Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.10.2012, 20:17   #1
0130
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Hy Board,
Diese Meldung hat mir eben mein G-Data Virenwächter gegeben, und zwar in den Pfaden C:\Users..... und D:\Users....
Dazu muss ich sagen, dass C eine SSD ist und ich daher Dinge wie die Auslagerungsdatei etc. auf D ausgelagert habe. Trotzdem hat es mich doch schon länger gewundert, dass auf C und D praktisch dieselben Ordnerstrukturen "wachsen" ?! Ich habe bis vor kurzem Norton Internet Security benutzt und benutze zur Zeit G-Data Internet Security 2012 mit eingeschalteter Verhaltensanalyse (auch wenn ich bei Threatfire da irgendwie ein besseres Gefühl hatte), aber AUSGESCHALTETER Firewall,. da ich die Win7-Wand an habe.
Ich muss gestehen, dass es zwischen Norton und G-Data einen Zeitraum von ca. 14 Tagen gab, in denen ich lediglich mit Threatfire und Windowsfirewall (und natürlich Hardwarefirewall) online war. In meinem Router sind keine außergewöhnlichen Ports für IRC oder ähnliches geöffnet, daher dachte ich da nicht weiter drüber nach.
Lange Rede, kurzer Sinn - hab ich ihn mir an die Wand gefahren?
Hier ist OTL.txt, Extras.txt ist gezippt im Anhang. Danke Euch!!!
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.10.2012 20:07:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HTho\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,71 Gb Total Physical Memory | 11,45 Gb Available Physical Memory | 72,86% Memory free
16,71 Gb Paging File | 12,25 Gb Available in Paging File | 73,30% Paging File free
Paging file location(s): R:\pagefile.sys 1023 1023 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 76,18 Gb Free Space | 63,94% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 12,14 Gb Free Space | 41,43% Space Free | Partition Type: NTFS
Drive E: | 1833,72 Gb Total Space | 1255,60 Gb Free Space | 68,47% Space Free | Partition Type: NTFS
Drive G: | 48,84 Gb Total Space | 0,68 Gb Free Space | 1,40% Space Free | Partition Type: NTFS
Drive H: | 358,14 Gb Total Space | 0,67 Gb Free Space | 0,19% Space Free | Partition Type: NTFS
Drive I: | 486,25 Gb Total Space | 68,26 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive J: | 38,28 Gb Total Space | 1,69 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive R: | 1,99 Gb Total Space | 0,99 Gb Free Space | 49,85% Space Free | Partition Type: FAT32
 
