| |
| |||||||
Log-Analyse und Auswertung: Incredibar auch bei mir :-(Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.10.2012, 22:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Incredibar auch bei mir :-( Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.10.2012, 21:22
| #17 |
 | Incredibar auch bei mir :-( Ok, also es ist so:
__________________1. Hatte bisher keine Einschränkung beim Betrieb von Windows, ausser, dass sich als neue Registerkarte immer MyStart auftat. Das ist jetzt nicht mehr, und auch sonst nix bemerkbar Unanständiges. 2. Im Startmenü sehe ich keine Änderungen, auch keine leeren Ordner 3. Werbeeinblendungen & Co gibt es aktuell nicht |
|
19.10.2012, 09:05
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar auch bei mir :-( Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
21.10.2012, 14:14
| #19 |
| | Incredibar auch bei mir :-( Gut, hier ist also erst mal das Log des CustomScans: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2012 15:09:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,37 Gb Available Physical Memory | 83,69% Memory free 31,95 Gb Paging File | 29,16 Gb Available in Paging File | 91,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1713,46 Gb Free Space | 94,57% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive G: | 1,80 Gb Total Space | 0,33 Gb Free Space | 18,50% Space Free | Partition Type: FAT Computer Name: ZENTRAL-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/ IE - HKCU\..\SearchScopes,DefaultScope = {36614090-359E-4718-AD3D-82CEE608571C} IE - HKCU\..\SearchScopes\{36614090-359E-4718-AD3D-82CEE608571C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.27 11:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.27 11:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.27 11:44:05 | 000,000,000 | ---D | M] [2012.10.12 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC807741-F653-41B0-B2C7-9024A2F16898}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.21 15:08:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.10.15 18:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.13 00:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.13 00:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.12 23:46:06 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.10.12 23:45:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.12 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.12 23:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.12 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apps [2012.10.12 23:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.10 21:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.10.10 21:27:43 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.10.10 21:27:43 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.10.10 21:27:43 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.10.10 21:27:43 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.10.10 21:27:43 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.10.10 21:27:43 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.10.10 21:27:43 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.10.10 21:27:43 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.10.10 21:27:43 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.10.10 21:27:43 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.10.10 21:27:43 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.10.10 21:27:43 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.10.10 21:27:43 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.10.10 21:27:43 | 000,831,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.10.10 21:27:43 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.10.10 21:27:43 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.10.10 21:27:43 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.10.10 21:27:43 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.10.10 21:27:42 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.10.10 21:27:42 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.10.10 21:27:42 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.10.09 20:50:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.09 20:50:19 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.09 20:50:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.09 20:50:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.09 20:50:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.09 20:50:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.09 20:50:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.09 20:50:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.09 20:50:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.09 20:50:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.09 20:50:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.09 20:50:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.09 20:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.09 20:50:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.09 20:50:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.09 20:50:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.09 20:50:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.09 20:50:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.09 20:50:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 20:50:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 20:50:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 20:50:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.09 20:50:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 