| |
| |||||||
Log-Analyse und Auswertung: windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
19.07.2012, 23:51
| #1 |
| |  windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen hallo, auch mich hat wohl der gvu-trojaner erwischt. nun habe ich einen vollständigen systemcheck mit " Malwarebytes Anti-Malware " gemacht und dieser hat auch was gefunden, hier die log-datei: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.10 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 S****u**M**** :: FBI [Administrator] 19.07.2012 17:26:41 mbam-log-2012-07-19 (18-51-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 615341 Laufzeit: 1 Stunde(n), 22 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\Users\S****u**M****\AppData\Local\Temp\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\AppData\Roaming\Microsoft\Windows\Templates\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_bus-simulator-2012.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_bus-simulator-2012_32bitVersion.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_cinebench.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_editra.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_freepdf.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_totaledit.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_worm-wars.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\Downloads\advent\Havij 1.15 Free.exe (PUP.HackTool.Havis) -> Keine Aktion durchgeführt. C:\Users\S****u**M****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter C:\Users\S****u**M****\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
ich habe bisher noch nichts gemacht, ausser das programm durchlaufen zu lassen. schonmal im voraus, vielen dank! |
|
20.07.2012, 17:07
| #2 |
| /// Malware-holic   |  windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen hi, mach doch einfach *** anstelle so viele nutzlose zeichen :-)
__________________lösche die funde mit malwarebytes. danach: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
21.07.2012, 00:09
| #3 |
| | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen danke für diese schnelle antwort.
__________________haben nun einen scan mit OTL gemacht. hier das ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 23:51:37 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 3,08 Gb Available Physical Memory | 83,73% Memory free 7,36 Gb Paging File | 6,79 Gb Available in Paging File | 92,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 163,00 Gb Free Space | 36,01% Space Free | Partition Type: NTFS Computer Name: FBI | User Name: ***** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation) SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation) SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (SystemExplorerHelpService) -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (Mister Group) SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MatSvc) -- C:\Programme\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys File not found DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (DiskSec) -- C:\Windows\SysNative\drivers\disksec.sys (MAGIX) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (VirtualDisk_U) -- C:\Windows\SysNative\drivers\virtualdisk_u.sys (MAGIX) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\*****\Downloads\spiele\arma2__operation_arrowhead IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={EABDF0B7-1E39-4B8C-B800-94365A76A6DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "_blank" FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=417&sr=0&q=" FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.11 23:38:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 05:12:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.16 21:25:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.16 21:25:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.16 21:25:51 | 000,000,000 | ---D | M] [2012.02.07 23:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.07.16 15:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions [2011.11.25 04:50:15 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012.07.10 03:47:44 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c} [2012.07.01 00:08:28 | 000,000,000 | ---D | M] (PrivacySuite) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\abine@abine.com [2012.02.17 23:20:45 | 000,000,000 | ---D | M] (BYTubeD - Bulk (Batch) YouTube video Downloader) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\bytubed@cs213.cse.iitk.ac.in [2011.07.07 14:37:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.05.19 01:41:58 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.07.04 14:01:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\firefox@ghostery.com [2012.05.22 01:42:11 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\foxyproxy@eric.h.jung [2012.05.22 02:04:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\foxyproxy-basic@eric.h.jung [2012.05.17 01:41:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\ich@maltegoetz.de [2011.10.08 04:40:11 | 000,002,503 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\dxdj0dd9.default\searchplugins\SearchResults.xml [2012.05.09 13:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.09 13:59:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2011.11.09 13:58:54 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI [2012.02.25 03:08:01 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI [2011.07.09 06:11:00 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012.01.24 03:46:07 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012.07.14 14:45:07 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.09.10 01:54:23 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2012.05.02 14:11:44 | 000,216,913 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI [2011.11.14 05:35:08 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.06.23 05:12:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.12 11:47:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.23 05:12:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.11 13:53:01 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.23 05:12:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 05:12:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 05:12:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 04:40:11 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.06.23 05:12:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 05:12:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: Web Developer = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Virtual Piano Black = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo\4_0\ CHR - Extension: FlashBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\ CHR - Extension: Disconnect = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.5.6_0\ CHR - Extension: Little Alchemy = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\ CHR - Extension: Zombie Pandemic = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\ CHR - Extension: Ghostery = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.02.07 23:04:27 | 000,441,186 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15163 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = x-akten O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D9C0F4-981B-434E-AF2D-271C857BFB60}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0dd7cd71-6238-11e0-9a29-1c7508345b36}\Shell - "" = AutoRun O33 - MountPoints2\{0dd7cd71-6238-11e0-9a29-1c7508345b36}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{4ce1b4f3-dd85-11e0-93d8-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{4ce1b4f3-dd85-11e0-93d8-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4ce1b51a-dd85-11e0-93d8-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{4ce1b51a-dd85-11e0-93d8-18f46a74b161}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{853f01b0-af20-11e0-8c04-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{853f01b0-af20-11e0-8c04-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{853f01d8-af20-11e0-8c04-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{853f01d8-af20-11e0-8c04-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d0b0ed4b-4200-11e0-9568-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{d0b0ed4b-4200-11e0-9568-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d0b0ed6b-4200-11e0-9568-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{d0b0ed6b-4200-11e0-9568-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d36e7c13-42b2-11e0-bbc9-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{d36e7c13-42b2-11e0-bbc9-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d36e7c16-42b2-11e0-bbc9-18f46a74b161}\Shell - "" = AutoRun O33 - MountPoints2\{d36e7c16-42b2-11e0-bbc9-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{fb70e86f-b646-11e1-aa58-1c7508345b36}\Shell - "" = AutoRun O33 - MountPoints2\{fb70e86f-b646-11e1-aa58-1c7508345b36}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3BA17561-E6A1-7D59-BE48-7F547EA398AF} - Internet Explorer ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4CABB4C4-F982-C1B2-31DB-CB8AE54CACD6} - Microsoft Windows Media Player 12.0 ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8E82367E-E8F2-550A-CDF2-506C7411EF42} - Browser Customizations ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - C:\PROGRA~2\ALDITA~1\ALDITA~2.EXE - () MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - File not found MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: UVS11 Preload - hkey= - key= - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 23:19:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.07.19 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\maleware_logs [2012.07.19 16:17:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.07.19 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.19 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.19 16:17:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.19 16:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.19 16:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.07.19 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\rettung [2012.07.16 21:11:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TS3Client [2012.07.16 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.07.16 21:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2012.07.16 01:06:14 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\dayz_medien [2012.07.14 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\eimkommenssteuer2011 [2012.07.13 23:19:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\DayZ-1.7.2 [2012.07.13 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\backup [2012.07.13 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ArmA 2 OA [2012.07.13 19:58:29 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\ArmA 2 [2012.07.13 18:29:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.07.13 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SIX_Projects [2012.07.13 06:50:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\ArmA 2 Other Profiles [2012.07.13 06:00:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\six-updater [2012.07.13 06:00:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\six-zsync [2012.07.13 05:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects [2012.07.13 05:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects [2012.07.13 05:57:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Downloaded Installations [2012.07.13 05:06:22 | 000,000,000 | RH-D | C] -- C:\Users\*****\AppData\Roaming\SecuROM [2012.07.13 04:46:46 | 000,000,000 | ---D | C] -- C:\extrahierte_installationsdateien [2012.07.13 00:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.07.12 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ArmA 2 Free [2012.07.12 00:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2012.07.12 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.07.11 05:14:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SniperV2 [2012.07.11 05:12:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SKIDROW [2012.07.11 01:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012.07.11 01:39:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\uTorrent [2012.07.10 01:36:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\pixelio_de [2012.07.09 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\ps_vergleich [2012.07.08 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Adobe [2012.07.08 17:04:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.08 16:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.07.08 16:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.07.08 16:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.07.08 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Adobe Photoshop CS6 [2012.07.08 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.06 23:36:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\My Cheat Tables [2012.07.06 23:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1 [2012.07.06 23:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.1 [2012.07.04 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\odgb201d_entpackt [2012.07.04 03:35:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\fontconfig [2012.07.04 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\gegl-0.2 [2012.07.04 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\*****\.gimp-2.8 [2012.07.04 03:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.07.02 01:12:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PunkBuster [2012.07.01 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Battlefield Play4Free [2012.07.01 20:46:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games [2012.07.01 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2012.06.25 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Pokki [2012.06.25 05:26:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Need for Speed World [2012.06.25 