Computer Name: HTHO-PC | User Name: HTho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 20:07:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HTho\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 14:58:58 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2012.07.07 00:34:18 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 15:50:00 | 001,011,720 | ---- | M] (G Data Software AG) -- D:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.01.13 15:47:12 | 001,448,744 | ---- | M] () -- C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.11.22 21:14:26 | 001,648,600 | ---- | M] (Copernic Inc.) -- C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
PRC - [2011.09.28 02:37:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.08.17 15:00:08 | 000,448,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.08.17 15:00:04 | 001,620,488 | ---- | M] (G Data Software AG) -- D:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2011.08.17 15:00:04 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- D:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011.03.30 08:01:08 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011.02.22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010.08.16 06:11:08 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.07.11 09:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 11:42:58 | 000,460,312 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
MOD - [2012.09.25 11:42:55 | 004,005,912 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012.09.25 11:41:39 | 000,578,072 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012.09.25 11:41:38 | 000,123,416 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012.09.25 11:41:27 | 000,156,712 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012.09.25 11:41:26 | 000,275,496 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012.09.25 11:41:24 | 002,168,360 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012.07.10 21:21:27 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.07.10 20:31:32 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012.07.10 20:31:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012.07.10 17:21:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.07.10 17:21:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.07.10 17:20:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.10 17:20:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.10 17:20:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.10 17:20:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.07.10 17:20:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.10 17:20:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.07.10 17:20:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.10 17:20:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.13 15:47:12 | 001,448,744 | ---- | M] () -- C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.05.11 12:01:13 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
MOD - [2008.07.11 09:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2011.03.14 09:09:14 | 004,034,376 | ---- | M] () [Auto | Running] -- C:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.09 18:59:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.08.17 15:00:08 | 000,448,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.08.17 15:00:04 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- D:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.07.28 03:12:58 | 002,048,632 | ---- | M] (G Data Software AG) [Auto | Running] -- D:\Programme\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.09 20:05:10 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2012.09.28 17:08:08 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.09.28 17:08:08 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.09.28 17:08:07 | 000,052,088 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.09.10 20:06:00 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.09.10 20:01:36 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.09.10 20:01:15 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.09.10 20:01:14 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.08.30 18:21:01 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.07.15 19:06:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.10 17:49:12 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.07.07 00:34:18 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.04.18 19:08:04 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.14 09:10:38 | 000,043,600 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodivdh.sys -- (oodivdh)
DRV:64bit: - [2011.03.14 09:10:36 | 000,215,120 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodivd.sys -- (oodivd)
DRV:64bit: - [2011.03.14 09:10:34 | 000,040,016 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodisrh.sys -- (oodisrh)
DRV:64bit: - [2011.03.14 09:10:32 | 000,117,328 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodisr.sys -- (oodisr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011.01.15 18:21:06 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.23 11:55:39 | 001,261,056 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.07.14 07:18:32 | 000,344,592 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MtsBda.sys -- (MTSBDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 13 86 AB EF 5C CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{36909D66-7F67-4b8e-8496-925BC87134B6}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{B219009E-2482-47C5-9A1F-62E0C9D0397F}: "URL" = hxxp://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HTho\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HTho\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.09.11 18:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTho\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HTho\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: WiseConvert 1.3 = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod\10.11.21.5_0\
CHR - Extension: YouTube = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Stealthy = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: Google Mail = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.07 00:11:21 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIEx64.dll (G Data Software AG)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OODITRAY.EXE] C:\Program Files\OO Software\DiskImage\ooditray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] D:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] D:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "R:\TempFiles\System\E_SB357.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\HTho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9AEB1AC-418A-4910-9AA6-FC0BDD5CE50A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9AEB1AC-418A-4910-9AA6-FC0BDD5CE50A}: NameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d7948b1-c7b6-11e1-924f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d7948b1-c7b6-11e1-924f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O33 - MountPoints2\{58c55f4d-c7ba-11e1-a5bb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58c55f4d-c7ba-11e1-a5bb-806e6f6e6963}\Shell\AutoRun\command - "" = O:\AutoRun\AutoRun.exe
O33 - MountPoints2\{7deb5aad-ceaf-11e1-8634-bc5ff444a1ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7deb5aad-ceaf-11e1-8634-bc5ff444a1ed}\Shell\AutoRun\command - "" = M:\StartUp.exe
O33 - MountPoints2\{9af73d15-ce5d-11e1-b29a-bc5ff444a1ed}\Shell - "" = AutoRun
O33 - MountPoints2\{9af73d15-ce5d-11e1-b29a-bc5ff444a1ed}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\{eb705062-cb64-11e1-93bb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eb705062-cb64-11e1-93bb-806e6f6e6963}\Shell\AutoRun\command - "" = K:\StartUp.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 20:07:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HTho\Desktop\OTL.exe
[2012.10.09 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\LibreOffice
[2012.10.09 17:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012.10.05 13:10:06 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\SMIGames
[2012.10.05 13:06:56 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Lazy Turtle Games
[2012.10.05 12:52:21 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\FlowerOfImmortality
[2012.10.05 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\sekrbfgde
[2012.10.05 12:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2012.10.01 22:19:22 | 000,000,000 | ---D | C] -- C:\Users\HTho\Documents\Shirley
[2012.09.30 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Anarchy
[2012.09.28 17:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2012 PC-Welt Edition
[2012.09.28 17:08:07 | 000,052,088 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.28 17:08:07 | 000,031,608 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.09.28 17:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.09.18 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\HTho\Documents\Das Fussball Studio
[2012.09.18 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Das Fussball Studio
[2012.09.18 14:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2012.09.18 14:45:43 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\PEGRP32E.DLL
[2012.09.18 14:45:43 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pesgo32e.ocx
[2012.09.18 14:45:43 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pego32e.ocx
[2012.09.18 14:45:43 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pe3do32e.ocx
[2012.09.18 14:45:43 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pepco32e.ocx
[2012.09.18 14:45:43 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlCmdBar6.ocx
[2012.09.18 14:45:43 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlSGrid6.ocx
[2012.09.18 14:45:43 | 000,295,424 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx
[2012.09.18 14:45:43 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\SysWow64\sevZip40.dll
[2012.09.18 14:45:43 | 000,231,936 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx
[2012.09.18 14:45:43 | 000,176,128 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlButton.ocx
[2012.09.18 14:45:43 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlLSFrame3.ocx
[2012.09.18 14:45:43 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlIml3.ocx
[2012.09.18 14:45:43 | 000,155,136 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevTab.ocx
[2012.09.18 14:45:43 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx
[2012.09.18 14:45:43 | 000,065,536 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlLCDDisplay.ocx
[2012.09.18 14:45:43 | 000,057,344 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlMMSpTr1.ocx
[2012.09.18 14:45:43 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlSubTmr2.dll
[2012.09.18 14:45:43 | 000,024,576 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlTimer.dll
[2012.09.18 14:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Das Fussball Studio
[2012.09.18 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Das Fussball Studio
[2012.09.17 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bet Angel Limited
[2012.09.12 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\Opera
[2012.09.12 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\CRE
[2012.09.12 12:25:07 | 002,454,032 | ---- | C] (Conduit) -- C:\ProgramData\WiseConvert_1_3.exe
[2012.09.12 11:57:00 | 018,364,904 | ---- | C] (Mozilla) -- C:\ProgramData\Thunderbird Setup 15.0.1 (1).exe
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\isp
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\extensions
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\distribution
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\components
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\chrome
[2012.09.11 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Opera
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\ui
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\styles
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\skin
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\region
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\gstreamer
[2012.09.11 19:32:33 | 015,158,160 | ---- | C] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.dll
[2012.09.11 19:32:33 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Users\HTho\AppData\Local\D3DCompiler_43.dll
[2012.09.11 19:32:33 | 000,874,896 | ---- | C] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.exe
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\program
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\mapi
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\locale
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\extra
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\defaults
[2012.09.11 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\HTho\Documents\Outlook-Dateien
[2012.09.11 18:03:01 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Thunderbird
[2012.09.11 18:03:01 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\Thunderbird
[2012.09.11 18:03:01 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Mozilla
[2012.09.11 18:02:22 | 016,916,448 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2012.09.11 18:02:22 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2012.09.11 18:02:22 | 000,638,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2012.09.11 18:02:22 | 000,576,992 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2012.09.11 18:02:22 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2012.09.11 18:02:22 | 000,370,656 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2012.09.11 18:02:22 | 000,260,576 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2012.09.11 18:02:22 | 000,166,368 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2012.09.11 18:02:22 | 000,155,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2012.09.11 18:02:22 | 000,145,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2012.09.11 18:02:22 | 000,118,752 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2012.09.11 18:02:22 | 000,096,224 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2012.09.11 18:02:22 | 000,092,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2012.09.11 18:02:22 | 000,091,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2012.09.11 18:02:22 | 000,049,120 | ---- | C] (Mozilla.org) -- C:\Program Files\mozMapi32_InUse.dll
[2012.09.11 18:02:22 | 000,049,120 | ---- | C] (Mozilla.org) -- C:\Program Files\mozMapi32.dll
[2012.09.11 18:02:22 | 000,021,984 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2012.09.11 18:02:22 | 000,021,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files\WSEnable.exe
[2012.09.11 18:02:22 | 000,019,936 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2012.09.11 18:02:22 | 000,019,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2012.09.11 18:02:22 | 000,017,888 | ---- | C] (Mozilla.org) -- C:\Program Files\MapiProxy_InUse.dll
[2012.09.11 18:02:22 | 000,016,864 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2012.09.11 18:02:21 | 002,154,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.09.11 18:02:21 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2012.09.11 18:02:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2012.09.11 18:02:21 | 000,430,560 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2012.09.11 18:02:21 | 000,258,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2012.09.11 18:02:21 | 000,089,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2012.09.11 18:02:21 | 000,048,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.09.11 18:02:21 | 000,018,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2012.09.11 18:02:21 | 000,017,888 | ---- | C] (Mozilla.org) -- C:\Program Files\MapiProxy.dll
[2012.09.11 18:02:21 | 000,015,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2012.09.11 18:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\uninstall
[2012.09.10 20:06:00 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.10 20:01:36 | 000,059,256 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.10 20:01:15 | 000,110,968 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.10 20:01:14 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.10 20:01:14 | 000,050,552 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.10 20:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.09.10 20:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.09.10 19:57:47 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\Downloaded Installations
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 20:10:08 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.09 20:10:08 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.09 20:10:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.09 20:10:08 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.09 20:10:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.09 20:08:21 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.10.09 20:07:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HTho\Desktop\OTL.exe
[2012.10.09 20:05:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 20:05:12 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.10.09 20:05:10 | 000,462,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.09 20:05:10 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.10.09 20:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 20:05:05 | 4061,421,566 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 20:04:15 | 000,000,198 | ---- | M] () -- C:\Users\HTho\defogger_reenable
[2012.10.09 20:03:38 | 000,050,477 | ---- | M] () -- C:\Users\HTho\Desktop\Defogger.exe
[2012.10.09 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 19:53:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 19:32:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399780097-724731501-3213506436-1000UA.job
[2012.10.09 19:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.10.09 17:31:20 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2012.10.09 17:09:30 | 000,001,315 | ---- | M] () -- C:\Users\HTho\Desktop\ARBEITSAMT.rtf
[2012.10.09 16:40:14 | 000,819,677 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.09 16:40:14 | 000,044,756 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.08 22:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399780097-724731501-3213506436-1000Core.job
[2012.10.05 14:37:38 | 000,322,688 | ---- | M] () -- C:\Users\HTho\installer_openoffice_Deutsch.exe
[2012.09.30 18:52:44 | 000,014,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 18:52:44 | 000,014,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 17:08:08 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.28 17:08:08 | 000,031,608 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.09.28 17:08:07 | 000,052,088 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.28 17:08:05 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.09.18 14:45:46 | 000,001,145 | ---- | M] () -- C:\Users\HTho\Desktop\Das Fussball Studio.lnk
[2012.09.17 17:34:10 | 000,218,431 | ---- | M] () -- C:\Users\HTho\Desktop\bookmarks_17.09.12.html
[2012.09.17 15:37:34 | 000,003,155 | ---- | M] () -- C:\Users\HTho\Desktop\Bet Angel - Professional.lnk
[2012.09.16 20:06:23 | 000,000,471 | ---- | M] () -- C:\Users\HTho\Desktop\Daten (E).lnk
[2012.09.12 21:24:44 | 000,001,037 | ---- | M] () -- C:\Users\HTho\Desktop\PotPlayer x64.lnk
[2012.09.12 21:24:44 | 000,000,992 | --S- | M] () -- C:\Users\HTho\Desktop\Core Temp.lnk
[2012.09.12 12:25:00 | 002,454,032 | ---- | M] (Conduit) -- C:\ProgramData\WiseConvert_1_3.exe
[2012.09.11 19:32:34 | 000,034,441 | ---- | M] () -- C:\Users\HTho\AppData\Local\opera_install_log.xml
[2012.09.11 19:32:34 | 000,000,263 | ---- | M] () -- C:\Users\HTho\AppData\Local\operaprefs_default.ini
[2012.09.11 19:32:33 | 015,158,160 | ---- | M] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.dll
[2012.09.11 19:32:33 | 000,874,896 | ---- | M] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.exe
[2012.09.11 19:32:33 | 000,527,083 | ---- | M] () -- C:\Users\HTho\AppData\Local\encoding.bin
[2012.09.11 19:32:33 | 000,148,990 | ---- | M] () -- C:\Users\HTho\AppData\Local\pubsuffix.xml
[2012.09.11 19:32:33 | 000,143,872 | ---- | M] () -- C:\Users\HTho\AppData\Local\html5_entity_init.dat
[2012.09.11 19:32:33 | 000,059,028 | ---- | M] () -- C:\Users\HTho\AppData\Local\mathml.dtd
[2012.09.11 19:32:33 | 000,024,420 | ---- | M] () -- C:\Users\HTho\AppData\Local\files_old.sig
[2012.09.11 19:32:33 | 000,016,092 | ---- | M] () -- C:\Users\HTho\AppData\Local\files.sig
[2012.09.11 19:32:33 | 000,007,904 | ---- | M] () -- C:\Users\HTho\AppData\Local\html40_entities.dtd
[2012.09.11 19:32:33 | 000,000,301 | ---- | M] () -- C:\Users\HTho\AppData\Local\c3nform.vxml
[2012.09.10 20:06:00 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.10 20:01:36 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.10 20:01:15 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.10 20:01:14 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 20:04:15 | 000,000,198 | ---- | C] () -- C:\Users\HTho\defogger_reenable
[2012.10.09 20:03:37 | 000,050,477 | ---- | C] () -- C:\Users\HTho\Desktop\Defogger.exe
[2012.10.09 17:31:20 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2012.10.05 14:37:24 | 000,322,688 | ---- | C] () -- C:\Users\HTho\installer_openoffice_Deutsch.exe
[2012.10.01 20:32:15 | 000,001,315 | ---- | C] () -- C:\Users\HTho\Desktop\ARBEITSAMT.rtf
[2012.09.29 01:12:30 | 000,819,677 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.29 01:12:30 | 000,044,756 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.09.28 17:08:05 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.09.20 00:32:12 | 206,576,325 | ---- | C] () -- C:\Users\HTho\Desktop\M.Amen_Mixset_10.11.2007.mp3
[2012.09.18 14:45:46 | 000,001,145 | ---- | C] () -- C:\Users\HTho\Desktop\Das Fussball Studio.lnk
[2012.09.17 17:34:10 | 000,218,431 | ---- | C] () -- C:\Users\HTho\Desktop\bookmarks_17.09.12.html
[2012.09.17 15:37:34 | 000,003,155 | ---- | C] () -- C:\Users\HTho\Desktop\Bet Angel - Professional.lnk
[2012.09.16 20:06:23 | 000,000,471 | ---- | C] () -- C:\Users\HTho\Desktop\Daten (E).lnk
[2012.09.11 19:32:34 | 000,034,441 | ---- | C] () -- C:\Users\HTho\AppData\Local\opera_install_log.xml
[2012.09.11 19:32:34 | 000,000,263 | ---- | C] () -- C:\Users\HTho\AppData\Local\operaprefs_default.ini
[2012.09.11 19:32:33 | 000,527,083 | ---- | C] () -- C:\Users\HTho\AppData\Local\encoding.bin
[2012.09.11 19:32:33 | 000,148,990 | ---- | C] () -- C:\Users\HTho\AppData\Local\pubsuffix.xml
[2012.09.11 19:32:33 | 000,143,872 | ---- | C] () -- C:\Users\HTho\AppData\Local\html5_entity_init.dat
[2012.09.11 19:32:33 | 000,059,028 | ---- | C] () -- C:\Users\HTho\AppData\Local\mathml.dtd
[2012.09.11 19:32:33 | 000,024,420 | ---- | C] () -- C:\Users\HTho\AppData\Local\files_old.sig
[2012.09.11 19:32:33 | 000,016,092 | ---- | C] () -- C:\Users\HTho\AppData\Local\files.sig
[2012.09.11 19:32:33 | 000,007,904 | ---- | C] () -- C:\Users\HTho\AppData\Local\html40_entities.dtd
[2012.09.11 19:32:33 | 000,000,301 | ---- | C] () -- C:\Users\HTho\AppData\Local\c3nform.vxml
[2012.09.11 18:02:32 | 000,002,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.09.11 18:02:22 | 008,682,865 | ---- | C] () -- C:\Program Files\omni.ja
[2012.09.11 18:02:22 | 002,061,280 | ---- | C] () -- C:\Program Files\mozjs.dll
[2012.09.11 18:02:22 | 000,157,664 | ---- | C] () -- C:\Program Files\nsldap32v60.dll
[2012.09.11 18:02:22 | 000,021,984 | ---- | C] () -- C:\Program Files\nsldappr32v60.dll
[2012.09.11 18:02:22 | 000,017,376 | ---- | C] () -- C:\Program Files\nsldif32v60.dll
[2012.09.11 18:02:22 | 000,016,831 | ---- | C] () -- C:\Program Files\blocklist.xml
[2012.09.11 18:02:22 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2012.09.11 18:02:22 | 000,000,909 | ---- | C] () -- C:\Program Files\updater.ini
[2012.09.11 18:02:22 | 000,000,569 | ---- | C] () -- C:\Program Files\application.ini
[2012.09.11 18:02:22 | 000,000,206 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2012.09.11 18:02:22 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini
[2012.09.11 18:02:22 | 000,000,109 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.09.11 18:02:21 | 000,019,062 | ---- | C] () -- C:\Program Files\removed-files
[2012.09.11 18:02:21 | 000,002,000 | ---- | C] () -- C:\Program Files\precomplete
[2012.09.11 18:02:21 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2012.09.11 18:02:21 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2012.09.11 18:02:21 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2012.07.20 21:20:47 | 000,007,598 | ---- | C] () -- C:\Users\HTho\AppData\Local\Resmon.ResmonCfg
[2012.07.11 23:13:12 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.10 17:12:07 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.07.08 12:37:29 | 000,002,432 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.07 00:39:32 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.07.07 00:39:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.07.07 00:39:20 | 000,042,252 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.07.07 00:39:14 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.07.07 00:39:11 | 000,004,211 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.07.07 00:35:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.07.07 00:35:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.07.07 00:35:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.07.07 00:35:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.07.07 00:35:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.07.07 00:34:22 | 000,000,003 | --S- | C] () -- C:\Users\HTho\AppData\Local\user_data.ini
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.19 23:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.19 23:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:23:38 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.20 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\4 Friends Games
[2012.07.10 22:58:52 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\7 Taskbar Tweaker
[2012.07.13 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Amaranth Games
[2012.09.30 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Anarchy
[2012.07.21 16:37:03 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Artifex Mundi
[2012.07.23 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Artogon
[2012.07.10 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\ASUS
[2012.07.10 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Bet Angel
[2012.07.15 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Big Fish Games
[2012.07.26 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Blue Tea Games
[2012.08.11 15:26:50 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Canneverbe Limited
[2012.07.20 21:42:51 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Chayowo Games
[2012.07.10 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Copernic
[2012.07.10 11:35:14 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\CPUTempWatch
[2012.07.21 09:11:11 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Daedalic Entertainment
[2012.08.20 06:12:35 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\DAEMON Tools Pro
[2012.08.17 16:17:14 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\DailyMagic
[2012.09.18 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Das Fussball Studio
[2012.09.28 13:17:00 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Deep Shadows
[2012.07.10 01:18:54 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\DeviceVm
[2012.07.22 07:43:25 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Elephant Games
[2012.09.03 17:29:24 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\elsterformular
[2012.08.20 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\ERS Game Studios
[2012.08.03 01:54:58 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Firstload
[2012.10.05 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\FlowerOfImmortality
[2012.07.14 17:07:49 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\GameMill Entertainment
[2012.07.16 00:50:54 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Games
[2012.08.02 04:32:49 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Gogii
[2012.07.10 22:58:54 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\IObit
[2012.07.10 22:58:55 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\JAM Software
[2012.10.05 13:06:56 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Lazy Turtle Games
[2012.10.09 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\LibreOffice
[2012.07.10 22:58:56 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\MAXON
[2012.08.02 03:35:05 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Meridian93
[2012.07.21 09:31:07 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\My Games
[2012.09.11 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Opera
[2012.07.15 18:27:10 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Orneon
[2012.07.15 18:08:49 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\PlayPond
[2012.07.14 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\PotPlayerMini64
[2012.08.02 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Princess Isabella
[2012.07.15 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\ProtectDISC
[2012.10.05 12:27:20 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\sekrbfgde
[2012.10.05 13:10:06 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\SMIGames
[2012.07.10 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Stardock
[2012.07.25 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\tabagames
[2012.09.11 18:03:01 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Thunderbird
[2012.07.11 13:56:42 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\TrueCrypt
[2012.09.28 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Unkyuw
[2012.08.17 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\World-LooM
[2012.09.10 14:47:20 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Ymes
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:F860DBFD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:3D36932D