20:50:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 20:50:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.09 20:50:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.09 20:50:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.09 20:50:09 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.09 20:49:59 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.09 20:49:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.02 13:15:52 | 000,430,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2012.09.29 12:36:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.23 16:02:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.23 16:02:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.23 16:02:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.23 16:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.23 16:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.23 16:02:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.23 16:02:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.23 16:02:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.23 16:02:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.23 16:02:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.23 16:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.23 16:02:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.23 16:02:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.23 16:02:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.23 16:02:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.21 15:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.10.21 14:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.21 14:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.21 14:05:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 14:05:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 13:58:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.21 13:58:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.21 13:58:00 | 4276,228,094 | -HS- | M] () -- C:\hiberfil.sys [2012.10.17 22:23:00 | 000,538,941 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe [2012.10.14 21:24:49 | 000,000,264 | ---- | M] () -- C:\Users\Stefan\Desktop\TL8011 TEAK LIEGE ST. VINCENT MIT ABLAGE Amazon.de Garten.url [2012.10.14 21:24:42 | 000,000,212 | ---- | M] () -- C:\Users\Stefan\Desktop\LANDMANN Belardo Rollenliege Rivula.url [2012.10.14 21:24:22 | 000,000,225 | ---- | M] () -- C:\Users\Stefan\Desktop\Gartenliege aus teakholz, gartenmöbel teakholz, - TEAK for you - TECK pour vous.url [2012.10.14 21:24:13 | 000,000,246 | ---- | M] () -- C:\Users\Stefan\Desktop\Belardo Rivula Rollenliege Teak mit Armlehnen - Holz-Gartenliegen - Gartenliegen - Liegen - Gartenmöbel von Garten & Freizeit.url [2012.10.13 00:29:52 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.10.12 23:51:54 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.12 23:12:44 | 000,017,686 | ---- | M] () -- C:\Users\Stefan\Desktop\air conditioner.zip [2012.10.12 22:54:29 | 000,000,264 | ---- | M] () -- C:\Users\Stefan\Desktop\ZIWI Onlineshop für Taubenabwehr, Vogelabwehr und Schwalbenabwehr - ES FIX 8 pin auf Streifen komplett.url [2012.10.12 11:07:27 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.12 11:07:27 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.12 11:07:27 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.12 11:07:27 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.12 11:07:27 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.09 21:13:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 21:13:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.03 00:21:00 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.10.03 00:21:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.10.03 00:21:00 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.10.03 00:21:00 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.10.03 00:21:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.10.03 00:21:00 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.10.03 00:21:00 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.10.03 00:21:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.10.03 00:21:00 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.10.03 00:21:00 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.10.03 00:21:00 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.10.03 00:21:00 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.10.03 00:21:00 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.10.03 00:21:00 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.10.03 00:21:00 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.10.03 00:21:00 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.10.03 00:21:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.10.03 00:21:00 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.10.03 00:21:00 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.10.03 00:21:00 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.10.03 00:21:00 | 000,973,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.10.03 00:21:00 | 000,831,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.10.03 00:21:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.10.03 00:21:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.10.03 00:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.02 21:51:15 | 003,536,817 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.10.02 21:51:11 | 003,293,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.10.02 21:51:04 | 006,200,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.10.02 21:50:57 