09.0773 7048	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:23:09.0795 7048	usbprint - ok
01:23:09.0819 7048	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:23:09.0839 7048	usbscan - ok
01:23:09.0865 7048	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:09.0882 7048	USBSTOR - ok
01:23:09.0910 7048	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
01:23:09.0926 7048	usbuhci - ok
01:23:09.0950 7048	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:23:09.0986 7048	UxSms - ok
01:23:10.0007 7048	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:10.0026 7048	VaultSvc - ok
01:23:10.0051 7048	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
01:23:10.0066 7048	VClone - ok
01:23:10.0074 7048	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:23:10.0090 7048	vdrvroot - ok
01:23:10.0134 7048	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:23:10.0174 7048	vds - ok
01:23:10.0186 7048	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:23:10.0205 7048	vga - ok
01:23:10.0218 7048	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:23:10.0253 7048	VgaSave - ok
01:23:10.0260 7048	VGPU - ok
01:23:10.0295 7048	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:23:10.0313 7048	vhdmp - ok
01:23:10.0337 7048	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:23:10.0353 7048	viaide - ok
01:23:10.0367 7048	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:23:10.0385 7048	vmbus - ok
01:23:10.0403 7048	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:23:10.0420 7048	VMBusHID - ok
01:23:10.0431 7048	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:23:10.0447 7048	volmgr - ok
01:23:10.0481 7048	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:23:10.0501 7048	volmgrx - ok
01:23:10.0518 7048	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:23:10.0537 7048	volsnap - ok
01:23:10.0759 7048	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:23:10.0778 7048	vsmraid - ok
01:23:10.0901 7048	VSPerfDrv100    (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
01:23:10.0915 7048	VSPerfDrv100 - ok
01:23:10.0987 7048	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:23:11.0036 7048	VSS - ok
01:23:11.0129 7048	vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
01:23:11.0154 7048	vToolbarUpdater11.2.0 - ok
01:23:11.0233 7048	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:23:11.0252 7048	vwifibus - ok
01:23:11.0292 7048	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:23:11.0330 7048	W32Time - ok
01:23:11.0350 7048	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:23:11.0369 7048	WacomPen - ok
01:23:11.0386 7048	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:11.0420 7048	WANARP - ok
01:23:11.0427 7048	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:11.0461 7048	Wanarpv6 - ok
01:23:11.0535 7048	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:23:11.0566 7048	wbengine - ok
01:23:11.0610 7048	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:23:11.0635 7048	WbioSrvc - ok
01:23:11.0659 7048	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:23:11.0684 7048	wcncsvc - ok
01:23:11.0697 7048	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:23:11.0729 7048	WcsPlugInService - ok
01:23:11.0754 7048	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:23:11.0770 7048	Wd - ok
01:23:11.0808 7048	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:23:11.0831 7048	Wdf01000 - ok
01:23:11.0854 7048	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:11.0878 7048	WdiServiceHost - ok
01:23:11.0885 7048	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:11.0909 7048	WdiSystemHost - ok
01:23:11.0939 7048	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:23:11.0964 7048	WebClient - ok
01:23:11.0996 7048	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:23:12.0034 7048	Wecsvc - ok