04:26:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Need for Speed World [2012.06.25 04:01:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Electronic_Arts_Inc [2012.06.25 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers [2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony [2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012.06.25 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony [2012.06.24 23:04:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\simplitec [2012.06.24 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec [2012.06.24 03:50:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Corel VideoStudio Pro [2012.06.24 03:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.06.24 03:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2012.06.23 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft [2012.06.22 01:50:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\sonstiges [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.20 23:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 23:45:07 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012.07.19 23:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.07.19 16:11:09 | 001,809,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.19 16:11:09 | 000,774,070 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.19 16:11:09 | 000,716,458 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.19 16:11:09 | 000,175,718 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.19 16:11:09 | 000,143,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.18 23:19:06 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MAGIX Autobackup Tray - MAGIX AG.job [2012.07.18 23:17:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.18 23:15:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad [2012.07.18 22:42:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.18 20:44:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.07.18 20:44:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012.07.18 19:56:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.18 19:56:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.18 03:51:43 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.07.17 04:52:00 | 000,051,636 | ---- | M] () -- C:\Users\*****\Desktop\484463_10150967502059584_1119167114_n.jpg [2012.07.16 21:10:18 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.07.15 15:40:50 | 000,269,857 | ---- | M] () -- C:\Users\*****\Desktop\strafanzeige_esm_06jul2012open1.pdf [2012.07.14 22:55:42 | 000,063,010 | ---- | M] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010 [2012.07.13 23:17:51 | 000,012,055 | ---- | M] () -- C:\Users\*****\Desktop\latest.torrent [2012.07.11 21:43:46 | 005,073,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.10 23:20:38 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk [2012.07.10 22:05:37 | 000,061,298 | ---- | M] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010_Backup [2012.07.10 12:30:13 | 000,005,401 | ---- | M] () -- C:\Users\*****\Desktop\profilbutton_skaliert1.png [2012.07.08 18:07:20 | 000,001,456 | ---- | M] () -- C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.07.08 17:27:44 | 000,007,598 | ---- | M] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2012.07.08 16:35:56 | 000,001,079 | ---- | M] () -- C:\Users\*****\Desktop\Adobe Photoshop CS6 (64 Bit).lnk [2012.07.08 15:19:37 | 000,020,649 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2012.07.04 14:50:47 | 000,100,781 | ---- | M] () -- C:\Users\*****\Desktop\plug201d.zip [2012.07.04 14:50:44 | 002,328,395 | ---- | M] () -- C:\Users\*****\Desktop\odbg201d.zip [2012.07.04 01:41:48 | 000,001,664 | ---- | M] () -- C:\Users\*****\Desktop\Need for Speed World - Verknüpfung.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 01:13:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.02 01:13:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.01 20:46:29 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.25 04:00:24 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.18 23:13:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad [2012.07.17 04:52:05 | 000,051,636 | ---- | C] () -- C:\Users\*****\Desktop\484463_10150967502059584_1119167114_n.jpg [2012.07.16 21:10:18 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.07.15 15:40:58 | 000,269,857 | ---- | C] () -- C:\Users\*****\Desktop\strafanzeige_esm_06jul2012open1.pdf [2012.07.13 23:17:54 | 000,012,055 | ---- | C] () -- C:\Users\*****\Desktop\latest.torrent [2012.07.13 05:58:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.07.13 05:58:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012.07.10 23:20:38 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk [2012.07.10 21:43:25 | 000,063,010 | ---- | C] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010 [2012.07.10 21:43:25 | 000,061,298 | ---- | C] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010_Backup [2012.07.10 12:30:12 | 000,005,401 | ---- | C] () -- C:\Users\*****\Desktop\profilbutton_skaliert1.png [2012.07.08 18:07:20 | 000,001,456 | ---- | C] () -- C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.07.08 17:06:21 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.07.08 16:35:56 | 000,001,079 | ---- | C] () -- C:\Users\*****\Desktop\Adobe Photoshop CS6 (64 Bit).lnk [2012.07.08 16:34:19 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012.07.08 16:32:56 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012.07.08 16:32:09 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012.07.08 16:28:52 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.07.08 16:28:42 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.07.08 15:19:37 | 000,020,649 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2012.07.04 14:50:49 | 000,100,781 | ---- | C] () -- C:\Users\*****\Desktop\plug201d.zip [2012.07.04 14:00:47 | 002,328,395 | ---- | C] () -- C:\Users\*****\Desktop\odbg201d.zip [2012.07.04 03:34:58 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.07.02 01:13:30 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.01 20:46:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.01 20:46:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.28 13:21:08 | 000,001,664 | ---- | C] () -- C:\Users\*****\Desktop\Need for Speed World - Verknüpfung.lnk [2012.06.25 04:00:24 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2012.06.19 06:07:08 | 000,002,917 | ---- | C] () -- C:\Users\*****\AppData\Roaming\HP-15C.mem [2012.05.01 16:03:50 | 000,000,000 | ---- | C] () -- C:\Users\*****\assoc [2012.03.13 05:28:53 | 000,000,080 | ---- | C] () -- C:\Users\*****\AppData\Local\X-Plane Installer.prf [2012.03.04 05:26:31 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2012.02.16 02:17:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.11.19 04:56:14 | 000,004,905 | ---- | C] () -- C:\ProgramData\rugqgaaw.ekm [2011.10.20 01:28:38 | 000,000,014 | ---- | C] () -- C:\Windows\campaignsave.INI [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.09.03 04:45:48 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\MIDI Patch Names [2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer [2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MediaFolder [2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Master [2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\Mail [2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\Machines [2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.07.17 23:44:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.07.17 23:44:28 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.07.17 22:45:47 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys [2011.07.17 22:45:47 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys [2011.07.09 03:48:24 | 000,000,182 | ---- | C] () -- C:\Windows\mailpeek.INI [2011.06.22 13:26:49 | 000,000,046 | ---- | C] () -- C:\Windows\Datasaver.INI [2011.04.19 23:32:37 | 000,000,558 | ---- | C] () -- C:\Windows\my.ini [2011.03.29 05:45:46 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.03.28 01:54:19 | 000,001,099 | ---- | C] () -- C:\Users\*****\AppData\Roaming\ShiftN.ini [2011.03.17 05:08:55 | 000,001,766 | ---- | C] () -- C:\Users\*****\.lmmsrc.xml [2011.03.17 03:17:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.03.17 03:15:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.03.10 11:16:45 | 001,786,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.05 06:35:30 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol [2011.03.01 23:58:13 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.02.28 23:25:51 | 000,000,046 | ---- | C] () -- C:\Windows\SPEED.INI [2011.02.27 02:08:14 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2011.02.27 02:08:14 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2011.02.27 02:08:14 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2011.02.27 02:08:14 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2011.02.27 02:08:14 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2011.02.27 02:08:14 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2011.02.27 01:35:30 | 000,007,598 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.02.26 23:33:44 | 000,009,216 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.26 23:21:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2012.06.16 23:37:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple [2012.03.11 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AI Internet Solutions [2012.05.08 14:21:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ALDITALKVerbindungsassistent [2011.03.08 03:53:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Alien Skin [2012.03.24 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASCOMP Software [2012.03.26 00:21:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo [2012.06.23 23:40:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2012.03.17 03:39:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\avidemux [2012.04.30 03:18:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BANDISOFT [2011.09.11 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blender Foundation [2012.04.26 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2012.05.30 00:42:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChemTable Software [2011.11.11 23:55:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Cocoon Software [2011.03.10 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CocoonSoftware [2012.07.08 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.03.25 02:34:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Copernic [2012.03.25 02:24:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Datarescue [2012.01.12 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\enchant [2012.06.12 22:24:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\eSobi [2012.03.04 05:57:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Fenrir Inc [2012.07.11 02:59:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.03.13 04:50:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org [2012.03.13 04:33:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org [2012.05.04 04:50:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeScreenToVideo [2011.06.21 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2012.07.04 02:14:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2012.06.13 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn [2012.02.27 06:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit [2012.04.26 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JAM Software [2012.03.22 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JonDo [2012.05.31 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice [2012.01.21 01:38:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Likno Software [2012.03.15 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lingo4u [2012.06.25 00:48:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX [2011.09.21 16:38:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAXON [2012.03.23 01:56:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Maxthon3 [2012.06.25 04:26:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World [2011.09.03 04:44:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nikon [2012.01.24 01:12:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy [2012.04.19 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2012.03.25 05:59:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PingPlotter Freeware [2011.10.20 01:31:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst [2011.07.22 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Program Files (x86) [2011.11.19 04:55:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\psynetic-mapmaker [2012.06.25 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers [2012.01.14 01:58:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Python-Eggs [2011.06.21 23:36:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ra e Deutsche Gesetze [2012.06.24 23:04:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\simplitec [2012.07.13 18:10:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-updater [2012.07.13 06:00:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-zsync [2012.07.18 04:41:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client [2012.02.27 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SolarMax [2012.06.25 01:35:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony [2012.07.08 17:04:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.02.27 06:19:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Stellarium [2012.03.13 04:34:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion [2012.03.24 06:50:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TamoSoft [2012.01.25 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2011.07.09 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2011.03.10 11:17:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP [2012.05.03 02:19:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TrueCrypt [2012.07.17 02:31:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2012.06.25 03:34:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems [2012.01.24 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue [2012.07.13 23:25:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent [2012.02.21 21:49:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Verbindungsassistent [2012.07.02 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly [2012.04.26 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinFAQ [2012.03.23 22:56:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinPatrol [2012.02.23 01:58:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XnView [2012.07.18 23:19:06 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MAGIX Autobackup Tray - MAGIX AG.job [2012.05.31 00:03:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.25 19:23:37 | 000,000,000 | ---D | M] -- C:\!KillBox [2012.06.22 03:06:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.02.28 16:20:53 | 000,000,000 | ---D | M] -- C:\40d4c40f2880826579 [2012.02.27 15:49:12 | 000,000,000 | ---D | M] -- C:\907f9793ae1ec66b3c [2012.05.02 02:53:18 | 000,000,000 | ---D | M] -- C:\anwendungen_ohne_installation [2010.11.17 06:01:25 | 000,000,000 | ---D | M] -- C:\book [2012.05.11 13:59:36 | 000,000,000 | -H-D | M] -- C:\CanoScan [2012.03.16 04:22:06 | 000,000,000 | ---D | M] -- C:\CFLog [2011.09.21 16:36:14 | 000,000,000 | ---D | M] -- C:\cinebench__11_529 [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.07.13 04:47:34 | 000,000,000 | ---D | M] -- C:\extrahierte_installationsdateien [2012.03.05 04:10:38 | 000,000,000 | ---D | M] -- C:\Games [2012.03.12 01:25:26 | 000,000,000 | ---D | M] -- C:\inetpub [2010.11.17 05:55:04 | 000,000,000 | ---D | M] -- C:\Intel [2011.06.09 01:34:31 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData [2011.02.26 22:43:35 | 000,000,000 | -H-D | M] -- C:\OEM [2011.06.10 04:30:37 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.09 04:08:03 | 000,000,000 | ---D | M] -- C:\PMAIL [2012.06.12 22:56:00 | 000,000,000 | ---D | M] -- C:\PoW24 [2012.07.08 16:32:44 | 000,000,000 | R--D | M] -- C:\Program Files [2012.07.19 16:17:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.07.19 16:17:13 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Programme [2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.06 16:19:52 | 000,000,000 | ---D | M] -- C:\SG Interactive [2011.02.27 02:11:50 | 000,000,000 | ---D | M] -- C:\SmartSound Software [2012.04.25 02:54:22 | 000,000,000 | ---D | M] -- C:\Stranded II [2012.07.17 15:11:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.13 00:13:46 | 000,000,000 | ---D | M] -- C:\systemrettungsdisks [2011.09.20 03:54:29 | 000,000,000 | ---D | M] -- C:\tmp [2011.07.19 23:22:23 | 000,000,000 | ---D | M] -- C:\Ubisoft [2012.05.31 01:43:17 | 000,000,000 | R--D | M] -- C:\Users [2012.05.11 13:46:45 | 000,000,000 | ---D | M] -- C:\VueScan [2012.07.20 23:45:07 | 000,000,000 | ---D | M] -- C:\Windows [2011.04.20 05:36:21 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2012.02.15 00:36:34 | 000,004,608 | ---- | M] () MD5=181066E31AD20869CF049262A0DB0BC2 -- C:\Users\*****\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v049D98E1\Native\STUBEXE\@SYSTEM@\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys [2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.02.26 22:46:42 | 000,001,766 | ---- | M] () -- C:\Users\*****\.lmmsrc.xml [2012.05.01 16:03:50 | 000,000,000 | ---- | M] () -- C:\Users\*****\assoc [2012.07.21 00:28:27 | 011,796,480 | -HS- | M] () -- C:\Users\*****\ntuser.dat [2012.07.21 00:28:27 | 000,262,144 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG1 [2011.02.26 22:41:48 | 000,000,000 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG2 [2011.02.26 23:06:58 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.02.26 23:06:58 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.02.26 23:06:58 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.02.11 05:22:54 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TM.blf [2012.02.11 05:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TMContainer00000000000000000001.regtrans-ms [2012.02.11 05:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TMContainer00000000000000000002.regtrans-ms [2012.01.28 22:35:29 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TM.blf [2012.01.28 22:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TMContainer00000000000000000001.regtrans-ms [2012.01.28 22:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TMContainer00000000000000000002.regtrans-ms [2012.03.04 06:27:44 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TM.blf [2012.03.04 06:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TMContainer00000000000000000001.regtrans-ms [2012.03.04 06:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TMContainer00000000000000000002.regtrans-ms [2011.02.26 22:41:48 | 000,000,020 | -HS- | M] () -- C:\Users\*****\ntuser.ini [2012.03.02 01:33:47 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > die auswgewählten eintrage von Malwarebytes habe ich mit einem neuen durchlauf gefixt. Geändert von hilfe8545 (21.07.2012 um 00:16 Uhr) |
|
22.07.2012, 15:31
| #4 |
| | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen habe die sachen gelöscht. was muss ich jetzt noch machen? habe windows bisher nicht mehr hochgefahren um kein risiko einzugehen. |
|
24.07.2012, 19:34
| #5 |
| | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen was muss ich nun noch machen? |
|
26.07.2012, 18:21
| #6 | |
| /// Malware-holic | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen hi sorry für die wartezeit Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen |
|
27.07.2012, 02:07
| #7 |
| | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen hi, habe das jetzt gemacht. die wartezeit ist kein problem, schliesslich opfert ihr ja eure freizeit. hier der log: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-27.02 - SonjaundMicha 26.07.2012 21:29:06.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.2988 [GMT 2:00]
ausgeführt von:: c:\users\SonjaundMicha\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\FullRemove.exe
c:\programdata\master
c:\users\***\4.0
c:\windows\My.ini
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-26 bis 2012-07-26 ))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-07-26 19:40 . 2012-07-26 19:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-19 14:17 . 2012-07-19 14:17 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-07-19 14:17 . 2012-07-19 14:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 14:17 . 2012-07-19 14:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 14:17 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 14:11 . 2012-07-19 14:11 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-18 16:02 . 2012-07-26 19:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{250F6933-5490-4A1D-9261-37CBDC8DDFEA}\offreg.dll
2012-07-17 13:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{250F6933-5490-4A1D-9261-37CBDC8DDFEA}\mpengine.dll
2012-07-16 19:11 . 2012-07-17 00:31 -------- d-----w- c:\users\***\AppData\Roaming\TS3Client
2012-07-16 19:10 . 2012-07-16 19:10 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2012-07-13 18:01 . 2012-07-18 18:49 -------- d-----w- c:\users\***\AppData\Local\ArmA 2 OA
2012-07-13 14:38 . 2012-07-13 14:38 -------- d-----w- c:\users\***\AppData\Local\SIX_Projects
2012-07-13 04:00 . 2012-07-13 16:10 -------- d-----w- c:\users\***\AppData\Roaming\six-updater
2012-07-13 04:00 . 2012-07-13 04:00 -------- d-----w- c:\users\***\AppData\Roaming\six-zsync
2012-07-13 03:58 . 2012-07-13 03:58 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-13 03:57 . 2012-07-18 18:44 -------- d-----w- c:\users\***\AppData\Local\Downloaded Installations
2012-07-13 03:06 . 2012-07-13 03:06 -------- d--h--r- c:\users\***\AppData\Roaming\SecuROM
2012-07-13 02:46 . 2012-07-13 02:47 -------- d-----w- C:\extrahierte_installationsdateien
2012-07-12 22:51 . 2012-07-12 22:58 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-11 22:39 . 2012-07-11 22:39 -------- d-----w- c:\users\***\AppData\Local\ArmA 2 Free
2012-07-11 22:33 . 2012-07-13 17:42 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-07-11 22:30 . 2009-03-09 13:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2012-07-11 22:30 . 2009-03-09 13:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll
2012-07-11 22:30 . 2009-03-09 13:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2012-07-11 22:30 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2012-07-11 22:30 . 2009-03-16 12:18 521560 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-07-11 22:30 . 2009-03-16 12:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2012-07-11 22:30 . 2009-03-09 13:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-07-11 22:30 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-07-11 16:33 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:41 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:40 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 13:40 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 13:40 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 13:40 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 13:40 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 13:40 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 13:40 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 13:40 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 13:40 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 13:40 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 13:40 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 13:40 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 13:40 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 03:14 . 2012-07-11 03:17 -------- d-----w- c:\users\***\AppData\Local\SniperV2
2012-07-11 03:12 . 2012-07-11 03:12 -------- d-----w- c:\users\***\AppData\Local\SKIDROW
2012-07-10 23:40 . 2012-07-10 23:40 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-10 23:39 . 2012-07-13 21:25 -------- d-----w- c:\users\***\AppData\Roaming\uTorrent
2012-07-08 15:38 . 2012-07-08 15:38 0 ----a-w- c:\windows\SysWow64\shoCEE6.tmp
2012-07-08 15:04 . 2012-07-08 15:04 -------- d-----w- c:\users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-07-08 14:36 . 2012-07-08 14:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-08 14:32 . 2012-07-08 14:35 -------- d-----w- c:\program files\Adobe
2012-07-08 14:26 . 2012-07-08 14:35 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-08 13:52 . 2012-07-08 13:52 -------- d-----w- c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-06 21:36 . 2012-07-06 21:36 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2012-07-04 01:35 . 2012-07-04 01:35 -------- d-----w- c:\users\***\AppData\Local\fontconfig
2012-07-04 01:35 . 2012-07-08 13:19 -------- d-----w- c:\users\***\.gimp-2.8
2012-07-04 01:35 . 2012-07-04 01:35 -------- d-----w- c:\users\***\AppData\Local\gegl-0.2
2012-07-04 01:33 . 2012-07-04 01:34 -------- d-----w- c:\program files\GIMP 2
2012-07-02 01:29 . 2012-07-02 01:29 7992528 ----a-w- c:\users\***\AppData\Roaming\Microsoft\Windows\Templates\ca_setup.exe
2012-07-01 23:13 . 2012-07-01 23:13 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-01 23:12 . 2012-07-01 23:12 -------- d-----w- c:\users\***\AppData\Local\PunkBuster
2012-07-01 18:46 . 2012-07-01 23:13 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-01 18:46 . 2012-07-01 18:46 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-01 18:06 . 2012-07-01 18:06 -------- d-----w- c:\program files (x86)\EA Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 20:15 . 2012-03-11 23:26 393216 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-07-11 16:26 . 2011-03-16 22:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-21 04:19 . 2012-06-21 04:19 0 ----a-w- c:\windows\SysWow64\sho90EF.tmp
2012-06-12 16:34 . 2012-06-12 16:34 0 ----a-w- c:\windows\SysWow64\shoB7C3.tmp
2012-06-02 22:19 . 2012-06-21 10:05 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:05 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:05 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:05 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-03-20 22:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 03:30 . 2012-05-14 03:30 0 ----a-w- c:\windows\SysWow64\sho7789.tmp
2012-05-13 03:19 . 2012-05-13 03:19 0 ----a-w- c:\windows\SysWow64\sho12AE.tmp
2012-05-11 08:49 . 2012-04-06 10:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 08:49 . 2011-06-28 13:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 00:31 . 2012-03-24 18:56 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 00:31 . 2012-03-24 18:56 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 11:06 . 2012-06-14 17:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 17:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 17:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 14:11 . 2012-05-02 14:11 0 ----a-w- c:\windows\SysWow64\sho85E7.tmp
2012-05-01 05:40 . 2012-06-14 17:47 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 17:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-27 1620584]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 VirtualDisk_U;VirtualDisk driver;c:\windows\system32\drivers\virtualdisk_u.sys [2010-04-22 69152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
R3 X6va006;X6va006;c:\users\SONJAU~1\AppData\Local\Temp\0068B30.tmp [x]
R3 X6va007;X6va007;c:\users\SONJAU~1\AppData\Local\Temp\0078549.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2012-02-21 342984]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 18432]
R4 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-05-02 775128]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-10-28 24680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 02:22]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 02:22]
.