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.10.02 21:50:57 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.10.02 21:50:57 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.10.02 13:15:52 | 000,430,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.17 22:22:53 | 000,538,941 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe [2012.10.14 21:24:49 | 000,000,264 | ---- | C] () -- C:\Users\Stefan\Desktop\TL8011 TEAK LIEGE ST. VINCENT MIT ABLAGE Amazon.de Garten.url [2012.10.14 21:24:42 | 000,000,212 | ---- | C] () -- C:\Users\Stefan\Desktop\LANDMANN Belardo Rollenliege Rivula.url [2012.10.14 21:24:22 | 000,000,225 | ---- | C] () -- C:\Users\Stefan\Desktop\Gartenliege aus teakholz, gartenmöbel teakholz, - TEAK for you - TECK pour vous.url [2012.10.14 21:24:13 | 000,000,246 | ---- | C] () -- C:\Users\Stefan\Desktop\Belardo Rivula Rollenliege Teak mit Armlehnen - Holz-Gartenliegen - Gartenliegen - Liegen - Gartenmöbel von Garten & Freizeit.url [2012.10.13 00:29:52 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.10.12 23:13:05 | 000,017,686 | ---- | C] () -- C:\Users\Stefan\Desktop\air conditioner.zip [2012.10.12 22:54:29 | 000,000,264 | ---- | C] () -- C:\Users\Stefan\Desktop\ZIWI Onlineshop für Taubenabwehr, Vogelabwehr und Schwalbenabwehr - ES FIX 8 pin auf Streifen komplett.url [2012.01.01 23:08:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.06 15:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > ... und weiter im Programm: Scanne alle Benutzer/ Code eingefügt/ Programme geschlossen/ QuickScan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2012 15:16:07 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,45 Gb Available Physical Memory | 84,20% Memory free 31,95 Gb Paging File | 29,46 Gb Available in Paging File | 92,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1713,46 Gb Free Space | 94,57% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive G: | 1,80 Gb Total Space | 0,33 Gb Free Space | 18,50% Space Free | Partition Type: FAT Computer Name: ZENTRAL-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/ IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001\..\SearchScopes,DefaultScope = {36614090-359E-4718-AD3D-82CEE608571C} IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001\..\SearchScopes\{36614090-359E-4718-AD3D-82CEE608571C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_de IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4186753536-3688999034-3977542235-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.27 11:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.27 11:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.27 11:44:05 | 000,000,000 | ---D | M] [2012.10.12 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4186753536-3688999034-3977542235-1001..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - HKU\S-1-5-21-4186753536-3688999034-3977542235-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4186753536-3688999034-3977542235-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC807741-F653-41B0-B2C7-9024A2F16898}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.21 15:08:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.10.15 18:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.13 00:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.13 00:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.12 23:46:06 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.10.12 23:45:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.12 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.12 23:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.12 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apps [2012.10.12 23:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.10 21:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.21 15:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.21 15:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.10.21 14:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.21 14:05:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 14:05:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 13:58:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.21 13:58:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.21 13:58:00 | 4276,228,094 | -HS- | M] () -- C:\hiberfil.sys [2012.10.17 22:23:00 | 000,538,941 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe [2012.10.14 21:24:49 | 000,000,264 | ---- | M] () -- C:\Users\Stefan\Desktop\TL8011 TEAK LIEGE ST. VINCENT MIT ABLAGE Amazon.de Garten.url [2012.10.14 21:24:42 | 000,000,212 | ---- | M] () -- C:\Users\Stefan\Desktop\LANDMANN Belardo Rollenliege Rivula.url [2012.10.14 21:24:22 | 000,000,225 | ---- | M] () -- C:\Users\Stefan\Desktop\Gartenliege aus teakholz, gartenmöbel teakholz, - TEAK for you - TECK pour vous.url [2012.10.14 21:24:13 | 000,000,246 | ---- | M] () -- C:\Users\Stefan\Desktop\Belardo Rivula Rollenliege Teak mit Armlehnen - Holz-Gartenliegen - Gartenliegen - Liegen - Gartenmöbel von Garten & Freizeit.url [2012.10.13 00:29:52 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.10.12 23:51:54 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.12 23:12:44 | 000,017,686 | ---- | M] () -- C:\Users\Stefan\Desktop\air conditioner.zip [2012.10.12 22:54:29 | 000,000,264 | ---- | M] () -- C:\Users\Stefan\Desktop\ZIWI Onlineshop für Taubenabwehr, Vogelabwehr und Schwalbenabwehr - ES FIX 8 pin auf Streifen komplett.url [2012.10.12 11:07:27 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.12 11:07:27 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.12 