< End of report >
         
--- --- ---

Geändert von 0130 (09.10.2012 um 20:36 Uhr)

Alt 10.10.2012, 08:49   #2
Psychotic
/// Malwareteam
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 10.10.2012, 19:15   #3
0130
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Hy Marius und erstmal vorab schon mal D_A_N_K_E!
Das Runterladen der Avast-Definitionen hat dank 64.000er Glasfaserkabel nur 5 Sekunden gedauert, aber das Tool stürzt nach exakt 60 Sekunden immer wieder ab, und zwar, sobald er den Ordner C:\Windows\assembly\GAC_MSIL\Mivrosoft.Visual.Tools. [.....] erreicht. Den vollständigen Pfad kann ich leider nicht sehen.

edit: obwohl mein System klar und deutlich als Win7 64bit Ultimate erkannt wurde, ist es mir gelungen, den Scan doch noch durchzuführen, ohne Absturz, und zwar im Kompatibilitätsmodus Vista SP 1. Ich weiß nicht, ob das so dieselbe Aussagekraft hat, aber hier ist das Log:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 20:56:53
-----------------------------
20:56:53.936    OS Version: Windows x64 6.0.6001 Service Pack 1
20:56:53.937    Number of processors: 8 586 0x3A09
20:56:53.937    ComputerName: HTHO-PC  UserName: HTho
20:56:54.184    Initialize success
20:56:58.552    AVAST engine defs: 12101000
20:57:07.996    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:57:07.998    Disk 0 Vendor: SAMSUNG_ CXM0 Size: 122104MB BusType: 3
20:57:07.999    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:57:08.000    Disk 1 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 3
20:57:08.001    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
20:57:08.003    Disk 2 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 3
20:57:08.005    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000071
20:57:08.006    Disk 3 Vendor: ASRock__ 1.00 Size: 2048MB BusType: 15
20:57:08.020    Disk 0 MBR read successfully
20:57:08.023    Disk 0 MBR scan
20:57:08.026    Disk 0 Windows 7 default MBR code
20:57:08.031    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:57:08.038    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
20:57:08.065    Disk 0 scanning C:\Windows\system32\drivers
20:57:22.554    Service scanning
20:57:28.519    Modules scanning
20:57:28.525    Disk 0 trace - called modules:
20:57:28.539    
20:57:28.761    AVAST engine scan C:\Windows
20:57:35.194    AVAST engine scan C:\Windows\system32
21:01:49.621    AVAST engine scan C:\Windows\system32\drivers
21:02:13.500    AVAST engine scan C:\Users\HTho
21:04:47.778    Disk 0 MBR has been saved successfully to "C:\Users\HTho\Desktop\MBR.dat"
21:04:47.834    The log file has been saved successfully to "C:\Users\HTho\Desktop\aswMBR.txt"
         