2012-07-18 c:\windows\Tasks\MAGIX Autobackup Tray - MAGIX AG.job
- c:\program files (x86)\MAGIX\Retten_Sie_Ihre_Notebook_Daten\tools\RSIND_mxcdr\MxBackupTray.exe [2010-10-08 08:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dxdj0dd9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - _blank
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=417&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\SONJAU~1\AppData\Local\Temp\0068B30.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\SONJAU~1\AppData\Local\Temp\0078549.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:77,98,74,34,f3,03,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-3043048249-594968161-3224245601-1001\Software\SecuROM\License information*]
"datasecu"=hex:cc,31,fc,10,fd,29,99,d0,2c,89,e9,ba,2b,01,d8,55,4f,62,03,54,c0,
68,2d,4e,96,25,87,a8,2e,78,bd,aa,7c,42,f2,40,5c,9b,a3,e6,d7,86,10,40,03,24,\
"rkeysecu"=hex:21,46,09,14,28,c2,25,56,eb,21,4c,53,d7,f0,69,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-27 00:56:11
ComboFix-quarantined-files.txt 2012-07-26 22:56
.
Vor Suchlauf: 27 Verzeichnis(se), 174.855.368.704 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 174.571.204.608 Bytes frei
.
- - End Of File - - E435EDA3477D029BC4D4BC9561B98C05
was muss ich noch machen? kann ich meinen pc wieder benutzen? grüße |
|
27.07.2012, 23:05
| #8 |
| /// Malware-holic | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.07.2012, 01:24
| #9 |
| | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen werde ich sofort machen. wollte nur mal loswerden: ich bin echt erstaunt, wie kompetent und kostenlos eure hilfe ist. da gibt es so sonst keinen der einen direkt und problemlösend hilft. finde ich wirklich sehr respektabel! tdss killer log: Code:
ATTFilter 02:31:32.0609 1988 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:31:32.0921 1988 ============================================================
02:31:32.0921 1988 Current date / time: 2012/07/28 02:31:32.0921
02:31:32.0921 1988 SystemInfo:
02:31:32.0921 1988
02:31:32.0921 1988 OS Version: 6.1.7601 ServicePack: 1.0
02:31:32.0921 1988 Product type: Workstation
02:31:32.0921 1988 ComputerName: FBI
02:31:32.0921 1988 UserName: ***
02:31:32.0921 1988 Windows directory: C:\Windows
02:31:32.0921 1988 System windows directory: C:\Windows
02:31:32.0921 1988 Running under WOW64
02:31:32.0921 1988 Processor architecture: Intel x64
02:31:32.0921 1988 Number of processors: 4
02:31:32.0921 1988 Page size: 0x1000
02:31:32.0921 1988 Boot type: Safe boot with network
02:31:32.0921 1988 ============================================================
02:31:33.0810 1988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:31:33.0810 1988 ============================================================
02:31:33.0810 1988 \Device\Harddisk0\DR0:
02:31:33.0810 1988 MBR partitions:
02:31:33.0810 1988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
02:31:33.0810 1988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
02:31:33.0810 1988 ============================================================
02:31:33.0842 1988 C: <-> \Device\Harddisk0\DR0\Partition1
02:31:33.0842 1988 ============================================================
02:31:33.0842 1988 Initialize success
02:31:33.0842 1988 ============================================================
02:32:18.0910 0996 ============================================================
02:32:18.0910 0996 Scan started
02:32:18.0910 0996 Mode: Manual; SigCheck; TDLFS;
02:32:18.0910 0996 ============================================================
02:32:20.0704 0996 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:32:21.0125 0996 1394ohci - ok
02:32:21.0203 0996 ACDaemon - ok
02:32:21.0281 0996 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:32:21.0297 0996 ACPI - ok
02:32:21.0359 0996 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:32:21.0437 0996 AcpiPmi - ok
02:32:21.0609 0996 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:32:21.0703 0996 AdobeARMservice - ok
02:32:21.0781 0996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:32:21.0827 0996 adp94xx - ok
02:32:21.0890 0996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:32:21.0905 0996 adpahci - ok
02:32:21.0952 0996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:32:21.0983 0996 adpu320 - ok
02:32:22.0030 0996 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:32:22.0171 0996 AeLookupSvc - ok
02:32:22.0249 0996 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:32:22.0342 0996 AFD - ok
02:32:22.0389 0996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:32:22.0405 0996 agp440 - ok
02:32:22.0514 0996 ALDITALKVerbindungsassistent_Service (73350b0f3a59c52118137ebde11c2a5d) C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
02:32:22.0592 0996 ALDITALKVerbindungsassistent_Service - ok
02:32:22.0639 0996 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:32:22.0685 0996 ALG - ok
02:32:22.0732 0996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:32:22.0748 0996 aliide - ok
02:32:22.0763 0996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:32:22.0763 0996 amdide - ok
02:32:22.0826 0996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:32:22.0888 0996 AmdK8 - ok
02:32:22.0888 0996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:32:22.0904 0996 AmdPPM - ok
02:32:22.0982 0996 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:32:22.0982 0996 amdsata - ok
02:32:23.0044 0996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:32:23.0060 0996 amdsbs - ok
02:32:23.0091 0996 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:32:23.0107 0996 amdxata - ok
02:32:23.0200 0996 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
02:32:23.0216 0996 AntiVirSchedulerService - ok
02:32:23.0278 0996 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
02:32:23.0278 0996 AntiVirService - ok
02:32:23.0356 0996 Apache2.2 (cc3d9c18128e1f53cb2c9a9219f9a517) c:\xampp\apache\bin\httpd.exe
02:32:23.0387 0996 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
02:32:23.0387 0996 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
02:32:23.0512 0996 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
02:32:23.0559 0996 AppHostSvc - ok
02:32:23.0637 0996 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:32:23.0809 0996 AppID - ok
02:32:23.0871 0996 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:32:23.0949 0996 AppIDSvc - ok
02:32:24.0027 0996 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:32:24.0089 0996 Appinfo - ok
02:32:24.0183 0996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:32:24.0183 0996 arc - ok
02:32:24.0199 0996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:32:24.0214 0996 arcsas - ok
02:32:24.0355 0996 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:32:24.0386 0996 aspnet_state - ok
02:32:24.0433 0996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:32:24.0495 0996 AsyncMac - ok
02:32:24.0557 0996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:32:24.0573 0996 atapi - ok
02:32:24.0698 0996 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:32:24.0854 0996 AudioEndpointBuilder - ok
02:32:24.0854 0996 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:32:24.0901 0996 AudioSrv - ok
02:32:24.0979 0996 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
02:32:25.0696 0996 avgntflt - ok
02:32:25.0774 0996 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
02:32:25.0774 0996 avipbb - ok
02:32:25.0805 0996 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
02:32:25.0821 0996 avkmgr - ok
02:32:25.0883 0996 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:32:25.0977 0996 AxInstSV - ok
02:32:26.0024 0996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:32:26.0086 0996 b06bdrv - ok
02:32:26.0164 0996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:32:26.0211 0996 b57nd60a - ok
02:32:26.0461 0996 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:32:26.0585 0996 BCM43XX - ok
02:32:26.0710 0996 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:32:26.0741 0996 BDESVC - ok
02:32:26.0819 0996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:32:26.0882 0996 Beep - ok
02:32:26.0991 0996 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:32:27.0053 0996 BFE - ok
02:32:27.0131 0996 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:32:27.0443 0996 BITS - ok
02:32:27.0521 0996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:32:27.0553 0996 blbdrive - ok
02:32:27.0599 0996 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:32:27.0662 0996 bowser - ok
02:32:27.0677 0996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:32:27.0740 0996 BrFiltLo - ok
02:32:27.0755 0996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:32:27.0787 0996 BrFiltUp - ok
02:32:27.0865 0996 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:32:27.0911 0996 BridgeMP - ok
02:32:28.0005 0996 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:32:28.0052 0996 Browser - ok
02:32:28.0099 0996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:32:28.0161 0996 Brserid - ok
02:32:28.0161 0996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:32:28.0192 0996 BrSerWdm - ok
02:32:28.0208 0996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:32:28.0239 0996 BrUsbMdm - ok
02:32:28.0239 0996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:32:28.0270 0996 BrUsbSer - ok
02:32:28.0286 0996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:32:28.0317 0996 BTHMODEM - ok
02:32:28.0379 0996 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:32:28.0426 0996 bthserv - ok
02:32:28.0504 0996 Capture Device Service - ok
02:32:28.0535 0996 catchme - ok
02:32:28.0567 0996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:32:28.0629 0996 cdfs - ok
02:32:28.0707 0996 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:32:28.0738 0996 cdrom - ok
02:32:28.0801 0996 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:32:28.0863 0996 CertPropSvc - ok
02:32:28.0894 0996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:32:28.0925 0996 circlass - ok
02:32:28.0988 0996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:32:29.0003 0996 CLFS - ok
02:32:29.0097 0996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:32:29.0128 0996 clr_optimization_v2.0.50727_32 - ok
02:32:29.0175 0996 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:32:29.0191 0996 clr_optimization_v2.0.50727_64 - ok
02:32:29.0269 0996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:32:29.0425 0996 clr_optimization_v4.0.30319_32 - ok
02:32:29.0534 0996 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:32:29.0627 0996 clr_optimization_v4.0.30319_64 - ok
02:32:29.0659 0996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:32:29.0690 0996 CmBatt - ok