11:07:27 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.12 11:07:27 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.12 11:07:27 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.03 00:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.02 21:51:15 | 003,536,817 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.17 22:22:53 | 000,538,941 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe [2012.10.14 21:24:49 | 000,000,264 | ---- | C] () -- C:\Users\Stefan\Desktop\TL8011 TEAK LIEGE ST. VINCENT MIT ABLAGE Amazon.de Garten.url [2012.10.14 21:24:42 | 000,000,212 | ---- | C] () -- C:\Users\Stefan\Desktop\LANDMANN Belardo Rollenliege Rivula.url [2012.10.14 21:24:22 | 000,000,225 | ---- | C] () -- C:\Users\Stefan\Desktop\Gartenliege aus teakholz, gartenmöbel teakholz, - TEAK for you - TECK pour vous.url [2012.10.14 21:24:13 | 000,000,246 | ---- | C] () -- C:\Users\Stefan\Desktop\Belardo Rivula Rollenliege Teak mit Armlehnen - Holz-Gartenliegen - Gartenliegen - Liegen - Gartenmöbel von Garten & Freizeit.url [2012.10.13 00:29:52 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.10.12 23:13:05 | 000,017,686 | ---- | C] () -- C:\Users\Stefan\Desktop\air conditioner.zip [2012.10.12 22:54:29 | 000,000,264 | ---- | C] () -- C:\Users\Stefan\Desktop\ZIWI Onlineshop für Taubenabwehr, Vogelabwehr und Schwalbenabwehr - ES FIX 8 pin auf Streifen komplett.url [2012.01.01 23:08:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.06 15:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.04 03:15:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Engelmann Media [2012.01.15 22:55:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OnLive App [2012.10.12 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SoftGrid Client [2012.01.01 23:09:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TP [2012.01.28 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Wargaming.Net ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.03 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe [2012.02.04 03:38:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\AVS4YOU [2012.01.01 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CyberLink [2012.02.04 03:15:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Engelmann Media [2011.12.27 11:29:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities [2011.12.27 11:29:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Intel Corporation [2011.10.14 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia [2012.10.12 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2011.04.12 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs [2012.04.16 21:49:44 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft [2012.01.28 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NVIDIA [2012.01.15 22:55:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OnLive App [2012.10.12 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SoftGrid Client [2012.01.01 23:09:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TP [2012.01.28 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Wargaming.Net [2012.06.20 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2011.10.14 13:27:09 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Stefan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.26 12:16:06 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.03.26 12:16:06 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.08 15:16:13 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > |
|
21.10.2012, 16:29
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar auch bei mir :-( Log ist unauffällig. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 18:51
| #21 |
| | Incredibar auch bei mir :-( Code:
ATTFilter
19:43:25.0294 2496 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:43:25.0575 2496 ============================================================
19:43:25.0575 2496 Current date / time: 2012/10/21 19:43:25.0575
19:43:25.0575 2496 SystemInfo:
19:43:25.0575 2496
19:43:25.0575 2496 OS Version: 6.1.7601 ServicePack: 1.0
19:43:25.0575 2496 Product type: Workstation
19:43:25.0575 2496 ComputerName: ZENTRAL-PC
19:43:25.0575 2496 UserName: Stefan
19:43:25.0575 2496 Windows directory: C:\Windows
19:43:25.0575 2496 System windows directory: C:\Windows
19:43:25.0575 2496 Running under WOW64
19:43:25.0575 2496 Processor architecture: Intel x64
19:43:25.0575 2496 Number of processors: 8
19:43:25.0575 2496 Page size: 0x1000
19:43:25.0575 2496 Boot type: Normal boot
19:43:25.0575 2496 ============================================================
19:43:26.0043 2496 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:26.0058 2496 Drive \Device\Harddisk1\DR1 - Size: 0x73680000 (1.80 Gb), SectorSize: 0x200, Cylinders: 0xEB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:43:26.0058 2496 ============================================================
19:43:26.0058 2496 \Device\Harddisk0\DR0:
19:43:26.0058 2496 MBR partitions:
19:43:26.0058 2496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:43:26.0058 2496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE27D5800
19:43:26.0058 2496 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE2808000, BlocksNum 0x6400000
19:43:26.0058 2496 \Device\Harddisk1\DR1:
19:43:26.0058 2496 MBR partitions:
19:43:26.0058 2496 ============================================================
19:43:26.0074 2496 C: <-> \Device\Harddisk0\DR0\Partition2
19:43:26.0214 2496 D: <-> \Device\Harddisk0\DR0\Partition3
19:43:26.0214 2496 ============================================================