01:23:12.0057 7048	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:23:12.0095 7048	wercplsupport - ok
01:23:12.0117 7048	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:23:12.0157 7048	WerSvc - ok
01:23:12.0173 7048	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:23:12.0209 7048	WfpLwf - ok
01:23:12.0228 7048	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:23:12.0244 7048	WIMMount - ok
01:23:12.0252 7048	WinDefend - ok
01:23:12.0272 7048	WinHttpAutoProxySvc - ok
01:23:12.0341 7048	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:23:12.0378 7048	Winmgmt - ok
01:23:12.0473 7048	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:23:12.0526 7048	WinRM - ok
01:23:12.0607 7048	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:23:12.0627 7048	WinUsb - ok
01:23:12.0683 7048	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:23:12.0713 7048	Wlansvc - ok
01:23:12.0731 7048	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:23:12.0748 7048	WmiAcpi - ok
01:23:12.0787 7048	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:23:12.0807 7048	wmiApSrv - ok
01:23:12.0820 7048	WMPNetworkSvc - ok
01:23:12.0837 7048	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:23:12.0857 7048	WPCSvc - ok
01:23:12.0882 7048	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:23:12.0903 7048	WPDBusEnum - ok
01:23:12.0938 7048	WPFFontCache_v0400 - ok
01:23:12.0957 7048	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:23:12.0994 7048	ws2ifsl - ok
01:23:13.0017 7048	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
01:23:13.0041 7048	wscsvc - ok
01:23:13.0049 7048	WSearch - ok
01:23:13.0177 7048	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:23:13.0223 7048	wuauserv - ok
01:23:13.0283 7048	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:23:13.0318 7048	WudfPf - ok
01:23:13.0344 7048	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:23:13.0380 7048	WUDFRd - ok
01:23:13.0393 7048	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:23:13.0430 7048	wudfsvc - ok
01:23:13.0455 7048	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:23:13.0479 7048	WwanSvc - ok
01:23:13.0528 7048	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
01:23:13.0561 7048	yukonw7 - ok
01:23:13.0575 7048	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:23:13.0825 7048	\Device\Harddisk0\DR0 - ok
01:23:14.0386 7048	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
01:23:14.0454 7048	\Device\Harddisk1\DR1 - ok
01:23:14.0456 7048	Boot (0x1200)   (8b5a34ebe9d99b0c4d314aef9413df4c) \Device\Harddisk0\DR0\Partition0
01:23:14.0457 7048	\Device\Harddisk0\DR0\Partition0 - ok
01:23:14.0463 7048	Boot (0x1200)   (b8cc99e2a928b98ad2ba0031f6ac398c) \Device\Harddisk0\DR0\Partition1
01:23:14.0464 7048	\Device\Harddisk0\DR0\Partition1 - ok
01:23:14.0472 7048	Boot (0x1200)   (afe4928df62ef707e48aeda5e3b390f2) \Device\Harddisk0\DR0\Partition2
01:23:14.0474 7048	\Device\Harddisk0\DR0\Partition2 - ok
01:23:14.0489 7048	Boot (0x1200)   (adce4d9f1b2212db9cac9c1a3c5c6309) \Device\Harddisk0\DR0\Partition3
01:23:14.0490 7048	\Device\Harddisk0\DR0\Partition3 - ok
01:23:14.0492 7048	Boot (0x1200)   (ab8649a553ec7da82db52ad79994770a) \Device\Harddisk1\DR1\Partition0
01:23:14.0493 7048	\Device\Harddisk1\DR1\Partition0 - ok
01:23:14.0494 7048	============================================================
01:23:14.0494 7048	Scan finished
01:23:14.0494 7048	============================================================
01:23:14.0500 2696	Detected object count: 2
01:23:14.0500 2696	Actual detected object count: 2
01:24:12.0431 2696	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:24:12.0431 2696	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:24:12.0433 2696	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
01:24:12.0433 2696	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:24:14.0572 0236	Deinitialize success