02:32:29.0721 0996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:32:29.0737 0996 cmdide - ok
02:32:29.0799 0996 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
02:32:29.0861 0996 CNG - ok
02:32:29.0908 0996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:32:29.0924 0996 Compbatt - ok
02:32:29.0955 0996 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:32:30.0002 0996 CompositeBus - ok
02:32:30.0002 0996 COMSysApp - ok
02:32:30.0127 0996 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
02:32:30.0127 0996 cpudrv64 - ok
02:32:30.0173 0996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:32:30.0173 0996 crcdisk - ok
02:32:30.0251 0996 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:32:30.0298 0996 CryptSvc - ok
02:32:30.0345 0996 CV2K1 - ok
02:32:30.0485 0996 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:32:30.0517 0996 cvhsvc - ok
02:32:30.0610 0996 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:32:30.0673 0996 DcomLaunch - ok
02:32:30.0719 0996 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:32:30.0782 0996 defragsvc - ok
02:32:30.0875 0996 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:32:30.0907 0996 DfsC - ok
02:32:31.0078 0996 DfSdkS (d51b32ba3897f630d99713b74b40d6a2) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
02:32:31.0125 0996 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
02:32:31.0125 0996 DfSdkS - detected UnsignedFile.Multi.Generic (1)
02:32:31.0203 0996 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:32:31.0265 0996 Dhcp - ok
02:32:31.0297 0996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:32:31.0328 0996 discache - ok
02:32:31.0359 0996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:32:31.0375 0996 Disk - ok
02:32:31.0406 0996 DiskSec (b9ba209e9d038a966f8547b3e0634626) C:\Windows\system32\drivers\DiskSec.sys
02:32:31.0406 0996 DiskSec - ok
02:32:31.0453 0996 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:32:31.0515 0996 Dnscache - ok
02:32:31.0577 0996 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:32:31.0624 0996 dot3svc - ok
02:32:31.0687 0996 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:32:31.0733 0996 DPS - ok
02:32:31.0765 0996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:32:31.0796 0996 drmkaud - ok
02:32:31.0905 0996 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
02:32:31.0921 0996 DsiWMIService - ok
02:32:32.0014 0996 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:32:32.0045 0996 DXGKrnl - ok
02:32:32.0108 0996 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:32:32.0155 0996 EapHost - ok
02:32:32.0342 0996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:32:32.0467 0996 ebdrv - ok
02:32:32.0576 0996 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:32:32.0638 0996 EFS - ok
02:32:32.0747 0996 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:32:32.0794 0996 ehRecvr - ok
02:32:32.0857 0996 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:32:32.0903 0996 ehSched - ok
02:32:33.0028 0996 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:32:33.0044 0996 ElbyCDIO - ok
02:32:33.0091 0996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:32:33.0122 0996 elxstor - ok
02:32:33.0278 0996 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
02:32:33.0293 0996 ePowerSvc - ok
02:32:33.0434 0996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:32:33.0449 0996 ErrDev - ok
02:32:33.0512 0996 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
02:32:33.0527 0996 ETD - ok
02:32:33.0574 0996 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:32:33.0637 0996 EventSystem - ok
02:32:33.0699 0996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:32:33.0746 0996 exfat - ok
02:32:33.0855 0996 Fabs - ok
02:32:33.0886 0996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:32:33.0949 0996 fastfat - ok
02:32:34.0058 0996 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:32:34.0105 0996 Fax - ok
02:32:34.0151 0996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:32:34.0183 0996 fdc - ok
02:32:34.0214 0996 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:32:34.0276 0996 fdPHost - ok
02:32:34.0292 0996 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:32:34.0339 0996 FDResPub - ok
02:32:34.0370 0996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:32:34.0385 0996 FileInfo - ok
02:32:34.0417 0996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:32:34.0463 0996 Filetrace - ok
02:32:34.0604 0996 FileZilla Server (e3a0cc636f313cb34867123539691dd5) c:\xampp\FileZillaFTP\FileZillaServer.exe
02:32:34.0635 0996 FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
02:32:34.0635 0996 FileZilla Server - detected UnsignedFile.Multi.Generic (1)
02:32:34.0885 0996 FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
02:32:35.0009 0996 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
02:32:35.0009 0996 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
02:32:35.0134 0996 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:32:35.0165 0996 FLEXnet Licensing Service - ok
02:32:35.0306 0996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:32:35.0321 0996 flpydisk - ok
02:32:35.0368 0996 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:32:35.0399 0996 FltMgr - ok
02:32:35.0462 0996 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:32:35.0524 0996 FontCache - ok
02:32:35.0618 0996 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:32:35.0618 0996 FontCache3.0.0.0 - ok
02:32:35.0680 0996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:32:35.0696 0996 FsDepends - ok
02:32:35.0711 0996 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:32:35.0727 0996 Fs_Rec - ok
02:32:35.0852 0996 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
02:32:35.0914 0996 ftpsvc - ok
02:32:36.0008 0996 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:32:36.0023 0996 fvevol - ok
02:32:36.0086 0996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:32:36.0086 0996 gagp30kx - ok
02:32:36.0179 0996 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:32:36.0242 0996 gpsvc - ok
02:32:36.0320 0996 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
02:32:36.0320 0996 GREGService - ok
02:32:36.0413 0996 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:32:36.0429 0996 gupdate - ok
02:32:36.0445 0996 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:32:36.0445 0996 gupdatem - ok
02:32:36.0491 0996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:32:36.0538 0996 hcw85cir - ok
02:32:36.0585 0996 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:32:36.0632 0996 HdAudAddService - ok
02:32:36.0679 0996 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:32:36.0710 0996 HDAudBus - ok
02:32:36.0757 0996 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
02:32:36.0772 0996 HECIx64 - ok
02:32:36.0819 0996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:32:36.0835 0996 HidBatt - ok
02:32:36.0835 0996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:32:36.0866 0996 HidBth - ok
02:32:36.0897 0996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:32:36.0959 0996 HidIr - ok
02:32:36.0991 0996 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:32:37.0037 0996 hidserv - ok
02:32:37.0084 0996 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
02:32:37.0100 0996 HidUsb - ok
02:32:37.0147 0996 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:32:37.0193 0996 hkmsvc - ok
02:32:37.0240 0996 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:32:37.0303 0996 HomeGroupListener - ok
02:32:37.0349 0996 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:32:37.0381 0996 HomeGroupProvider - ok
02:32:37.0412 0996 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:32:37.0412 0996 HpSAMD - ok
02:32:37.0505 0996 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:32:37.0583 0996 HTTP - ok
02:32:37.0646 0996 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
02:32:37.0693 0996 hwdatacard - ok
02:32:37.0739 0996 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:32:37.0739 0996 hwpolicy - ok
02:32:37.0786 0996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:32:37.0802 0996 i8042prt - ok
02:32:37.0864 0996 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
02:32:37.0880 0996 iaStor - ok
02:32:37.0989 0996 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:32:37.0989 0996 IAStorDataMgrSvc - ok
02:32:38.0067 0996 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:32:38.0098 0996 iaStorV - ok
02:32:38.0239 0996 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:32:38.0254 0996 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:32:38.0254 0996 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:32:38.0395 0996 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:32:38.0426 0996 idsvc - ok
02:32:39.0081 0996 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:32:39.0424 0996 igfx - ok
02:32:39.0565 0996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:32:39.0565 0996 iirsp - ok
02:32:39.0627 0996 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
02:32:39.0658 0996 IISADMIN - ok
02:32:39.0736 0996 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:32:39.0799 0996 IKEEXT - ok
02:32:39.0845 0996 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
02:32:39.0877 0996 Impcd - ok
02:32:40.0033 0996 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
02:32:40.0126 0996 IntcAzAudAddService - ok
02:32:40.0251 0996 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:32:40.0313 0996 IntcDAud - ok
02:32:40.0329 0996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:32:40.0345 0996 intelide - ok
02:32:40.0391 0996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:32:40.0407 0996 intelppm - ok
02:32:40.0454 0996 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:32:40.0485 0996 IPBusEnum - ok
02:32:40.0532 0996 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:32:40.0594 0996 IpFilterDriver - ok
02:32:40.0657 0996 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:32:40.0735 0996 iphlpsvc - ok
02:32:40.0781 0996 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:32:40.0813 0996 IPMIDRV - ok
02:32:40.0844 0996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:32:40.0891 0996 IPNAT - ok
02:32:40.0922 0996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:32:40.0953 0996 IRENUM - ok
02:32:40.0984 0996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:32:41.0000 0996 isapnp - ok
02:32:41.0062 0996 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:32:41.0078 0996 iScsiPrt - ok
02:32:41.0140 0996 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
02:32:41.0156 0996 k57nd60a - ok
02:32:41.0203 0996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:32:41.0203 0996 kbdclass - ok