19:43:26.0214 2496 Initialize success
19:43:26.0214 2496 ============================================================
19:43:32.0985 4160 ============================================================
19:43:32.0985 4160 Scan started
19:43:32.0985 4160 Mode: Manual; SigCheck; TDLFS;
19:43:32.0985 4160 ============================================================
19:43:33.0890 4160 ================ Scan system memory ========================
19:43:33.0890 4160 System memory - ok
19:43:33.0890 4160 ================ Scan services =============================
19:43:33.0983 4160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:43:34.0061 4160 1394ohci - ok
19:43:34.0077 4160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:43:34.0092 4160 ACPI - ok
19:43:34.0108 4160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:43:34.0124 4160 AcpiPmi - ok
19:43:34.0217 4160 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:43:34.0233 4160 AdobeARMservice - ok
19:43:34.0326 4160 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:43:34.0342 4160 AdobeFlashPlayerUpdateSvc - ok
19:43:34.0373 4160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:43:34.0389 4160 adp94xx - ok
19:43:34.0404 4160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:43:34.0420 4160 adpahci - ok
19:43:34.0436 4160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:43:34.0451 4160 adpu320 - ok
19:43:34.0482 4160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:43:34.0529 4160 AeLookupSvc - ok
19:43:34.0623 4160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:43:34.0654 4160 AFD - ok
19:43:34.0670 4160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:43:34.0685 4160 agp440 - ok
19:43:34.0716 4160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:43:34.0748 4160 ALG - ok
19:43:34.0779 4160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:43:34.0794 4160 aliide - ok
19:43:34.0794 4160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:43:34.0810 4160 amdide - ok
19:43:34.0826 4160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:43:34.0857 4160 AmdK8 - ok
19:43:34.0888 4160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:43:34.0919 4160 AmdPPM - ok
19:43:34.0935 4160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:43:34.0950 4160 amdsata - ok
19:43:34.0982 4160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:43:34.0997 4160 amdsbs - ok
19:43:35.0013 4160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:43:35.0028 4160 amdxata - ok
19:43:35.0044 4160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:43:35.0091 4160 AppID - ok
19:43:35.0106 4160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:43:35.0169 4160 AppIDSvc - ok
19:43:35.0216 4160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:43:35.0278 4160 Appinfo - ok
19:43:35.0309 4160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:43:35.0325 4160 arc - ok
19:43:35.0340 4160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:43:35.0356 4160 arcsas - ok
19:43:35.0372 4160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:35.0434 4160 AsyncMac - ok
19:43:35.0450 4160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:43:35.0465 4160 atapi - ok
19:43:35.0481 4160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:43:35.0512 4160 AudioEndpointBuilder - ok
19:43:35.0512 4160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:43:35.0543 4160 AudioSrv - ok
19:43:35.0621 4160 [ B2B3FCBA37671C853879DF7DDE8A839A ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
19:43:35.0637 4160 AVP - ok
19:43:35.0668 4160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:43:35.0699 4160 AxInstSV - ok
19:43:35.0746 4160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:43:35.0762 4160 b06bdrv - ok
19:43:35.0793 4160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:35.0840 4160 b57nd60a - ok
19:43:35.0855 4160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:43:35.0871 4160 BDESVC - ok
19:43:35.0886 4160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:43:35.0933 4160 Beep - ok
19:43:35.0980 4160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:43:36.0027 4160 BFE - ok
19:43:36.0058 4160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:43:36.0105 4160 BITS - ok
19:43:36.0136 4160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:43:36.0167 4160 blbdrive - ok
19:43:36.0198 4160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:43:36.0230 4160 bowser - ok
19:43:36.0261 4160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:43:36.0292 4160 BrFiltLo - ok
19:43:36.0308 4160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:43:36.0339 4160 BrFiltUp - ok
19:43:36.0354 4160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:43:36.0386 4160 Browser - ok
19:43:36.0401 4160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:43:36.0417 4160 Brserid - ok
19:43:36.0432 4160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:36.0448 4160 BrSerWdm - ok
19:43:36.0464 4160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:36.0495 4160 BrUsbMdm - ok
19:43:36.0495 4160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:36.0510 4160 BrUsbSer - ok
19:43:36.0526 4160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:43:36.0542 4160 BTHMODEM - ok
19:43:36.0573 4160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:43:36.0620 4160 bthserv - ok
19:43:36.0635 4160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:43:36.0698 4160 cdfs - ok
19:43:36.0744 4160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:43:36.0776 4160 cdrom - ok