nach dem ich wieder zu hause war und den rechner angeschaltet habe wurde vom system aus ScanDisk ausgeführt.
-schwarzer Screen
-ScanDisk Fortschritt wurde angezeigt
-danach hat der Rechner ganz normal wieder hochgefahren

wo finde ich die Logs von diesem Scan?
Damit ich den posten kann falls er relevant ist.

t'john · 24.07.2012, 00:47

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Seraphim137 · 24.07.2012, 11:43

so hier is es.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.07.2012 12:14:19 - Run 5
OTL by OldTimer - Version 3.2.54.1     Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,47% Memory free
8,00 Gb Paging File | 5,78 Gb Available in Paging File | 72,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 18,70 Gb Free Space | 19,17% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive E: | 1006,64 Gb Total Space | 941,92 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 191,33 Gb Free Space | 20,54% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- d:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 75 1C AA 2E 96 CA 01  [binary data]
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.31 00:47:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 20:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 20:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.09.22 17:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:35:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
 
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.19 10:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions
[2012.07.15 22:34:06 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2012.04.26 22:12:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.04.11 16:58:54 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\4f8550d2151bf@4f8550d2151c1.info
[2010.04.03 21:35:58 | 000,002,055 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\daemon-search.xml
[2012.07.22 23:25:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-1.xml
[2010.10.31 13:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-2.xml
[2010.12.11 21:33:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-3.xml
[2011.01.09 21:05:19 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-4.xml
[2011.03.05 18:26:32 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-5.xml
[2011.03.25 08:46:28 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-6.xml
[2011.04.16 11:50:18 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-7.xml
[2011.06.11 00:31:16 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-8.xml
[2011.06.24 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin.xml
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.24 00:56:08 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.19 05:58:00 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\mozilla firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010.09.25 11:51:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.06.06 07:05:45 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2011.04.16 12:07:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012.05.24 22:38:37 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI
[2012.07.18 16:35:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.10.11 20:48:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 20:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:48:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:48:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:48:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:48:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin:  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.01.31 01:33:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-18..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3969835353-475460927-3880056956-1000..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe ( )
O4 - HKU\S-1-5-21-3969835353-475460927-3880056956-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 23:14:28 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- E:\Eigene Dateien\Desktop\TDSSKiller.exe
[2012.07.19 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.19 22:03:24 | 002,322,184 | ---- | C] (ESET) -- E:\Eigene Dateien\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 10:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.07.19 10:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.19 10:41:10 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Anti-Malware
[2012.07.19 10:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.18 14:07:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\otl stand 1405
[2012.07.18 13:52:26 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Otl stand vor  1350
[2012.07.17 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 20:54:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 20:35:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.17 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.06 23:02:33 | 000,000,000 | ---D | C] -- C:\tmp
[2012.07.02 16:48:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Eigene G700-Profile
[2012.07.02 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logishrd
[2012.07.02 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.07.02 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012.07.02 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.07.02 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Logishrd
[2012.06.27 03:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.06.27 03:41:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.06.27 03:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2012.06.27 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.06.27 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ABBYY
[2012.06.27 00:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.06.27 00:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11
[2012.06.25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\COMODO
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 12:02:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.22 18:56:46 | 000,133,241 | ---- | M] () -- E:\Eigene Dateien\Desktop\TDSSKiller.2.7.46.0_20.07.2012_23.15.03_log-2.rar
[2012.07.22 18:43:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 18:43:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 18:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 18:38:13 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.21 01:24:07 | 000,129,946 | ---- | M] () -- E:\Eigene Dateien\Desktop\1234567.PNG
[2012.07.21 00:57:45 | 000,567,820 | ---- | M] () -- E:\Eigene Dateien\Desktop\12345.PNG
[2012.07.21 00:56:45 | 000,148,908 | ---- | M] () -- E:\Eigene Dateien\Desktop\1.PNG
[2012.07.21 00:55:47 | 000,455,273 | ---- | M] () -- E:\Eigene Dateien\Desktop\12.PNG
[2012.07.21 00:54:53 | 000,597,179 | ---- | M] () -- E:\Eigene Dateien\Desktop\123456.PNG
[2012.07.21 00:53:16 | 000,114,678 | ---- | M] () -- E:\Eigene Dateien\Desktop\1234.PNG
[2012.07.21 00:52:47 | 000,126,335 | ---- | M] () -- E:\Eigene Dateien\Desktop\123.PNG
[2012.07.20 15:11:48 | 001,808,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.20 15:11:48 | 000,765,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.20 15:11:48 | 000,721,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.20 15:11:48 | 000,174,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.20 15:11:48 | 000,147,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.20 09:31:35 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.07.19 22:03:26 | 002,322,184 | ---- | M] (ESET) -- E:\Eigene Dateien\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 10:41:26 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.18 16:49:11 | 000,624,883 | ---- | M] () -- E:\Eigene Dateien\Desktop\adwcleaner.exe
[2012.07.18 15:34:22 | 000,013,149 | ---- | M] () -- E:\Eigene Dateien\Desktop\hijackthis2
[2012.07.18 13:03:11 | 000,115,735 | ---- | M] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG
[2012.07.17 20:42:00 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:12:57 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- E:\Eigene Dateien\Desktop\TDSSKiller.exe
[2012.07.16 17:46:11 | 000,010,545 | ---- | M] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.12 07:27:14 | 004,991,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.05 14:07:13 | 000,522,059 | ---- | M] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:56 | 000,392,357 | ---- | M] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:57 | 000,033,242 | ---- | M] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:39 | 000,081,278 | ---- | M] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 19:29:54 | 000,002,727 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | M] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
 