02:32:41.0249 0996 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:32:41.0281 0996 kbdhid - ok
02:32:41.0312 0996 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:41.0312 0996 KeyIso - ok
02:32:41.0359 0996 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
02:32:41.0374 0996 KSecDD - ok
02:32:41.0390 0996 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
02:32:41.0405 0996 KSecPkg - ok
02:32:41.0437 0996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:32:41.0499 0996 ksthunk - ok
02:32:41.0546 0996 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:32:41.0593 0996 KtmRm - ok
02:32:41.0655 0996 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:32:41.0717 0996 LanmanServer - ok
02:32:41.0764 0996 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:32:41.0827 0996 LanmanWorkstation - ok
02:32:41.0889 0996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:32:41.0936 0996 lltdio - ok
02:32:41.0983 0996 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:32:42.0045 0996 lltdsvc - ok
02:32:42.0061 0996 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:32:42.0107 0996 lmhosts - ok
02:32:42.0217 0996 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:32:42.0232 0996 LMS - ok
02:32:42.0279 0996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:32:42.0295 0996 LSI_FC - ok
02:32:42.0295 0996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:32:42.0310 0996 LSI_SAS - ok
02:32:42.0326 0996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:32:42.0341 0996 LSI_SAS2 - ok
02:32:42.0341 0996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:32:42.0357 0996 LSI_SCSI - ok
02:32:42.0388 0996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:32:42.0435 0996 luafv - ok
02:32:42.0482 0996 massfilter - ok
02:32:42.0575 0996 MatSvc (ec470d91ef06a59397edc18d48899cc5) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
02:32:42.0591 0996 MatSvc - ok
02:32:42.0653 0996 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:32:42.0669 0996 Mcx2Svc - ok
02:32:42.0716 0996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:32:42.0716 0996 megasas - ok
02:32:42.0731 0996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:32:42.0747 0996 MegaSR - ok
02:32:42.0794 0996 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:32:42.0841 0996 MMCSS - ok
02:32:42.0856 0996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:32:42.0903 0996 Modem - ok
02:32:42.0934 0996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:32:42.0981 0996 monitor - ok
02:32:43.0012 0996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
02:32:43.0028 0996 mouclass - ok
02:32:43.0075 0996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:32:43.0075 0996 mouhid - ok
02:32:43.0137 0996 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:32:43.0153 0996 mountmgr - ok
02:32:43.0262 0996 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:32:43.0277 0996 MozillaMaintenance - ok
02:32:43.0324 0996 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:32:43.0340 0996 mpio - ok
02:32:43.0387 0996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:32:43.0433 0996 mpsdrv - ok
02:32:43.0511 0996 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:32:43.0574 0996 MpsSvc - ok
02:32:43.0636 0996 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
02:32:43.0683 0996 MQAC - ok
02:32:43.0714 0996 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:32:43.0745 0996 MRxDAV - ok
02:32:43.0792 0996 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:32:43.0808 0996 mrxsmb - ok
02:32:43.0855 0996 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:32:43.0886 0996 mrxsmb10 - ok
02:32:43.0917 0996 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:32:43.0948 0996 mrxsmb20 - ok
02:32:43.0995 0996 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:32:44.0011 0996 msahci - ok
02:32:44.0042 0996 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:32:44.0057 0996 msdsm - ok
02:32:44.0089 0996 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:32:44.0104 0996 MSDTC - ok
02:32:44.0135 0996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:32:44.0167 0996 Msfs - ok
02:32:44.0182 0996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:32:44.0245 0996 mshidkmdf - ok
02:32:44.0276 0996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:32:44.0276 0996 msisadrv - ok
02:32:44.0323 0996 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:32:44.0385 0996 MSiSCSI - ok
02:32:44.0385 0996 msiserver - ok
02:32:44.0447 0996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:32:44.0494 0996 MSKSSRV - ok
02:32:44.0510 0996 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
02:32:44.0525 0996 MSMQ - ok
02:32:44.0588 0996 MSMQTriggers (59ed174fd4314b0218dc91f9bfa6cd3d) C:\Windows\system32\mqtgsvc.exe
02:32:44.0635 0996 MSMQTriggers - ok
02:32:44.0666 0996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:32:44.0697 0996 MSPCLOCK - ok
02:32:44.0697 0996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:32:44.0744 0996 MSPQM - ok
02:32:44.0806 0996 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:32:44.0822 0996 MsRPC - ok
02:32:44.0869 0996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:32:44.0869 0996 mssmbios - ok
02:32:44.0900 0996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:32:44.0947 0996 MSTEE - ok
02:32:44.0993 0996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:32:45.0009 0996 MTConfig - ok
02:32:45.0040 0996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:32:45.0040 0996 Mup - ok
02:32:45.0087 0996 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
02:32:45.0087 0996 mwlPSDFilter - ok
02:32:45.0103 0996 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
02:32:45.0118 0996 mwlPSDNServ - ok
02:32:45.0134 0996 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
02:32:45.0134 0996 mwlPSDVDisk - ok
02:32:45.0227 0996 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
02:32:45.0259 0996 MWLService - ok
02:32:45.0352 0996 mysql - ok
02:32:45.0415 0996 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:32:45.0477 0996 napagent - ok
02:32:45.0555 0996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:32:45.0586 0996 NativeWifiP - ok
02:32:45.0680 0996 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:32:45.0711 0996 NDIS - ok
02:32:45.0758 0996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:32:45.0789 0996 NdisCap - ok
02:32:45.0805 0996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:32:45.0851 0996 NdisTapi - ok
02:32:45.0914 0996 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:32:45.0961 0996 Ndisuio - ok
02:32:46.0007 0996 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:32:46.0054 0996 NdisWan - ok
02:32:46.0101 0996 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:32:46.0148 0996 NDProxy - ok
02:32:46.0226 0996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:32:46.0273 0996 NetBIOS - ok
02:32:46.0335 0996 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:32:46.0397 0996 NetBT - ok
02:32:46.0429 0996 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:46.0444 0996 Netlogon - ok
02:32:46.0507 0996 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:32:46.0569 0996 Netman - ok
02:32:46.0663 0996 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0694 0996 NetMsmqActivator - ok
02:32:46.0694 0996 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0709 0996 NetPipeActivator - ok
02:32:46.0756 0996 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:32:46.0819 0996 netprofm - ok
02:32:46.0865 0996 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0865 0996 NetTcpActivator - ok
02:32:46.0865 0996 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0881 0996 NetTcpPortSharing - ok
02:32:46.0943 0996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:32:46.0959 0996 nfrd960 - ok
02:32:47.0021 0996 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:32:47.0084 0996 NlaSvc - ok
02:32:47.0302 0996 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
02:32:47.0396 0996 NOBU - ok
02:32:47.0536 0996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:32:47.0583 0996 Npfs - ok
02:32:47.0614 0996 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:32:47.0661 0996 nsi - ok
02:32:47.0692 0996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:32:47.0755 0996 nsiproxy - ok
02:32:47.0879 0996 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:32:47.0942 0996 Ntfs - ok
02:32:48.0082 0996 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
02:32:48.0082 0996 NTI IScheduleSvc - ok
02:32:48.0254 0996 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
02:32:48.0254 0996 NTIDrvr - ok
02:32:48.0269 0996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:32:48.0301 0996 Null - ok
02:32:48.0925 0996 nvlddmkm (5c3416c9f61809bbdffe6fac0c252520) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:32:49.0268 0996 nvlddmkm - ok
02:32:49.0424 0996 nvpciflt (10ea8a8bb2978c510f5892fcce62b00d) C:\Windows\system32\DRIVERS\nvpciflt.sys
02:32:49.0439 0996 nvpciflt - ok
02:32:49.0486 0996 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:32:49.0502 0996 nvraid - ok
02:32:49.0517 0996 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:32:49.0533 0996 nvstor - ok
02:32:49.0595 0996 nvsvc (d9617ef20708dcee76828865122b560f) C:\Windows\system32\nvvsvc.exe
02:32:49.0611 0996 nvsvc - ok
02:32:49.0767 0996 nvUpdatusService (2848e9b51c7a5d3efad44de9834c1d74) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:32:49.0829 0996 nvUpdatusService - ok
02:32:50.0001 0996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:32:50.0017 0996 nv_agp - ok
02:32:50.0063 0996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:32:50.0079 0996 ohci1394 - ok
02:32:50.0204 0996 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:32:50.0219 0996 ose - ok
02:32:50.0500 0996 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:32:50.0656 0996 osppsvc - ok
02:32:50.0765 0996 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:32:50.0859 0996 p2pimsvc - ok
02:32:50.0906 0996 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:32:50.0937 0996 p2psvc - ok
02:32:51.0015 0996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:32:51.0031 0996 Parport - ok
02:32:51.0077 0996 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:32:51.0093 0996 partmgr - ok
02:32:51.0124 0996 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:32:51.0155 0996 PcaSvc - ok
02:32:51.0202 0996 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:32:51.0202 0996 pci - ok
02:32:51.0249 0996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:32:51.0249 0996 pciide - ok
02:32:51.0280 0996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:32:51.0296 0996 pcmcia - ok