Hier ist das Logfile von TDSS-Killer:
Code:
ATTFilter
20:11:25.0893 8948  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:11:26.0136 8948  ============================================================
20:11:26.0136 8948  Current date / time: 2012/10/10 20:11:26.0136
20:11:26.0136 8948  SystemInfo:
20:11:26.0136 8948  
20:11:26.0136 8948  OS Version: 6.1.7601 ServicePack: 1.0
20:11:26.0136 8948  Product type: Workstation
20:11:26.0136 8948  ComputerName: HTHO-PC
20:11:26.0136 8948  UserName: HTho
20:11:26.0136 8948  Windows directory: C:\Windows
20:11:26.0137 8948  System windows directory: C:\Windows
20:11:26.0137 8948  Running under WOW64
20:11:26.0137 8948  Processor architecture: Intel x64
20:11:26.0137 8948  Number of processors: 8
20:11:26.0137 8948  Page size: 0x1000
20:11:26.0137 8948  Boot type: Normal boot
20:11:26.0137 8948  ============================================================
20:11:31.0866 8948  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:31.0874 8948  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:31.0902 8948  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:31.0905 8948  Drive \Device\Harddisk3\DR3 - Size: 0x80000000 (2.00 Gb), SectorSize: 0x200, Cylinders: 0x105, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:31.0912 8948  Drive \Device\Harddisk4\DR5 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:11:31.0939 8948  Drive \Device\Harddisk4\DR5 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:11:31.0949 8948  ============================================================
20:11:31.0949 8948  \Device\Harddisk0\DR0:
20:11:31.0949 8948  MBR partitions:
20:11:31.0949 8948  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:11:31.0949 8948  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
20:11:31.0949 8948  \Device\Harddisk1\DR1:
20:11:31.0949 8948  MBR partitions:
20:11:31.0949 8948  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A98000
20:11:31.0949 8948  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3A98800, BlocksNum 0xE536F000
20:11:31.0949 8948  \Device\Harddisk2\DR2:
20:11:31.0949 8948  MBR partitions:
20:11:31.0949 8948  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
20:11:31.0949 8948  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x4C8ED45, BlocksNum 0x61AF6E8
20:11:31.0960 8948  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0xAE3E46C, BlocksNum 0x2CC46E61
20:11:31.0974 8948  \Device\Harddisk2\DR2\Partition4: MBR, Type 0x7, StartLBA 0x37A8530C, BlocksNum 0x3CC806B5
20:11:31.0974 8948  \Device\Harddisk3\DR3:
20:11:31.0974 8948  MBR partitions:
20:11:31.0974 8948  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xB, StartLBA 0x1, BlocksNum 0x3FFFFF
20:11:31.0974 8948  \Device\Harddisk4\DR5:
20:11:31.0975 8948  MBR partitions:
20:11:31.0975 8948  \Device\Harddisk4\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:11:31.0975 8948  \Device\Harddisk4\DR5:
20:11:31.0975 8948  MBR partitions:
20:11:31.0975 8948  \Device\Harddisk4\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:11:31.0975 8948  ============================================================
20:11:31.0977 8948  C: <-> \Device\Harddisk0\DR0\Partition2
20:11:32.0061 8948  D: <-> \Device\Harddisk1\DR1\Partition1
20:11:32.0096 8948  E: <-> \Device\Harddisk1\DR1\Partition2
20:11:32.0159 8948  G: <-> \Device\Harddisk2\DR2\Partition2
20:11:32.0186 8948  H: <-> \Device\Harddisk2\DR2\Partition3
20:11:32.0215 8948  I: <-> \Device\Harddisk2\DR2\Partition4
20:11:32.0240 8948  J: <-> \Device\Harddisk2\DR2\Partition1
20:11:32.0246 8948  R: <-> \Device\Harddisk3\DR3\Partition1
20:11:32.0246 8948  ============================================================
20:11:32.0246 8948  Initialize success
20:11:32.0246 8948  ============================================================
20:11:34.0534 7092  ============================================================
20:11:34.0534 7092  Scan started
20:11:34.0534 7092  Mode: Manual; 
20:11:34.0534 7092  ============================================================
20:11:35.0025 7092  ================ Scan system memory ========================
20:11:35.0025 7092  System memory - ok
20:11:35.0025 7092  ================ Scan services =============================
20:11:35.0054 7092  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:11:35.0054 7092  1394ohci - ok
20:11:35.0059 7092  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
20:11:35.0060 7092  acedrv11 - ok
20:11:35.0065 7092  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:11:35.0066 7092  ACPI - ok
20:11:35.0067 7092  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:11:35.0069 7092  AcpiPmi - ok
20:11:35.0072 7092  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:35.0074 7092  AdobeARMservice - ok
20:11:35.0092 7092  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:35.0094 7092  AdobeFlashPlayerUpdateSvc - ok
20:11:35.0099 7092  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:11:35.0101 7092  adp94xx - ok
20:11:35.0105 7092  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:11:35.0106 7092  adpahci - ok
20:11:35.0110 7092  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:11:35.0111 7092  adpu320 - ok
20:11:35.0115 7092  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:11:35.0115 7092  AeLookupSvc - ok
20:11:35.0121 7092  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:11:35.0122 7092  AFD - ok
20:11:35.0125 7092  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:11:35.0126 7092  agp440 - ok
20:11:35.0129 7092  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:11:35.0129 7092  ALG - ok
20:11:35.0131 7092  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:11:35.0131 7092  aliide - ok
20:11:35.0132 7092  ALSysIO - ok
20:11:35.0135 7092  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:11:35.0135 7092  amdide - ok
20:11:35.0137 7092  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:11:35.0139 7092  AmdK8 - ok
20:11:35.0140 7092  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:11:35.0141 7092  AmdPPM - ok
20:11:35.0144 7092  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:11:35.0144 7092  amdsata - ok
20:11:35.0147 7092  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:11:35.0149 7092  amdsbs - ok
20:11:35.0150 7092  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:11:35.0150 7092  amdxata - ok
20:11:35.0152 7092  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:11:35.0154 7092  AppID - ok
20:11:35.0155 7092  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:11:35.0155 7092  AppIDSvc - ok
20:11:35.0159 7092  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:11:35.0159 7092  Appinfo - ok
20:11:35.0162 7092  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:11:35.0164 7092  AppMgmt - ok
20:11:35.0166 7092  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:11:35.0166 7092  arc - ok
20:11:35.0169 7092  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:11:35.0170 7092  arcsas - ok
20:11:35.0171 7092  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
20:11:35.0171 7092  AsrAppCharger - ok
20:11:35.0174 7092  [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
20:11:35.0174 7092  AsrRamDisk - ok
20:11:35.0176 7092  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:35.0176 7092  AsyncMac - ok
20:11:35.0179 7092  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:11:35.0179 7092  atapi - ok
20:11:35.0186 7092  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:11:35.0190 7092  AudioEndpointBuilder - ok
20:11:35.0196 7092  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:11:35.0199 7092  AudioSrv - ok
20:11:35.0212 7092  [ EDDD96CF10FE122B6C745AA9BA9A8A3B ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
20:11:35.0221 7092  AVKProxy - ok
20:11:35.0265 7092  [ 8507922E170A23ACBC20DA53CE7AF7E5 ] AVKService      D:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
20:11:35.0267 7092  AVKService - ok
20:11:35.0305 7092  [ 5073E7FE126ECF62ACEAC7884FD1D140 ] AVKWCtl         D:\Programme\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
20:11:35.0341 7092  AVKWCtl - ok
20:11:35.0346 7092  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:11:35.0346 7092  AxInstSV - ok
20:11:35.0352 7092  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:11:35.0354 7092  b06bdrv - ok
20:11:35.0359 7092  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:11:35.0359 7092  b57nd60a - ok
20:11:35.0362 7092  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:11:35.0364 7092  BDESVC - ok
20:11:35.0365 7092  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:11:35.0365 7092  Beep - ok
20:11:35.0374 7092  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:11:35.0377 7092  BFE - ok
20:11:35.0386 7092  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:11:35.0390 7092  BITS - ok
20:11:35.0391 7092  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:35.0392 7092  blbdrive - ok
20:11:35.0395 7092  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:11:35.0395 7092  bowser - ok
20:11:35.0397 7092  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:11:35.0397 7092  BrFiltLo - ok
20:11:35.0399 7092  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:11:35.0399 7092  BrFiltUp - ok
20:11:35.0402 7092  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:11:35.0404 7092  Browser - ok
20:11:35.0407 7092  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:11:35.0409 7092  Brserid - ok
20:11:35.0411 7092  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:35.0411 7092  BrSerWdm - ok
20:11:35.0412 7092  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:35.0412 7092  BrUsbMdm - ok
20:11:35.0415 7092  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:35.0415 7092  BrUsbSer - ok
20:11:35.0417 7092  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:11:35.0417 7092  BTHMODEM - ok
20:11:35.0421 7092  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:11:35.0421 7092  bthserv - ok
20:11:35.0425 7092  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:11:35.0426 7092  cdfs - ok
20:11:35.0429 7092  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:11:35.0430 7092  cdrom - ok
20:11:35.0432 7092  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:11:35.0434 7092  CertPropSvc - ok
20:11:35.0446 7092  [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
20:11:35.0452 7092  cFosSpeed - ok
20:11:35.0460 7092  [ A469854CD303A39162931FA770EA45A2 ] cFosSpeedS      C:\Program Files\ASRock\XFast LAN\spd.exe
20:11:35.0462 7092  cFosSpeedS - ok
20:11:35.0465 7092  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:11:35.0465 7092  circlass - ok
20:11:35.0470 7092  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:11:35.0471 7092  CLFS - ok
20:11:35.0477 7092  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
20:11:35.0479 7092  CLKMSVC10_38F51D56 - ok
20:11:35.0486 7092  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:35.0486 7092  clr_optimization_v2.0.50727_32 - ok
20:11:35.0492 7092  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:11:35.0494 7092  clr_optimization_v2.0.50727_64 - ok
20:11:35.0501 7092  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:35.0502 7092  clr_optimization_v4.0.30319_32 - ok
20:11:35.0507 7092  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:11:35.0509 7092  clr_optimization_v4.0.30319_64 - ok
20:11:35.0511 7092  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:35.0511 7092  CmBatt - ok
20:11:35.0512 7092  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:11:35.0514 7092  cmdide - ok
20:11:35.0524 7092  [ 2DECC0F887375AC45948B681EDCC8E3A ] cmudaxp         C:\Windows\system32\drivers\cmudaxp.sys
20:11:35.0529 7092  cmudaxp - ok
20:11:35.0535 7092  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:11:35.0536 7092  CNG - ok
20:11:35.0539 7092  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:11:35.0539 7092  Compbatt - ok
20:11:35.0541 7092  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:11:35.0541 7092  CompositeBus - ok
20:11:35.0542 7092  COMSysApp - ok
20:11:35.0547 7092  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:11:35.0550 7092  cphs - ok
20:11:35.0551 7092  cpuz135 - ok
20:11:35.0554 7092  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:11:35.0554 7092  crcdisk - ok
20:11:35.0557 7092  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:11:35.0559 7092  CryptSvc - ok
20:11:35.0565 7092  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:11:35.0566 7092  CSC - ok
20:11:35.0575 7092  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:11:35.0577 7092  CscService - ok
20:11:35.0584 7092  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:11:35.0587 7092  DcomLaunch - ok
20:11:35.0591 7092  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:11:35.0592 7092  defragsvc - ok
20:11:35.0596 7092  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:11:35.0596 7092  DfsC - ok
20:11:35.0600 7092  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:11:35.0602 7092  Dhcp - ok
20:11:35.0605 7092  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:11:35.0605 7092  discache - ok
20:11:35.0607 7092  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:11:35.0607 7092  Disk - ok
20:11:35.0611 7092  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:11:35.0612 7092  Dnscache - ok
20:11:35.0616 7092  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:11:35.0617 7092  dot3svc - ok
20:11:35.0620 7092  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:11:35.0621 7092  DPS - ok
20:11:35.0622 7092  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:11:35.0624 7092  drmkaud - ok
20:11:35.0627 7092  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:11:35.0629 7092  dtsoftbus01 - ok
20:11:35.0639 7092  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:11:35.0642 7092  DXGKrnl - ok
20:11:35.0645 7092  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:11:35.0646 7092  EapHost - ok