19:43:36.0776 4160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:43:36.0822 4160 CertPropSvc - ok
19:43:36.0838 4160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:43:36.0885 4160 circlass - ok
19:43:36.0900 4160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:43:36.0916 4160 CLFS - ok
19:43:36.0947 4160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:36.0978 4160 clr_optimization_v2.0.50727_32 - ok
19:43:37.0010 4160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:43:37.0025 4160 clr_optimization_v2.0.50727_64 - ok
19:43:37.0072 4160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:37.0088 4160 clr_optimization_v4.0.30319_32 - ok
19:43:37.0119 4160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:37.0134 4160 clr_optimization_v4.0.30319_64 - ok
19:43:37.0150 4160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:43:37.0181 4160 CmBatt - ok
19:43:37.0197 4160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:43:37.0212 4160 cmdide - ok
19:43:37.0244 4160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:43:37.0290 4160 CNG - ok
19:43:37.0306 4160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:43:37.0306 4160 Compbatt - ok
19:43:37.0337 4160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:43:37.0368 4160 CompositeBus - ok
19:43:37.0384 4160 COMSysApp - ok
19:43:37.0400 4160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:43:37.0415 4160 crcdisk - ok
19:43:37.0431 4160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:43:37.0462 4160 CryptSvc - ok
19:43:37.0556 4160 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:43:37.0587 4160 cvhsvc - ok
19:43:37.0618 4160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:43:37.0696 4160 DcomLaunch - ok
19:43:37.0727 4160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:43:37.0774 4160 defragsvc - ok
19:43:37.0790 4160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:43:37.0852 4160 DfsC - ok
19:43:37.0899 4160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:43:37.0946 4160 Dhcp - ok
19:43:37.0961 4160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:43:37.0992 4160 discache - ok
19:43:38.0008 4160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:43:38.0024 4160 Disk - ok
19:43:38.0039 4160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:43:38.0055 4160 Dnscache - ok
19:43:38.0070 4160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:43:38.0117 4160 dot3svc - ok
19:43:38.0117 4160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:43:38.0164 4160 DPS - ok
19:43:38.0195 4160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:43:38.0226 4160 drmkaud - ok
19:43:38.0258 4160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:43:38.0289 4160 DXGKrnl - ok
19:43:38.0289 4160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:43:38.0320 4160 EapHost - ok
19:43:38.0382 4160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:43:38.0445 4160 ebdrv - ok
19:43:38.0460 4160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:43:38.0507 4160 EFS - ok
19:43:38.0554 4160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:43:38.0601 4160 ehRecvr - ok
19:43:38.0601 4160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:43:38.0648 4160 ehSched - ok
19:43:38.0663 4160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:43:38.0694 4160 elxstor - ok
19:43:38.0726 4160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:43:38.0757 4160 ErrDev - ok
19:43:38.0788 4160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:43:38.0850 4160 EventSystem - ok
19:43:38.0882 4160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:43:38.0944 4160 exfat - ok
19:43:39.0006 4160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:43:39.0069 4160 fastfat - ok
19:43:39.0084 4160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:43:39.0116 4160 Fax - ok
19:43:39.0131 4160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:43:39.0162 4160 fdc - ok
19:43:39.0178 4160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:43:39.0225 4160 fdPHost - ok
19:43:39.0225 4160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:43:39.0256 4160 FDResPub - ok
19:43:39.0272 4160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:43:39.0287 4160 FileInfo - ok
19:43:39.0287 4160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:43:39.0334 4160 Filetrace - ok
19:43:39.0350 4160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:43:39.0365 4160 flpydisk - ok
19:43:39.0381 4160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:43:39.0381 4160 FltMgr - ok
19:43:39.0412 4160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:43:39.0474 4160 FontCache - ok
19:43:39.0506 4160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:43:39.0521 4160 FontCache3.0.0.0 - ok
19:43:39.0537 4160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:43:39.0552 4160 FsDepends - ok
19:43:39.0568 4160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:43:39.0584 4160 Fs_Rec - ok
19:43:39.0615 4160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:43:39.0646 4160 fvevol - ok
19:43:39.0662 4160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:43:39.0677 4160 gagp30kx - ok
19:43:39.0708 4160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:43:39.0771 4160 gpsvc - ok
19:43:39.0833 4160 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:39.0849 4160 gupdate - ok
19:43:39.0849 4160 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:39.0864 4160 gupdatem - ok
19:43:39.0896 4160 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:43:39.0911 4160 gusvc - ok