02:32:51.0311 0996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:32:51.0327 0996 pcw - ok
02:32:51.0374 0996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:32:51.0436 0996 PEAUTH - ok
02:32:51.0530 0996 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:32:51.0717 0996 PerfHost - ok
02:32:51.0920 0996 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:32:51.0998 0996 pla - ok
02:32:52.0060 0996 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:32:52.0107 0996 PlugPlay - ok
02:32:52.0138 0996 PnkBstrA - ok
02:32:52.0169 0996 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:32:52.0185 0996 PNRPAutoReg - ok
02:32:52.0216 0996 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:32:52.0232 0996 PNRPsvc - ok
02:32:52.0294 0996 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:32:52.0341 0996 PolicyAgent - ok
02:32:52.0403 0996 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:32:52.0435 0996 Power - ok
02:32:52.0528 0996 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:32:52.0575 0996 PptpMiniport - ok
02:32:52.0622 0996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:32:52.0637 0996 Processor - ok
02:32:52.0700 0996 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:32:52.0762 0996 ProfSvc - ok
02:32:52.0825 0996 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:52.0825 0996 ProtectedStorage - ok
02:32:52.0887 0996 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:32:52.0949 0996 Psched - ok
02:32:53.0059 0996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:32:53.0121 0996 ql2300 - ok
02:32:53.0261 0996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:32:53.0277 0996 ql40xx - ok
02:32:53.0324 0996 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:32:53.0339 0996 QWAVE - ok
02:32:53.0386 0996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:32:53.0417 0996 QWAVEdrv - ok
02:32:53.0433 0996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:32:53.0480 0996 RasAcd - ok
02:32:53.0527 0996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:32:53.0589 0996 RasAgileVpn - ok
02:32:53.0636 0996 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:32:53.0683 0996 RasAuto - ok
02:32:53.0745 0996 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:32:53.0792 0996 Rasl2tp - ok
02:32:53.0839 0996 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:32:53.0917 0996 RasMan - ok
02:32:53.0948 0996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:32:53.0979 0996 RasPppoe - ok
02:32:54.0026 0996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:32:54.0073 0996 RasSstp - ok
02:32:54.0119 0996 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:32:54.0182 0996 rdbss - ok
02:32:54.0197 0996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:32:54.0197 0996 rdpbus - ok
02:32:54.0213 0996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:32:54.0260 0996 RDPCDD - ok
02:32:54.0307 0996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:32:54.0353 0996 RDPENCDD - ok
02:32:54.0385 0996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:32:54.0431 0996 RDPREFMP - ok
02:32:54.0478 0996 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:32:54.0525 0996 RDPWD - ok
02:32:54.0603 0996 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:32:54.0634 0996 rdyboost - ok
02:32:54.0681 0996 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:32:54.0728 0996 RemoteAccess - ok
02:32:54.0775 0996 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:32:54.0837 0996 RemoteRegistry - ok
02:32:54.0899 0996 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
02:32:54.0946 0996 RMCAST - ok
02:32:54.0962 0996 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:32:55.0009 0996 RpcEptMapper - ok
02:32:55.0024 0996 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:32:55.0040 0996 RpcLocator - ok
02:32:55.0133 0996 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:32:55.0180 0996 RpcSs - ok
02:32:55.0196 0996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:32:55.0243 0996 rspndr - ok
02:32:55.0305 0996 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
02:32:55.0321 0996 RSUSBSTOR - ok
02:32:55.0352 0996 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:55.0367 0996 SamSs - ok
02:32:55.0414 0996 SANDRA - ok
02:32:55.0445 0996 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:32:55.0461 0996 sbp2port - ok
02:32:55.0617 0996 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
02:32:55.0664 0996 SBSDWSCService - ok
02:32:55.0695 0996 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:32:55.0742 0996 SCardSvr - ok
02:32:55.0789 0996 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:32:55.0851 0996 scfilter - ok
02:32:55.0945 0996 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:32:56.0023 0996 Schedule - ok
02:32:56.0054 0996 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:32:56.0101 0996 SCPolicySvc - ok
02:32:56.0147 0996 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:32:56.0163 0996 SDRSVC - ok
02:32:56.0241 0996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:32:56.0272 0996 secdrv - ok
02:32:56.0335 0996 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:32:56.0381 0996 seclogon - ok
02:32:56.0428 0996 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:32:56.0459 0996 SENS - ok
02:32:56.0491 0996 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:32:56.0522 0996 SensrSvc - ok
02:32:56.0553 0996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:32:56.0584 0996 Serenum - ok
02:32:56.0631 0996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:32:56.0647 0996 Serial - ok
02:32:56.0678 0996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:32:56.0693 0996 sermouse - ok
02:32:56.0740 0996 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:32:56.0803 0996 SessionEnv - ok
02:32:56.0834 0996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:32:56.0881 0996 sffdisk - ok
02:32:56.0896 0996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:32:56.0912 0996 sffp_mmc - ok
02:32:56.0943 0996 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:32:56.0959 0996 sffp_sd - ok
02:32:56.0990 0996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:32:57.0021 0996 sfloppy - ok
02:32:57.0115 0996 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
02:32:57.0146 0996 Sftfs - ok
02:32:57.0271 0996 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
02:32:57.0302 0996 sftlist - ok
02:32:57.0458 0996 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:32:57.0473 0996 Sftplay - ok
02:32:57.0520 0996 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:32:57.0520 0996 Sftredir - ok
02:32:57.0551 0996 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
02:32:57.0551 0996 Sftvol - ok
02:32:57.0629 0996 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
02:32:57.0645 0996 sftvsa - ok
02:32:57.0692 0996 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:32:57.0754 0996 SharedAccess - ok
02:32:57.0817 0996 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:32:57.0879 0996 ShellHWDetection - ok
02:32:57.0895 0996 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
02:32:57.0910 0996 simptcp - ok
02:32:57.0941 0996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:32:57.0957 0996 SiSRaid2 - ok
02:32:57.0957 0996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:32:57.0973 0996 SiSRaid4 - ok
02:32:57.0988 0996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:32:58.0035 0996 Smb - ok
02:32:58.0097 0996 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:32:58.0129 0996 SNMPTRAP - ok
02:32:58.0144 0996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:32:58.0144 0996 spldr - ok
02:32:58.0222 0996 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:32:58.0269 0996 Spooler - ok
02:32:58.0472 0996 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:32:58.0597 0996 sppsvc - ok
02:32:58.0706 0996 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:32:58.0753 0996 sppuinotify - ok
02:32:58.0831 0996 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:32:58.0877 0996 srv - ok
02:32:58.0940 0996 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:32:58.0987 0996 srv2 - ok
02:32:59.0002 0996 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:32:59.0018 0996 srvnet - ok
02:32:59.0080 0996 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:32:59.0143 0996 SSDPSRV - ok
02:32:59.0143 0996 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:32:59.0189 0996 SstpSvc - ok
02:32:59.0221 0996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:32:59.0236 0996 stexstor - ok
02:32:59.0314 0996 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:32:59.0361 0996 stisvc - ok
02:32:59.0392 0996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:32:59.0408 0996 swenum - ok
02:32:59.0626 0996 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:32:59.0689 0996 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
02:32:59.0689 0996 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
02:32:59.0751 0996 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:32:59.0845 0996 swprv - ok
02:32:59.0985 0996 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:33:00.0079 0996 SysMain - ok
02:33:00.0219 0996 SystemExplorerHelpService (2ba0aa235e90cc14c2612ffc31ff686e) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
02:33:00.0250 0996 SystemExplorerHelpService - ok
02:33:00.0375 0996 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:33:00.0406 0996 TabletInputService - ok
02:33:00.0469 0996 tandpl - ok
02:33:00.0547 0996 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:33:00.0625 0996 TapiSrv - ok
02:33:00.0640 0996 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:33:00.0687 0996 TBS - ok
02:33:00.0859 0996 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:33:00.0921 0996 Tcpip - ok
02:33:01.0171 0996 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:33:01.0217 0996 TCPIP6 - ok
02:33:01.0311 0996 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:33:01.0358 0996 tcpipreg - ok
02:33:01.0389 0996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:33:01.0420 0996 TDPIPE - ok
02:33:01.0451 0996 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:33:01.0483 0996 TDTCP - ok
02:33:01.0514 0996 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:33:01.0576 0996 tdx - ok
02:33:01.0607 0996 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:33:01.0623 0996 TermDD - ok
02:33:01.0701 0996 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:33:01.0779 0996 TermService - ok
02:33:01.0810 0996 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:33:01.0826 0996 Themes - ok
02:33:01.0857 0996 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:33:01.0888 0996 THREADORDER - ok