========== Files Created - No Company Name ==========
 
[2012.07.22 18:57:05 | 000,133,241 | ---- | C] () -- E:\Eigene Dateien\Desktop\TDSSKiller.2.7.46.0_20.07.2012_23.15.03_log-2.rar
[2012.07.21 01:24:07 | 000,129,946 | ---- | C] () -- E:\Eigene Dateien\Desktop\1234567.PNG
[2012.07.21 00:57:45 | 000,567,820 | ---- | C] () -- E:\Eigene Dateien\Desktop\12345.PNG
[2012.07.21 00:56:45 | 000,148,908 | ---- | C] () -- E:\Eigene Dateien\Desktop\1.PNG
[2012.07.21 00:55:46 | 000,455,273 | ---- | C] () -- E:\Eigene Dateien\Desktop\12.PNG
[2012.07.21 00:54:53 | 000,597,179 | ---- | C] () -- E:\Eigene Dateien\Desktop\123456.PNG
[2012.07.21 00:53:16 | 000,114,678 | ---- | C] () -- E:\Eigene Dateien\Desktop\1234.PNG
[2012.07.21 00:52:47 | 000,126,335 | ---- | C] () -- E:\Eigene Dateien\Desktop\123.PNG
[2012.07.19 10:41:25 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.18 16:49:10 | 000,624,883 | ---- | C] () -- E:\Eigene Dateien\Desktop\adwcleaner.exe
[2012.07.18 15:34:22 | 000,013,149 | ---- | C] () -- E:\Eigene Dateien\Desktop\hijackthis2
[2012.07.18 13:03:11 | 000,115,735 | ---- | C] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG
[2012.07.17 20:42:00 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:12:56 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 17:46:10 | 000,010,545 | ---- | C] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.05 14:07:12 | 000,522,059 | ---- | C] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:55 | 000,392,357 | ---- | C] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:51 | 000,033,242 | ---- | C] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:34 | 000,081,278 | ---- | C] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.06.27 19:29:54 | 000,002,727 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | C] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
[2011.12.21 20:00:48 | 000,001,044 | ---- | C] () -- C:\Users\Andreas\SciTE.session
[2011.11.27 21:39:21 | 086,933,066 | ---- | C] () -- C:\Users\Andreas\stricheSymetrisch.xcf
[2011.11.20 17:04:58 | 049,994,484 | ---- | C] () -- C:\Users\Andreas\Kreis6Abstract.xcf
[2011.07.24 17:40:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\SuhfhvvMxq455337.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\ShvwxduvMxq455337.dat
[2011.03.28 15:52:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.06 15:22:46 | 000,001,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.02.05 02:41:03 | 000,000,132 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.31 21:51:25 | 000,000,062 | ---- | C] () -- C:\Windows\Contribute.INI
[2011.01.16 17:29:49 | 000,000,938 | ---- | C] () -- C:\Windows\page.ini
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.28 20:39:33 | 000,019,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\WebpageIcons.db
[2010.09.28 20:09:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.09.28 20:09:38 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.09.28 20:09:38 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.08.10 02:29:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.03.10 10:39:38 | 000,007,597 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.01.21 14:13:11 | 000,217,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon
[2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor
[2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games
[2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder
[2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation
[2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer
[2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro
[2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre
[2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design
[2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro
[2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON
[2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla
[2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn
[2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media
[2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder
[2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy
[2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball
[2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++
[2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu
[2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC
[2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder
[2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite
[2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player
[2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool
[2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd
[2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de
[2012.01.10 21:56:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon
[2011.02.06 15:37:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2011.10.07 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ahead
[2010.06.28 11:25:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer
[2010.01.16 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ATI
[2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor
[2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games
[2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder
[2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation
[2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer
[2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro
[2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre
[2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design
[2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro
[2010.05.25 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DivX
[2012.06.05 01:19:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVD Flick
[2012.06.20 06:54:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\dvdcss
[2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON
[2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla
[2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2010.01.15 23:41:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities
[2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn
[2010.01.22 03:52:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\InstallShield
[2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media
[2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2012.07.02 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logishrd
[2012.07.02 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logitech
[2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder
[2010.01.15 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia
[2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy
[2012.07.17 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs
[2012.06.22 02:46:17 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft
[2011.03.05 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft Corporation
[2010.01.16 00:08:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla
[2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball
[2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++
[2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu
[2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC
[2011.02.17 08:55:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RealWorld
[2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder
[2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.01.19 16:12:12 | 000,000,000 | RH-D | M] -- C:\Users\Andreas\AppData\Roaming\SecuROM
[2011.09.05 01:17:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype
[2011.07.26 16:40:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM
[2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite
[2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player
[2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool
[2012.07.11 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\vlc
[2011.02.28 03:54:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Winamp
[2010.01.16 07:06:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WinRAR
[2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd
[2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de
[2010.08.10 02:28:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.05.11 02:01:36 | 000,272,384 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2011.01.31 00:41:19 | 000,010,134 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2011.10.23 17:06:49 | 000,088,102 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{0507A8FD-AA20-7691-C2AA-CDE6B5182675}\ARPPRODUCTICON.exe
[2011.02.17 08:55:29 | 000,124,902 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe
[2011.02.17 08:55:29 | 000,009,062 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe
[2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe
[2011.02.17 08:55:29 | 000,124,902 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe
[2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe
[2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe
[2010.02.01 03:25:53 | 000,010,134 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.04.13 15:48:33 | 000,188,152 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\FlashGot.exe
[2010.11.09 05:12:22 | 000,266,552 | ---- | M] (ml) -- C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