20:11:35.0669 7092  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:11:35.0681 7092  ebdrv - ok
20:11:35.0684 7092  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:11:35.0685 7092  EFS - ok
20:11:35.0694 7092  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:11:35.0699 7092  ehRecvr - ok
20:11:35.0701 7092  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:11:35.0702 7092  ehSched - ok
20:11:35.0706 7092  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
20:11:35.0706 7092  ElbyCDIO - ok
20:11:35.0712 7092  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:11:35.0715 7092  elxstor - ok
20:11:35.0720 7092  [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
20:11:35.0722 7092  EPSON_EB_RPCV4_01 - ok
20:11:35.0725 7092  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
20:11:35.0726 7092  EPSON_PM_RPCV4_01 - ok
20:11:35.0729 7092  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:11:35.0729 7092  ErrDev - ok
20:11:35.0735 7092  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:11:35.0737 7092  EventSystem - ok
20:11:35.0741 7092  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:11:35.0742 7092  exfat - ok
20:11:35.0745 7092  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:11:35.0746 7092  fastfat - ok
20:11:35.0754 7092  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:11:35.0756 7092  Fax - ok
20:11:35.0759 7092  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:11:35.0759 7092  fdc - ok
20:11:35.0761 7092  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:11:35.0761 7092  fdPHost - ok
20:11:35.0764 7092  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:11:35.0764 7092  FDResPub - ok
20:11:35.0766 7092  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:11:35.0766 7092  FileInfo - ok
20:11:35.0769 7092  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:11:35.0769 7092  Filetrace - ok
20:11:35.0771 7092  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:35.0771 7092  flpydisk - ok
20:11:35.0776 7092  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:11:35.0776 7092  FltMgr - ok
20:11:35.0780 7092  [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
20:11:35.0780 7092  FNETTBOH_305 - ok
20:11:35.0782 7092  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
20:11:35.0782 7092  FNETURPX - ok
20:11:35.0792 7092  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:11:35.0799 7092  FontCache - ok
20:11:35.0801 7092  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:35.0802 7092  FontCache3.0.0.0 - ok
20:11:35.0805 7092  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:11:35.0805 7092  FsDepends - ok
20:11:35.0807 7092  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:11:35.0807 7092  Fs_Rec - ok
20:11:35.0811 7092  [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
20:11:35.0812 7092  Futuremark SystemInfo Service - ok
20:11:35.0815 7092  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:11:35.0816 7092  fvevol - ok
20:11:35.0819 7092  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:11:35.0819 7092  gagp30kx - ok
20:11:35.0821 7092  [ 4EB3AB859611749596D98EF1B9326EDE ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
20:11:35.0821 7092  GDBehave - ok
20:11:35.0822 7092  GDFwSvc - ok
20:11:35.0826 7092  [ 799A7F45C7BF6D73C1C24023BC31A93B ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
20:11:35.0826 7092  GDMnIcpt - ok
20:11:35.0829 7092  [ D826B9C59DE0B310C9E560763560D8F9 ] GdNetMon        C:\Windows\system32\drivers\GdNetMon64.sys
20:11:35.0829 7092  GdNetMon - ok
20:11:35.0831 7092  [ A7DBC5E8767E70DBF59114F826D4B1B6 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
20:11:35.0831 7092  GDPkIcpt - ok
20:11:35.0839 7092  [ 80190BE5E4701523DB0EFA25699C509A ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
20:11:35.0841 7092  GDScan - ok
20:11:35.0844 7092  [ 5CB3B3B54EC809B0F65C50148C50EB37 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
20:11:35.0844 7092  gdwfpcd - ok
20:11:35.0851 7092  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:11:35.0855 7092  gpsvc - ok
20:11:35.0859 7092  [ E10BAA2EA50E575BBEF0C5080DA088A4 ] GRD             C:\Windows\system32\drivers\GRD.sys
20:11:35.0859 7092  GRD - ok
20:11:35.0861 7092  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:35.0862 7092  gupdate - ok
20:11:35.0864 7092  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:35.0864 7092  gupdatem - ok
20:11:35.0866 7092  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:11:35.0866 7092  hcw85cir - ok
20:11:35.0871 7092  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:11:35.0872 7092  HdAudAddService - ok
20:11:35.0875 7092  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:11:35.0876 7092  HDAudBus - ok
20:11:35.0877 7092  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:11:35.0877 7092  HidBatt - ok
20:11:35.0880 7092  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:11:35.0881 7092  HidBth - ok
20:11:35.0882 7092  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:11:35.0884 7092  HidIr - ok
20:11:35.0885 7092  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:11:35.0886 7092  hidserv - ok
20:11:35.0887 7092  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:11:35.0889 7092  HidUsb - ok
20:11:35.0890 7092  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:11:35.0891 7092  hkmsvc - ok
20:11:35.0895 7092  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:11:35.0897 7092  HomeGroupListener - ok
20:11:35.0901 7092  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:11:35.0902 7092  HomeGroupProvider - ok
20:11:35.0904 7092  [ 7AFE83BEBDBDBFE9263D7768C5908FA4 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
20:11:35.0905 7092  HookCentre - ok
20:11:35.0907 7092  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:11:35.0907 7092  HpSAMD - ok
20:11:35.0915 7092  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:11:35.0917 7092  HTTP - ok
20:11:35.0920 7092  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:11:35.0920 7092  hwpolicy - ok
20:11:35.0922 7092  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:11:35.0922 7092  i8042prt - ok
20:11:35.0930 7092  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:11:35.0932 7092  iaStor - ok
20:11:35.0935 7092  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:11:35.0935 7092  IAStorDataMgrSvc - ok
20:11:35.0940 7092  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:11:35.0941 7092  iaStorV - ok
20:11:35.0950 7092  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:11:35.0966 7092  idsvc - ok
20:11:36.0052 7092  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:11:36.0105 7092  igfx - ok
20:11:36.0110 7092  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:11:36.0110 7092  iirsp - ok
20:11:36.0112 7092  [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
20:11:36.0112 7092  ikbevent - ok
20:11:36.0121 7092  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:11:36.0126 7092  IKEEXT - ok
20:11:36.0129 7092  [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
20:11:36.0129 7092  imsevent - ok
20:11:36.0139 7092  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:11:36.0142 7092  Intel(R) Capability Licensing Service Interface - ok
20:11:36.0146 7092  [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:11:36.0146 7092  Intel(R) ME Service - ok
20:11:36.0149 7092  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:11:36.0149 7092  intelide - ok
20:11:36.0151 7092  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:11:36.0151 7092  intelppm - ok
20:11:36.0154 7092  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:11:36.0155 7092  IPBusEnum - ok
20:11:36.0157 7092  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:36.0157 7092  IpFilterDriver - ok
20:11:36.0165 7092  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:11:36.0167 7092  iphlpsvc - ok
20:11:36.0170 7092  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:11:36.0171 7092  IPMIDRV - ok
20:11:36.0174 7092  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:11:36.0175 7092  IPNAT - ok
20:11:36.0176 7092  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:11:36.0177 7092  IRENUM - ok
20:11:36.0179 7092  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:11:36.0179 7092  isapnp - ok
20:11:36.0184 7092  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:11:36.0184 7092  iScsiPrt - ok
20:11:36.0186 7092  [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
20:11:36.0186 7092  ISCT - ok
20:11:36.0190 7092  [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
20:11:36.0191 7092  ISCTAgent - ok
20:11:36.0194 7092  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:11:36.0194 7092  iusb3hcs - ok
20:11:36.0199 7092  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
20:11:36.0200 7092  iusb3hub - ok
20:11:36.0209 7092  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:11:36.0211 7092  iusb3xhc - ok
20:11:36.0215 7092  [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:11:36.0216 7092  jhi_service - ok
20:11:36.0219 7092  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:36.0220 7092  kbdclass - ok
20:11:36.0221 7092  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:36.0221 7092  kbdhid - ok
20:11:36.0224 7092  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:11:36.0225 7092  KeyIso - ok
20:11:36.0227 7092  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:11:36.0227 7092  KMWDFILTER - ok
20:11:36.0230 7092  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:11:36.0230 7092  KSecDD - ok
20:11:36.0234 7092  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:11:36.0234 7092  KSecPkg - ok
20:11:36.0236 7092  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:11:36.0236 7092  ksthunk - ok
20:11:36.0241 7092  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:11:36.0244 7092  KtmRm - ok
20:11:36.0247 7092  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:11:36.0249 7092  LanmanServer - ok
20:11:36.0252 7092  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:11:36.0254 7092  LanmanWorkstation - ok
20:11:36.0256 7092  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:11:36.0257 7092  lltdio - ok
20:11:36.0261 7092  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:11:36.0262 7092  lltdsvc - ok
20:11:36.0265 7092  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:11:36.0265 7092  lmhosts - ok
20:11:36.0270 7092  [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:11:36.0271 7092  LMS - ok
20:11:36.0275 7092  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:11:36.0276 7092  LSI_FC - ok
20:11:36.0279 7092  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:11:36.0279 7092  LSI_SAS - ok
20:11:36.0281 7092  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:11:36.0281 7092  LSI_SAS2 - ok
20:11:36.0284 7092  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:11:36.0285 7092  LSI_SCSI - ok
20:11:36.0287 7092  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:11:36.0287 7092  luafv - ok
20:11:36.0292 7092  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
20:11:36.0294 7092  LVRS64 - ok
20:11:36.0327 7092  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
20:11:36.0345 7092  LVUVC64 - ok
20:11:36.0349 7092  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:11:36.0350 7092  MBAMProtector - ok
20:11:36.0355 7092  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:11:36.0357 7092  MBAMScheduler - ok
20:11:36.0365 7092  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:11:36.0367 7092  MBAMService - ok
20:11:36.0370 7092  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:11:36.0371 7092  Mcx2Svc - ok
20:11:36.0372 7092  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:11:36.0372 7092  megasas - ok
20:11:36.0377 7092  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:11:36.0379 7092  MegaSR - ok
20:11:36.0381 7092  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:11:36.0381 7092  MEIx64 - ok
20:11:36.0384 7092  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:11:36.0385 7092  MMCSS - ok
20:11:36.0386 7092  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:11:36.0386 7092  Modem - ok
20:11:36.0389 7092  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:11:36.0389 7092  monitor - ok
20:11:36.0390 7092  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:11:36.0391 7092  mouclass - ok
20:11:36.0392 7092  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:11:36.0394 7092  mouhid - ok
20:11:36.0396 7092  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:11:36.0396 7092  mountmgr - ok
20:11:36.0400 7092  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:11:36.0400 7092  mpio - ok
20:11:36.0402 7092  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:11:36.0402 7092  mpsdrv - ok
20:11:36.0411 7092  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:11:36.0415 7092  MpsSvc - ok
20:11:36.0417 7092  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:11:36.0419 7092  MRxDAV - ok
20:11:36.0421 7092  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:36.0422 7092  mrxsmb - ok
20:11:36.0426 7092  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:36.0427 7092  mrxsmb10 - ok
20:11:36.0430 7092  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:36.0431 7092  mrxsmb20 - ok
20:11:36.0432 7092  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:11:36.0434 7092  msahci - ok
20:11:36.0436 7092  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:11:36.0437 7092  msdsm - ok
20:11:36.0440 7092  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:11:36.0441 7092  MSDTC - ok
20:11:36.0444 7092  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:11:36.0445 7092  Msfs - ok
20:11:36.0446 7092  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:11:36.0446 7092  mshidkmdf - ok
20:11:36.0449 7092  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:11:36.0449 7092  msisadrv - ok