02:33:01.0919 0996 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:33:01.0951 0996 TrkWks - ok
02:33:02.0029 0996 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
02:33:02.0044 0996 truecrypt - ok
02:33:02.0122 0996 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:33:02.0185 0996 TrustedInstaller - ok
02:33:02.0216 0996 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:33:02.0263 0996 tssecsrv - ok
02:33:02.0341 0996 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:33:02.0372 0996 TsUsbFlt - ok
02:33:02.0419 0996 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:33:02.0481 0996 tunnel - ok
02:33:02.0512 0996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:33:02.0528 0996 uagp35 - ok
02:33:02.0559 0996 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
02:33:02.0559 0996 UBHelper - ok
02:33:02.0621 0996 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:33:02.0684 0996 udfs - ok
02:33:02.0731 0996 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:33:02.0746 0996 UI0Detect - ok
02:33:02.0809 0996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:33:02.0809 0996 uliagpkx - ok
02:33:02.0887 0996 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:33:02.0902 0996 umbus - ok
02:33:02.0949 0996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:33:02.0965 0996 UmPass - ok
02:33:03.0167 0996 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:33:03.0245 0996 UNS - ok
02:33:03.0355 0996 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
02:33:03.0370 0996 Updater Service - ok
02:33:03.0526 0996 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:33:03.0573 0996 upnphost - ok
02:33:03.0635 0996 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:33:03.0651 0996 usbccgp - ok
02:33:03.0682 0996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:33:03.0713 0996 usbcir - ok
02:33:03.0729 0996 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:33:03.0745 0996 usbehci - ok
02:33:03.0823 0996 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:33:03.0901 0996 usbhub - ok
02:33:03.0916 0996 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:33:03.0932 0996 usbohci - ok
02:33:03.0994 0996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:33:04.0025 0996 usbprint - ok
02:33:04.0088 0996 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:33:04.0088 0996 usbscan - ok
02:33:04.0135 0996 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:33:04.0150 0996 USBSTOR - ok
02:33:04.0166 0996 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:33:04.0197 0996 usbuhci - ok
02:33:04.0259 0996 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:33:04.0291 0996 usbvideo - ok
02:33:04.0322 0996 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:33:04.0353 0996 UxSms - ok
02:33:04.0415 0996 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:33:04.0431 0996 VaultSvc - ok
02:33:04.0509 0996 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
02:33:04.0525 0996 VClone - ok
02:33:04.0571 0996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:33:04.0587 0996 vdrvroot - ok
02:33:04.0696 0996 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:33:04.0759 0996 vds - ok
02:33:04.0790 0996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:33:04.0805 0996 vga - ok
02:33:04.0837 0996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:33:04.0868 0996 VgaSave - ok
02:33:04.0915 0996 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:33:04.0946 0996 vhdmp - ok
02:33:04.0977 0996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:33:04.0993 0996 viaide - ok
02:33:05.0039 0996 VirtualDisk_U (cd367c435d46a00212b13dac56372741) C:\Windows\system32\drivers\virtualdisk_u.sys
02:33:05.0039 0996 VirtualDisk_U - ok
02:33:05.0055 0996 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:33:05.0071 0996 volmgr - ok
02:33:05.0133 0996 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:33:05.0164 0996 volmgrx - ok
02:33:05.0195 0996 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:33:05.0211 0996 volsnap - ok
02:33:05.0258 0996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:33:05.0273 0996 vsmraid - ok
02:33:05.0414 0996 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:33:05.0507 0996 VSS - ok
02:33:05.0648 0996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:33:05.0679 0996 vwifibus - ok
02:33:05.0726 0996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:33:05.0757 0996 vwififlt - ok
02:33:05.0819 0996 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:33:05.0866 0996 W32Time - ok
02:33:05.0975 0996 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
02:33:06.0007 0996 W3SVC - ok
02:33:06.0022 0996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:33:06.0053 0996 WacomPen - ok
02:33:06.0131 0996 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:33:06.0178 0996 WANARP - ok
02:33:06.0194 0996 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:33:06.0225 0996 Wanarpv6 - ok
02:33:06.0272 0996 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
02:33:06.0272 0996 WAS - ok
02:33:06.0412 0996 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:33:06.0459 0996 WatAdminSvc - ok
02:33:06.0568 0996 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:33:06.0646 0996 wbengine - ok
02:33:06.0771 0996 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:33:06.0802 0996 WbioSrvc - ok
02:33:06.0865 0996 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:33:06.0911 0996 wcncsvc - ok
02:33:06.0911 0996 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:33:06.0943 0996 WcsPlugInService - ok
02:33:07.0021 0996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:33:07.0021 0996 Wd - ok
02:33:07.0083 0996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:33:07.0099 0996 Wdf01000 - ok
02:33:07.0114 0996 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:33:07.0192 0996 WdiServiceHost - ok
02:33:07.0192 0996 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:33:07.0208 0996 WdiSystemHost - ok
02:33:07.0270 0996 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:33:07.0301 0996 WebClient - ok
02:33:07.0333 0996 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:33:07.0395 0996 Wecsvc - ok
02:33:07.0426 0996 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:33:07.0473 0996 wercplsupport - ok
02:33:07.0504 0996 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:33:07.0567 0996 WerSvc - ok
02:33:07.0629 0996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:33:07.0676 0996 WfpLwf - ok
02:33:07.0676 0996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:33:07.0691 0996 WIMMount - ok
02:33:07.0785 0996 WinDefend - ok
02:33:07.0785 0996 WinHttpAutoProxySvc - ok
02:33:07.0863 0996 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:33:07.0910 0996 Winmgmt - ok
02:33:08.0066 0996 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:33:08.0159 0996 WinRM - ok
02:33:08.0331 0996 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:33:08.0347 0996 WinUsb - ok
02:33:08.0425 0996 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:33:08.0440 0996 Wlansvc - ok
02:33:08.0503 0996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:33:08.0503 0996 WmiAcpi - ok
02:33:08.0581 0996 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:33:08.0612 0996 wmiApSrv - ok
02:33:08.0690 0996 WMPNetworkSvc - ok
02:33:08.0721 0996 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:33:08.0752 0996 WPCSvc - ok
02:33:08.0799 0996 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:33:08.0815 0996 WPDBusEnum - ok
02:33:08.0830 0996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:33:08.0877 0996 ws2ifsl - ok
02:33:08.0908 0996 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:33:08.0924 0996 wscsvc - ok
02:33:08.0924 0996 WSearch - ok
02:33:09.0095 0996 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:33:09.0205 0996 wuauserv - ok
02:33:09.0361 0996 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:33:09.0407 0996 WudfPf - ok
02:33:09.0439 0996 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:33:09.0501 0996 WUDFRd - ok
02:33:09.0548 0996 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:33:09.0579 0996 wudfsvc - ok
02:33:09.0626 0996 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:33:09.0657 0996 WwanSvc - ok
02:33:09.0782 0996 X6va006 - ok
02:33:09.0813 0996 X6va007 - ok
02:33:09.0891 0996 X6va008 - ok
02:33:09.0922 0996 ZTEusbmdm6k - ok
02:33:09.0922 0996 ZTEusbnmea - ok
02:33:09.0953 0996 ZTEusbser6k - ok
02:33:09.0969 0996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:33:10.0343 0996 \Device\Harddisk0\DR0 - ok
02:33:10.0359 0996 Boot (0x1200) (4f0561195422c4d5fffc1e9e808efec1) \Device\Harddisk0\DR0\Partition0
02:33:10.0359 0996 \Device\Harddisk0\DR0\Partition0 - ok
02:33:10.0390 0996 Boot (0x1200) (80f3810c932c7533fa9b7ce636651fba) \Device\Harddisk0\DR0\Partition1
02:33:10.0390 0996 \Device\Harddisk0\DR0\Partition1 - ok
02:33:10.0390 0996 ============================================================
02:33:10.0390 0996 Scan finished
02:33:10.0390 0996 ============================================================
02:33:10.0406 1132 Detected object count: 6
02:33:10.0406 1132 Actual detected object count: 6
02:35:14.0036 1132 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0036 1132 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:35:14.0052 1132 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0052 1132 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:35:14.0067 1132 FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0067 1132 FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:35:14.0083 1132 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0083 1132 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:35:14.0098 1132 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0098 1132 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:35:14.0145 1132 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0145 1132 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.08.2012, 21:39
| #10 |
| | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen wie sieht es aus? was muss ich nun noch machen? |
|
08.08.2012, 17:24
| #11 |
| /// Malware-holic | windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen sieht gut aus. lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen |
| administrator, aktion, anti-malware, appdata, autostart, code, ctfmon.lnk, dateien, downloads, einträge, explorer, gvu-trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, log-datei, malwarebytes, microsoft, minute, nichts, programm, pup.hacktool.havis, pup.passwordtool, registrierung, roaming, service, speicher, startup, temp, version, webcam, windows, windows 7 |
Hybrid-Darstellung