19:43:39.0942 4160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:43:39.0958 4160 hcw85cir - ok
19:43:39.0989 4160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:43:40.0020 4160 HdAudAddService - ok
19:43:40.0052 4160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:43:40.0083 4160 HDAudBus - ok
19:43:40.0098 4160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:43:40.0114 4160 HidBatt - ok
19:43:40.0130 4160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:43:40.0176 4160 HidBth - ok
19:43:40.0192 4160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:43:40.0223 4160 HidIr - ok
19:43:40.0239 4160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:43:40.0286 4160 hidserv - ok
19:43:40.0301 4160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:43:40.0317 4160 HidUsb - ok
19:43:40.0348 4160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:43:40.0379 4160 hkmsvc - ok
19:43:40.0410 4160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:43:40.0426 4160 HomeGroupListener - ok
19:43:40.0457 4160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:43:40.0457 4160 HomeGroupProvider - ok
19:43:40.0473 4160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:43:40.0488 4160 HpSAMD - ok
19:43:40.0504 4160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:43:40.0551 4160 HTTP - ok
19:43:40.0566 4160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:43:40.0566 4160 hwpolicy - ok
19:43:40.0613 4160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:43:40.0613 4160 i8042prt - ok
19:43:40.0644 4160 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:43:40.0644 4160 iaStor - ok
19:43:40.0722 4160 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:43:40.0738 4160 IAStorDataMgrSvc - ok
19:43:40.0754 4160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:43:40.0769 4160 iaStorV - ok
19:43:40.0816 4160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:43:40.0847 4160 idsvc - ok
19:43:40.0972 4160 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:43:41.0081 4160 igfx - ok
19:43:41.0097 4160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:43:41.0097 4160 iirsp - ok
19:43:41.0128 4160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:43:41.0159 4160 IKEEXT - ok
19:43:41.0222 4160 [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:43:41.0253 4160 IntcAzAudAddService - ok
19:43:41.0268 4160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:43:41.0268 4160 intelide - ok
19:43:41.0284 4160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:43:41.0300 4160 intelppm - ok
19:43:41.0331 4160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:43:41.0378 4160 IPBusEnum - ok
19:43:41.0393 4160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:41.0409 4160 IpFilterDriver - ok
19:43:41.0440 4160 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:43:41.0471 4160 iphlpsvc - ok
19:43:41.0487 4160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:43:41.0502 4160 IPMIDRV - ok
19:43:41.0502 4160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:43:41.0534 4160 IPNAT - ok
19:43:41.0565 4160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:43:41.0596 4160 IRENUM - ok
19:43:41.0627 4160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:43:41.0627 4160 isapnp - ok
19:43:41.0658 4160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:43:41.0674 4160 iScsiPrt - ok
19:43:41.0690 4160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:43:41.0705 4160 kbdclass - ok
19:43:41.0705 4160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:43:41.0736 4160 kbdhid - ok
19:43:41.0736 4160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:43:41.0752 4160 KeyIso - ok
19:43:41.0783 4160 [ 8D7120743A0973CEAB548B475C9D4289 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:43:41.0799 4160 KL1 - ok
19:43:41.0830 4160 [ CD146D8E525D6EEBDCAF24120A8AB9CE ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
19:43:41.0846 4160 kl2 - ok
19:43:41.0892 4160 [ C1786C2F8DE0F62E076F7EF8DEA4E87A ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:43:41.0908 4160 KLIF - ok
19:43:41.0924 4160 [ 2A64B3A9EED93A2E96537B67C079FC96 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:43:41.0939 4160 KLIM6 - ok
19:43:41.0955 4160 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:43:41.0955 4160 klmouflt - ok
19:43:41.0970 4160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:43:41.0986 4160 KSecDD - ok
19:43:42.0002 4160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:43:42.0017 4160 KSecPkg - ok
19:43:42.0033 4160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:43:42.0064 4160 ksthunk - ok
19:43:42.0095 4160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:43:42.0126 4160 KtmRm - ok
19:43:42.0142 4160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:43:42.0173 4160 LanmanServer - ok
19:43:42.0189 4160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:43:42.0220 4160 LanmanWorkstation - ok
19:43:42.0251 4160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:43:42.0298 4160 lltdio - ok
19:43:42.0345 4160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:43:42.0392 4160 lltdsvc - ok
19:43:42.0407 4160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:43:42.0438 4160 lmhosts - ok
19:43:42.0485 4160 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:43:42.0501 4160 LMS - ok
19:43:42.0532 4160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:43:42.0548 4160 LSI_FC - ok
19:43:42.0563 4160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:43:42.0579 4160 LSI_SAS - ok
19:43:42.0594 4160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:43:42.0610 4160 LSI_SAS2 - ok