20:11:36.0451 7092  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:11:36.0452 7092  MSiSCSI - ok
20:11:36.0455 7092  msiserver - ok
20:11:36.0457 7092  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:11:36.0457 7092  MSKSSRV - ok
20:11:36.0460 7092  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:36.0460 7092  MSPCLOCK - ok
20:11:36.0461 7092  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:11:36.0461 7092  MSPQM - ok
20:11:36.0466 7092  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:11:36.0467 7092  MsRPC - ok
20:11:36.0471 7092  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:11:36.0471 7092  mssmbios - ok
20:11:36.0472 7092  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:11:36.0472 7092  MSTEE - ok
20:11:36.0475 7092  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:11:36.0475 7092  MTConfig - ok
20:11:36.0480 7092  [ 9AC4C80D317CF554989944921780D171 ] MTSBDA          C:\Windows\system32\Drivers\MtsBda.sys
20:11:36.0481 7092  MTSBDA - ok
20:11:36.0484 7092  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:11:36.0484 7092  Mup - ok
20:11:36.0489 7092  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:11:36.0492 7092  napagent - ok
20:11:36.0497 7092  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:11:36.0499 7092  NativeWifiP - ok
20:11:36.0509 7092  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:11:36.0512 7092  NDIS - ok
20:11:36.0515 7092  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:36.0515 7092  NdisCap - ok
20:11:36.0516 7092  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:36.0516 7092  NdisTapi - ok
20:11:36.0519 7092  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:36.0519 7092  Ndisuio - ok
20:11:36.0522 7092  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:36.0522 7092  NdisWan - ok
20:11:36.0525 7092  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:11:36.0526 7092  NDProxy - ok
20:11:36.0527 7092  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:11:36.0529 7092  NetBIOS - ok
20:11:36.0532 7092  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:11:36.0534 7092  NetBT - ok
20:11:36.0535 7092  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:11:36.0536 7092  Netlogon - ok
20:11:36.0541 7092  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:11:36.0544 7092  Netman - ok
20:11:36.0549 7092  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:11:36.0552 7092  netprofm - ok
20:11:36.0555 7092  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:11:36.0556 7092  NetTcpPortSharing - ok
20:11:36.0557 7092  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:11:36.0559 7092  nfrd960 - ok
20:11:36.0562 7092  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:11:36.0565 7092  NlaSvc - ok
20:11:36.0569 7092  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:11:36.0569 7092  Npfs - ok
20:11:36.0571 7092  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:11:36.0571 7092  nsi - ok
20:11:36.0574 7092  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:11:36.0574 7092  nsiproxy - ok
20:11:36.0587 7092  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:11:36.0594 7092  Ntfs - ok
20:11:36.0596 7092  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:11:36.0596 7092  Null - ok
20:11:36.0600 7092  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:11:36.0600 7092  NVHDA - ok
20:11:36.0689 7092  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:36.0740 7092  nvlddmkm - ok
20:11:36.0745 7092  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:11:36.0746 7092  nvraid - ok
20:11:36.0749 7092  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:11:36.0750 7092  nvstor - ok
20:11:36.0759 7092  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:11:36.0762 7092  nvsvc - ok
20:11:36.0774 7092  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:11:36.0779 7092  nvUpdatusService - ok
20:11:36.0781 7092  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:11:36.0782 7092  nv_agp - ok
20:11:36.0785 7092  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:11:36.0785 7092  ohci1394 - ok
20:11:36.0815 7092  [ A6EA24FB68AA9BD3CB1F82A2979F0809 ] OO DiskImage    C:\Program Files\OO Software\DiskImage\oodiag.exe
20:11:36.0836 7092  OO DiskImage - ok
20:11:36.0840 7092  [ 0B6A0ACC43B175C681C56319AADB42F8 ] oodisr          C:\Windows\system32\DRIVERS\oodisr.sys
20:11:36.0841 7092  oodisr - ok
20:11:36.0844 7092  [ 9511A4539BB2507FAE2C024ECD924DA9 ] oodisrh         C:\Windows\system32\DRIVERS\oodisrh.sys
20:11:36.0845 7092  oodisrh - ok
20:11:36.0847 7092  [ 2E392102EF4A9ED8263D8FC054D1C2D7 ] oodivd          C:\Windows\system32\DRIVERS\oodivd.sys
20:11:36.0849 7092  oodivd - ok
20:11:36.0851 7092  [ 91945FB167BCD78261ABA17677D3E2DF ] oodivdh         C:\Windows\system32\DRIVERS\oodivdh.sys
20:11:36.0851 7092  oodivdh - ok
20:11:36.0855 7092  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:36.0856 7092  ose64 - ok
20:11:36.0891 7092  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:11:36.0919 7092  osppsvc - ok
20:11:36.0926 7092  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:11:36.0929 7092  p2pimsvc - ok
20:11:36.0934 7092  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:11:36.0936 7092  p2psvc - ok
20:11:36.0939 7092  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:11:36.0939 7092  Parport - ok
20:11:36.0941 7092  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:11:36.0942 7092  partmgr - ok
20:11:36.0945 7092  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:11:36.0946 7092  PcaSvc - ok
20:11:36.0950 7092  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:11:36.0951 7092  pci - ok
20:11:36.0952 7092  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:11:36.0952 7092  pciide - ok
20:11:36.0956 7092  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:11:36.0957 7092  pcmcia - ok
20:11:36.0960 7092  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:11:36.0960 7092  pcw - ok
20:11:36.0966 7092  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:11:36.0969 7092  PEAUTH - ok
20:11:36.0980 7092  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:11:36.0985 7092  PeerDistSvc - ok
20:11:37.0002 7092  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:11:37.0005 7092  PerfHost - ok
20:11:37.0019 7092  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:11:37.0024 7092  pla - ok
20:11:37.0030 7092  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:11:37.0032 7092  PlugPlay - ok
20:11:37.0035 7092  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:11:37.0036 7092  PNRPAutoReg - ok
20:11:37.0040 7092  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:11:37.0041 7092  PNRPsvc - ok
20:11:37.0047 7092  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:11:37.0050 7092  PolicyAgent - ok
20:11:37.0054 7092  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:11:37.0055 7092  Power - ok
20:11:37.0057 7092  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:11:37.0059 7092  PptpMiniport - ok
20:11:37.0061 7092  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:11:37.0062 7092  Processor - ok
20:11:37.0066 7092  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:11:37.0067 7092  ProfSvc - ok
20:11:37.0069 7092  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:11:37.0070 7092  ProtectedStorage - ok
20:11:37.0072 7092  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:11:37.0074 7092  Psched - ok
20:11:37.0086 7092  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:11:37.0091 7092  ql2300 - ok
20:11:37.0094 7092  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:11:37.0095 7092  ql40xx - ok
20:11:37.0099 7092  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:11:37.0100 7092  QWAVE - ok
20:11:37.0102 7092  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:11:37.0102 7092  QWAVEdrv - ok
20:11:37.0104 7092  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:11:37.0105 7092  RasAcd - ok
20:11:37.0107 7092  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:37.0107 7092  RasAgileVpn - ok
20:11:37.0110 7092  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:11:37.0111 7092  RasAuto - ok
20:11:37.0114 7092  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:37.0115 7092  Rasl2tp - ok
20:11:37.0119 7092  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:11:37.0121 7092  RasMan - ok
20:11:37.0124 7092  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:37.0124 7092  RasPppoe - ok
20:11:37.0126 7092  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:11:37.0127 7092  RasSstp - ok
20:11:37.0131 7092  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:11:37.0132 7092  rdbss - ok
20:11:37.0135 7092  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:11:37.0135 7092  rdpbus - ok
20:11:37.0136 7092  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:37.0137 7092  RDPCDD - ok
20:11:37.0141 7092  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:11:37.0142 7092  RDPDR - ok
20:11:37.0144 7092  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:11:37.0144 7092  RDPENCDD - ok
20:11:37.0146 7092  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:11:37.0146 7092  RDPREFMP - ok
20:11:37.0150 7092  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:11:37.0150 7092  RdpVideoMiniport - ok
20:11:37.0154 7092  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:11:37.0155 7092  RDPWD - ok
20:11:37.0159 7092  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:11:37.0160 7092  rdyboost - ok
20:11:37.0162 7092  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:11:37.0164 7092  RemoteAccess - ok
20:11:37.0166 7092  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:11:37.0167 7092  RemoteRegistry - ok
20:11:37.0172 7092  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:11:37.0175 7092  RichVideo - ok
20:11:37.0177 7092  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:11:37.0179 7092  RpcEptMapper - ok
20:11:37.0180 7092  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:11:37.0181 7092  RpcLocator - ok
20:11:37.0186 7092  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:11:37.0189 7092  RpcSs - ok
20:11:37.0191 7092  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:11:37.0192 7092  rspndr - ok
20:11:37.0200 7092  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:11:37.0201 7092  RTL8167 - ok
20:11:37.0204 7092  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:11:37.0205 7092  SamSs - ok
20:11:37.0209 7092  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:11:37.0210 7092  sbp2port - ok
20:11:37.0214 7092  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:11:37.0215 7092  SCardSvr - ok
20:11:37.0216 7092  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:11:37.0217 7092  scfilter - ok
20:11:37.0227 7092  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:11:37.0234 7092  Schedule - ok
20:11:37.0236 7092  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:11:37.0237 7092  SCPolicySvc - ok
20:11:37.0240 7092  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:11:37.0241 7092  SDRSVC - ok
20:11:37.0244 7092  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:11:37.0244 7092  secdrv - ok
20:11:37.0246 7092  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:11:37.0247 7092  seclogon - ok
20:11:37.0250 7092  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:11:37.0251 7092  SENS - ok
20:11:37.0252 7092  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:11:37.0254 7092  SensrSvc - ok
20:11:37.0255 7092  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:11:37.0256 7092  Serenum - ok
20:11:37.0259 7092  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:11:37.0260 7092  Serial - ok
20:11:37.0262 7092  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:11:37.0262 7092  sermouse - ok
20:11:37.0267 7092  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:11:37.0269 7092  SessionEnv - ok
20:11:37.0271 7092  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:11:37.0271 7092  sffdisk - ok
20:11:37.0272 7092  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:11:37.0274 7092  sffp_mmc - ok
20:11:37.0275 7092  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:11:37.0275 7092  sffp_sd - ok
20:11:37.0277 7092  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:11:37.0277 7092  sfloppy - ok
20:11:37.0282 7092  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:11:37.0284 7092  SharedAccess - ok
20:11:37.0289 7092  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:11:37.0291 7092  ShellHWDetection - ok
20:11:37.0294 7092  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:11:37.0294 7092  SiSRaid2 - ok
20:11:37.0296 7092  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:11:37.0296 7092  SiSRaid4 - ok
20:11:37.0299 7092  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:11:37.0300 7092  Smb - ok
20:11:37.0302 7092  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:11:37.0304 7092  SNMPTRAP - ok
20:11:37.0306 7092  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:11:37.0306 7092  spldr - ok
20:11:37.0312 7092  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:11:37.0316 7092  Spooler - ok
20:11:37.0340 7092  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:11:37.0354 7092  sppsvc - ok
20:11:37.0357 7092  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:11:37.0359 7092  sppuinotify - ok
20:11:37.0360 7092  sptd - ok
20:11:37.0366 7092  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:11:37.0369 7092  srv - ok
20:11:37.0374 7092  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:11:37.0375 7092  srv2 - ok
20:11:37.0379 7092  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:11:37.0380 7092  srvnet - ok
20:11:37.0384 7092  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:11:37.0385 7092  SSDPSRV - ok
20:11:37.0387 7092  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:11:37.0389 7092  SstpSvc - ok