t'john · 25.07.2012, 00:19

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () 
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "" 
FF - prefs.js..browser.search.defaultthis.engineName: "" 
FF - prefs.js..browser.search.defaulturl: "" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found 
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found 
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. 
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. 
O4 - HKU\.DEFAULT..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found 
O4 - HKU\S-1-5-18..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
MsConfig:64bit - State: "services" - Reg Error: Key error. 
MsConfig:64bit - State: "startup" - Reg Error: Key error. 
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () 
 
:Files

C:\Windows\SysWow64\ff_vfw.dll

C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Seraphim137 · 25.07.2012, 10:46

heute um 11:45 durchgefürht:

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named Program Files was found!
Service vToolbarUpdater11.2.0 stopped successfully!
Service vToolbarUpdater11.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Steam not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS deleted successfully.
C:\Windows\SysWOW64\ff_vfw.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysWow64\ff_vfw.dll not found.
C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe moved successfully.
C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
E:\Eigene Dateien\Desktop\cmd.bat deleted successfully.
E:\Eigene Dateien\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andreas
->Temp folder emptied: 2670033 bytes
->Temporary Internet Files folder emptied: 2773777 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130014702 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4941 bytes
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10291478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66617 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 139,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andreas
->Flash cache emptied: 0 bytes
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 07252012_113941

Files\Folders moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

gibt es einen grund meinen Flashplayer zu löschen?

t'john · 31.07.2012, 16:13

Zitat:

gibt es einen grund meinen Flashplayer zu löschen?

Ja, kannst du neu installieren.

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

t'john · 21.08.2012, 03:39

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf

Log-Analyse und Auswertung: Battle.net-Acc wurde gehackt nach Echtgeldeinkauf