20:11:37.0394 7092  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:11:37.0396 7092  Stereo Service - ok
20:11:37.0397 7092  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:11:37.0399 7092  stexstor - ok
20:11:37.0405 7092  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:11:37.0409 7092  stisvc - ok
20:11:37.0411 7092  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:11:37.0411 7092  swenum - ok
20:11:37.0416 7092  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:11:37.0419 7092  swprv - ok
20:11:37.0420 7092  Synth3dVsc - ok
20:11:37.0435 7092  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:11:37.0441 7092  SysMain - ok
20:11:37.0444 7092  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:11:37.0445 7092  TabletInputService - ok
20:11:37.0450 7092  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:11:37.0451 7092  TapiSrv - ok
20:11:37.0455 7092  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:11:37.0456 7092  TBS - ok
20:11:37.0471 7092  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:11:37.0477 7092  Tcpip - ok
20:11:37.0494 7092  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:11:37.0500 7092  TCPIP6 - ok
20:11:37.0504 7092  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:11:37.0504 7092  tcpipreg - ok
20:11:37.0506 7092  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:11:37.0506 7092  TDPIPE - ok
20:11:37.0509 7092  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:11:37.0509 7092  TDTCP - ok
20:11:37.0511 7092  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:11:37.0512 7092  tdx - ok
20:11:37.0515 7092  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:11:37.0515 7092  TermDD - ok
20:11:37.0522 7092  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:11:37.0526 7092  TermService - ok
20:11:37.0530 7092  [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon         C:\Windows\system32\drivers\TfFsMon.sys
20:11:37.0530 7092  TfFsMon - ok
20:11:37.0532 7092  [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon        C:\Windows\system32\drivers\TfNetMon.sys
20:11:37.0534 7092  TfNetMon - ok
20:11:37.0537 7092  [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon        C:\Windows\system32\drivers\TfSysMon.sys
20:11:37.0539 7092  TfSysMon - ok
20:11:37.0540 7092  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:11:37.0541 7092  Themes - ok
20:11:37.0544 7092  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:11:37.0545 7092  THREADORDER - ok
20:11:37.0547 7092  ThreatFire - ok
20:11:37.0551 7092  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:11:37.0552 7092  TrkWks - ok
20:11:37.0556 7092  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
20:11:37.0557 7092  truecrypt - ok
20:11:37.0561 7092  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:11:37.0562 7092  TrustedInstaller - ok
20:11:37.0565 7092  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:37.0565 7092  tssecsrv - ok
20:11:37.0569 7092  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:11:37.0569 7092  TsUsbFlt - ok
20:11:37.0571 7092  tsusbhub - ok
20:11:37.0574 7092  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:11:37.0575 7092  tunnel - ok
20:11:37.0577 7092  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:11:37.0577 7092  uagp35 - ok
20:11:37.0582 7092  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:11:37.0584 7092  udfs - ok
20:11:37.0587 7092  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:11:37.0589 7092  UI0Detect - ok
20:11:37.0590 7092  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:11:37.0591 7092  uliagpkx - ok
20:11:37.0592 7092  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:11:37.0594 7092  umbus - ok
20:11:37.0596 7092  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:11:37.0596 7092  UmPass - ok
20:11:37.0600 7092  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:11:37.0601 7092  UmRdpService - ok
20:11:37.0607 7092  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:11:37.0632 7092  UMVPFSrv - ok
20:11:37.0639 7092  [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:11:37.0641 7092  UNS - ok
20:11:37.0646 7092  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:11:37.0649 7092  upnphost - ok
20:11:37.0651 7092  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:11:37.0651 7092  usbaudio - ok
20:11:37.0655 7092  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:37.0655 7092  usbccgp - ok
20:11:37.0657 7092  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:11:37.0659 7092  usbcir - ok
20:11:37.0661 7092  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:11:37.0661 7092  usbehci - ok
20:11:37.0666 7092  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:11:37.0667 7092  usbhub - ok
20:11:37.0670 7092  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:11:37.0670 7092  usbohci - ok
20:11:37.0671 7092  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:11:37.0672 7092  usbprint - ok
20:11:37.0675 7092  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:11:37.0675 7092  usbscan - ok
20:11:37.0677 7092  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:37.0677 7092  USBSTOR - ok
20:11:37.0680 7092  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:11:37.0681 7092  usbuhci - ok
20:11:37.0685 7092  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:11:37.0685 7092  usbvideo - ok
20:11:37.0687 7092  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:11:37.0689 7092  UxSms - ok
20:11:37.0691 7092  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:11:37.0691 7092  VaultSvc - ok
20:11:37.0694 7092  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
20:11:37.0694 7092  VClone - ok
20:11:37.0696 7092  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:11:37.0696 7092  vdrvroot - ok
20:11:37.0702 7092  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:11:37.0706 7092  vds - ok
20:11:37.0709 7092  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:37.0709 7092  vga - ok
20:11:37.0710 7092  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:11:37.0711 7092  VgaSave - ok
20:11:37.0712 7092  VGPU - ok
20:11:37.0716 7092  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:11:37.0717 7092  vhdmp - ok
20:11:37.0719 7092  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:11:37.0719 7092  viaide - ok
20:11:37.0721 7092  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:11:37.0722 7092  volmgr - ok
20:11:37.0726 7092  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:11:37.0727 7092  volmgrx - ok
20:11:37.0732 7092  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:11:37.0734 7092  volsnap - ok
20:11:37.0737 7092  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:11:37.0737 7092  vsmraid - ok
20:11:37.0751 7092  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:11:37.0756 7092  VSS - ok
20:11:37.0759 7092  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:11:37.0760 7092  vwifibus - ok
20:11:37.0765 7092  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:11:37.0766 7092  W32Time - ok
20:11:37.0769 7092  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:11:37.0770 7092  WacomPen - ok
20:11:37.0772 7092  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:11:37.0772 7092  WANARP - ok
20:11:37.0775 7092  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:11:37.0775 7092  Wanarpv6 - ok
20:11:37.0787 7092  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:11:37.0794 7092  wbengine - ok
20:11:37.0797 7092  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:11:37.0799 7092  WbioSrvc - ok
20:11:37.0804 7092  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:11:37.0806 7092  wcncsvc - ok
20:11:37.0809 7092  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:11:37.0810 7092  WcsPlugInService - ok
20:11:37.0811 7092  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:11:37.0812 7092  Wd - ok
20:11:37.0819 7092  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:11:37.0821 7092  Wdf01000 - ok
20:11:37.0824 7092  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:11:37.0825 7092  WdiServiceHost - ok
20:11:37.0827 7092  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:11:37.0829 7092  WdiSystemHost - ok
20:11:37.0832 7092  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:11:37.0834 7092  WebClient - ok
20:11:37.0837 7092  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:11:37.0840 7092  Wecsvc - ok
20:11:37.0842 7092  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:11:37.0844 7092  wercplsupport - ok
20:11:37.0846 7092  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:11:37.0847 7092  WerSvc - ok
20:11:37.0849 7092  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:37.0850 7092  WfpLwf - ok
20:11:37.0851 7092  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:11:37.0851 7092  WIMMount - ok
20:11:37.0852 7092  WinDefend - ok
20:11:37.0855 7092  WinHttpAutoProxySvc - ok
20:11:37.0864 7092  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:11:37.0870 7092  Winmgmt - ok
20:11:37.0886 7092  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:11:37.0894 7092  WinRM - ok
20:11:37.0905 7092  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:11:37.0909 7092  Wlansvc - ok
20:11:37.0911 7092  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:11:37.0911 7092  WmiAcpi - ok
20:11:37.0916 7092  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:11:37.0919 7092  wmiApSrv - ok
20:11:37.0920 7092  WMPNetworkSvc - ok
20:11:37.0922 7092  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:11:37.0924 7092  WPCSvc - ok
20:11:37.0926 7092  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:11:37.0929 7092  WPDBusEnum - ok
20:11:37.0930 7092  [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001    C:\Windows\system32\drivers\WPRO_41_2001.sys
20:11:37.0931 7092  WPRO_41_2001 - ok
20:11:37.0932 7092  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:11:37.0932 7092  ws2ifsl - ok
20:11:37.0936 7092  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:11:37.0937 7092  wscsvc - ok
20:11:37.0939 7092  WSearch - ok
20:11:37.0959 7092  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:11:37.0972 7092  wuauserv - ok
20:11:37.0975 7092  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:11:37.0976 7092  WudfPf - ok
20:11:37.0980 7092  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:37.0981 7092  WUDFRd - ok
20:11:37.0984 7092  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:11:37.0985 7092  wudfsvc - ok
20:11:37.0989 7092  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:11:37.0990 7092  WwanSvc - ok
20:11:37.0992 7092  ================ Scan global ===============================
20:11:37.0994 7092  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:11:37.0997 7092  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:11:38.0001 7092  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:11:38.0005 7092  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:11:38.0010 7092  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:11:38.0011 7092  [Global] - ok
20:11:38.0011 7092  ================ Scan MBR ==================================
20:11:38.0012 7092  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:11:38.0160 7092  \Device\Harddisk0\DR0 - ok
20:11:38.0161 7092  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:11:38.0162 7092  \Device\Harddisk1\DR1 - ok
20:11:38.0164 7092  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
20:11:38.0432 7092  \Device\Harddisk2\DR2 - ok
20:11:38.0434 7092  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
20:11:38.0447 7092  \Device\Harddisk3\DR3 - ok
20:11:38.0451 7092  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR5
20:11:38.0454 7092  \Device\Harddisk4\DR5 - ok
20:11:38.0456 7092  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR5
20:11:38.0460 7092  \Device\Harddisk4\DR5 - ok
20:11:38.0461 7092  ================ Scan VBR ==================================
20:11:38.0462 7092  [ 4B9AB98B0F599086B92AAB81B34DB1AC ] \Device\Harddisk0\DR0\Partition1
20:11:38.0462 7092  \Device\Harddisk0\DR0\Partition1 - ok
20:11:38.0464 7092  [ DE17F021A4510C4346DF5422CFC9AA1E ] \Device\Harddisk0\DR0\Partition2
20:11:38.0465 7092  \Device\Harddisk0\DR0\Partition2 - ok
20:11:38.0466 7092  [ 9EC56312150826C4EFB70861EF681DF6 ] \Device\Harddisk1\DR1\Partition1
20:11:38.0466 7092  \Device\Harddisk1\DR1\Partition1 - ok
20:11:38.0467 7092  [ B5EBF65D133A422267C87C9E4891FD4D ] \Device\Harddisk1\DR1\Partition2
20:11:38.0469 7092  \Device\Harddisk1\DR1\Partition2 - ok
20:11:38.0470 7092  [ 003144F42C0D81EC08957DF49EBBCAB5 ] \Device\Harddisk2\DR2\Partition1
20:11:38.0471 7092  \Device\Harddisk2\DR2\Partition1 - ok
20:11:38.0472 7092  [ 20F114854FF6B36E85D11D51A494D545 ] \Device\Harddisk2\DR2\Partition2
20:11:38.0472 7092  \Device\Harddisk2\DR2\Partition2 - ok
20:11:38.0474 7092  [ 347EF3B79615122803996E7D1540836F ] \Device\Harddisk2\DR2\Partition3
20:11:38.0475 7092  \Device\Harddisk2\DR2\Partition3 - ok
20:11:38.0476 7092  [ 617755DC6A53D8687E97CF184D3F6721 ] \Device\Harddisk2\DR2\Partition4
20:11:38.0477 7092  \Device\Harddisk2\DR2\Partition4 - ok
20:11:38.0479 7092  [ 3094A9D25CADCF30970A9BAE48FE399A ] \Device\Harddisk3\DR3\Partition1
20:11:38.0479 7092  \Device\Harddisk3\DR3\Partition1 - ok
20:11:38.0481 7092  [ 8E797A8E31D46703BC3E0CAEDC27DF6D ] \Device\Harddisk4\DR5\Partition1
20:11:38.0481 7092  \Device\Harddisk4\DR5\Partition1 - ok
20:11:38.0484 7092  [ 8E797A8E31D46703BC3E0CAEDC27DF6D ] \Device\Harddisk4\DR5\Partition1
20:11:38.0484 7092  \Device\Harddisk4\DR5\Partition1 - ok
20:11:38.0484 7092  ============================================================
20:11:38.0484 7092  Scan finished
20:11:38.0484 7092  ============================================================
20:11:38.0487 5692  Detected object count: 0
20:11:38.0487 5692  Actual detected object count: 0
20:11:44.0039 6872  Deinitialize success
         
Danke für Deine Hilfe, Marius!
__________________

Geändert von 0130 (10.10.2012 um 20:08 Uhr)

Alt 11.10.2012, 06:16   #4
Psychotic
/// Malwareteam
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Das ist okay!

Scan mit adwcleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 11.10.2012, 18:21   #5
0130
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Alles klar, hier der Inhalt:


Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 11/10/2012 um 19:18:34 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HTho - HTHO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HTho\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\HTho\AppData\Local\APN
Ordner Gefunden : C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Ordner Gefunden : C:\Users\HTho\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1399780097-724731501-3213506436-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.16] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.1443] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",

*************************

AdwCleaner[R1].txt - [2038 octets] - [11/10/2012 19:18:34]

########## EOF - C:\AdwCleaner[R1].txt - [2098 octets] ##########
         


Alt 12.10.2012, 06:58   #6
Psychotic
/// Malwareteam
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Schritt 1: Fix mit adwCleaner

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: Fix mit OTL

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:F860DBFD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:3D36932D
:FILES
C:\Users\HTho\AppData\Roaming\sekrbfgde
C:\Users\HTho\AppData\Roaming\Ymes
C:\Users\HTho\AppData\Roaming\Unkyuw
:commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"

Alt 12.10.2012, 12:22   #7
0130
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Alles klar, alles nach Anweisung ausgeführt. Hier die Logs:
ADW:
Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 12/10/2012 um 13:12:43 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HTho - HTHO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HTho\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\HTho\AppData\Local\APN
Ordner Gelöscht : C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Ordner Gelöscht : C:\Users\HTho\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.16] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.1443] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",

*************************

AdwCleaner[R1].txt - [2163 octets] - [11/10/2012 19:18:34]
AdwCleaner[S1].txt - [1939 octets] - [12/10/2012 13:12:43]

########## EOF - C:\AdwCleaner[S1].txt - [1999 octets] ##########
         
und OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:F860DBFD deleted successfully.
ADS C:\ProgramData\Temp:45912F61 deleted successfully.
ADS C:\ProgramData\Temp:3D36932D deleted successfully.
========== FILES ==========
C:\Users\HTho\AppData\Roaming\sekrbfgde\data\SCHOERLEDATA folder moved successfully.
C:\Users\HTho\AppData\Roaming\sekrbfgde\data folder moved successfully.
C:\Users\HTho\AppData\Roaming\sekrbfgde folder moved successfully.
C:\Users\HTho\AppData\Roaming\Ymes folder moved successfully.
C:\Users\HTho\AppData\Roaming\Unkyuw folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HTho
->Temp folder emptied: 411083499 bytes
->Temporary Internet Files folder emptied: 6832339 bytes
->Java cache emptied: 55995 bytes
->Google Chrome cache emptied: 64836701 bytes
->Flash cache emptied: 38824 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19956748 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46422000 bytes
RecycleBin emptied: 50164319710 bytes
 
Total Files Cleaned = 48.364,00 mb
         
btw, was ich die ganze Zeit schon fragen wollte: Gibts da jetzt überhaupt eine Infektion, oder ist das unklar?

Geändert von 0130 (12.10.2012 um 12:39 Uhr)

Alt 15.10.2012, 06:45   #8
Psychotic
/// Malwareteam
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Es waren auf jeden Fall Reste vorhanden - was MBAM gefunden hatte, war jedoch nur ein "potentiell unerwünschtes Programm" (englisch potentially unwanted program, kurz PUP).

Macht der Rechner noch Probleme?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 15.10.2012, 19:03   #9
0130
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



nein, alles Bestens soweit, ich hab mir sowas schon gedacht... Die Sysinternals-Suite und die Nirsoft-Utils werden ja auch permanent als Viren gemeldet. Rechner läuft 1a, und seit ich am Samstag auf 4,2Ghz gedreht hab sogar noch ein Bisschen besser
Danke für Deine Hilfe!

Alt 16.10.2012, 07:02   #10
Psychotic
/// Malwareteam
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Dann sind wir durch!


Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme, speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
  • Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:
  • Öffne erneut die Systemsteuerung --> Programme und Funktionen und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen ....
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Schritt 2: VLC-Player update


Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Player von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
  • Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
  • Melde dich umgehend, falls Schwierigkeiten auftreten.



Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button




Systemwiederherstellungspunkte löschen

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:Commands
[clearallrestorepoints]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




ComboFix

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 17.10.2012, 07:20   #11
Psychotic
/// Malwareteam
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"



Schön, dass wir helfen konnten!


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"
adobe, antivirus, askbar, bho, browser, cpu, defender, document, downloader, explorer, firefox, flash player, format, g-data, google, helper, home, homepage, internet, logfile, nvidia update, object, plug-in, realtek, registry, scan, security, software, usb, usb 3.0, wallpapers




Ähnliche Themen: PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Avira meldet TR/Crypt.XPACK.Gen" in Datei "mjcrosoft-windows-hal-events.exe"
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (13)
  3. Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2014 (19)
  4. Windows 7: Auf Festplattenpartition für Daten befindet sich ein Ordner "SoftwareUpdater" mit einer Datei "SoftwareUpdater.Bootstrapper"
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (13)
  5. Windows7 X64: Antivir Fund: "TR/Spy.ZBot.aaop" Meldung: Zugriff auf Datei wurde blockiert. Datei war in E-Mail- Anhang.
    Log-Analyse und Auswertung - 28.11.2013 (9)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. BKA Trojaner - habe mit OTLpe txt Datei erstellt - benötige nun eine "FIX-Datei"?
    Log-Analyse und Auswertung - 11.10.2011 (1)
  10. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  11. "Trojan.Vundo-Variant/F" in Datei "C:\Windows\Syswow64\avsredirect.dll" + vorher weitere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (15)
  12. Virus "Daurso.A" in Datei "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (15)
  13. TR/Agent.ruo im Ordner "windows/system32" in der Datei "d3stez.dll"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (1)
  14. "google-redirect.com"-Wurm in der Datei "autochk.dll/autochk.exe" - Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (31)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Versteckte Datei "kdzqj.exe" in System32 und Reg-Eintrag "System" unter Winlogon
    Plagegeister aller Art und deren Bekämpfung - 25.03.2008 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Hy Board, Diese Meldung hat mir eben mein G-Data Virenwächter gegeben, und zwar in den Pfaden C:\Users..... und D:\Users.... Dazu muss ich sagen, dass C eine SSD ist und ich - PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"...
Archiv
Du betrachtest: PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.