19:43:42.0641 4160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:43:42.0657 4160 LSI_SCSI - ok
19:43:42.0657 4160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:43:42.0719 4160 luafv - ok
19:43:42.0719 4160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:43:42.0750 4160 Mcx2Svc - ok
19:43:42.0750 4160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:43:42.0766 4160 megasas - ok
19:43:42.0782 4160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:43:42.0782 4160 MegaSR - ok
19:43:42.0813 4160 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
19:43:42.0813 4160 MEIx64 - ok
19:43:42.0813 4160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:43:42.0860 4160 MMCSS - ok
19:43:42.0875 4160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:43:42.0906 4160 Modem - ok
19:43:42.0922 4160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:43:42.0938 4160 monitor - ok
19:43:42.0969 4160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:43:42.0969 4160 mouclass - ok
19:43:42.0984 4160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:43:43.0000 4160 mouhid - ok
19:43:43.0016 4160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:43:43.0016 4160 mountmgr - ok
19:43:43.0047 4160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:43:43.0047 4160 mpio - ok
19:43:43.0062 4160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:43:43.0094 4160 mpsdrv - ok
19:43:43.0109 4160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:43:43.0156 4160 MpsSvc - ok
19:43:43.0172 4160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:43:43.0218 4160 MRxDAV - ok
19:43:43.0265 4160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:43.0296 4160 mrxsmb - ok
19:43:43.0312 4160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:43.0343 4160 mrxsmb10 - ok
19:43:43.0359 4160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:43.0390 4160 mrxsmb20 - ok
19:43:43.0390 4160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:43:43.0406 4160 msahci - ok
19:43:43.0437 4160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:43:43.0437 4160 msdsm - ok
19:43:43.0452 4160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:43:43.0484 4160 MSDTC - ok
19:43:43.0499 4160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:43:43.0546 4160 Msfs - ok
19:43:43.0562 4160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:43:43.0593 4160 mshidkmdf - ok
19:43:43.0624 4160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:43:43.0624 4160 msisadrv - ok
19:43:43.0655 4160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:43:43.0686 4160 MSiSCSI - ok
19:43:43.0686 4160 msiserver - ok
19:43:43.0702 4160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:43:43.0764 4160 MSKSSRV - ok
19:43:43.0780 4160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:43.0827 4160 MSPCLOCK - ok
19:43:43.0827 4160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:43:43.0858 4160 MSPQM - ok
19:43:43.0874 4160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:43:43.0889 4160 MsRPC - ok
19:43:43.0905 4160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:43:43.0905 4160 mssmbios - ok
19:43:43.0920 4160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:43:43.0952 4160 MSTEE - ok
19:43:43.0967 4160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:43:43.0998 4160 MTConfig - ok
19:43:44.0014 4160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:43:44.0030 4160 Mup - ok
19:43:44.0045 4160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:43:44.0076 4160 napagent - ok
19:43:44.0092 4160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:43:44.0123 4160 NativeWifiP - ok
19:43:44.0154 4160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:43:44.0170 4160 NDIS - ok
19:43:44.0186 4160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:44.0217 4160 NdisCap - ok
19:43:44.0232 4160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:44.0264 4160 NdisTapi - ok
19:43:44.0264 4160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:44.0295 4160 Ndisuio - ok
19:43:44.0310 4160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:44.0342 4160 NdisWan - ok
19:43:44.0342 4160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:43:44.0373 4160 NDProxy - ok
19:43:44.0373 4160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:43:44.0420 4160 NetBIOS - ok
19:43:44.0435 4160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:43:44.0466 4160 NetBT - ok
19:43:44.0482 4160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:43:44.0482 4160 Netlogon - ok
19:43:44.0498 4160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:43:44.0544 4160 Netman - ok
19:43:44.0560 4160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:43:44.0591 4160 netprofm - ok
19:43:44.0607 4160 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:43:44.0622 4160 NetTcpPortSharing - ok
19:43:44.0638 4160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:43:44.0654 4160 nfrd960 - ok
19:43:44.0669 4160 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:43:44.0700 4160 NlaSvc - ok
19:43:44.0716 4160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:43:44.0747 4160 Npfs - ok
19:43:44.0747 4160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:43:44.0778 4160 nsi - ok
19:43:44.0778 4160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:43:44.0794 4160 nsiproxy - ok
19:43:44.0825 4160 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:43:44.0872 4160 Ntfs - ok
19:43:44.0872 4160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:43:44.0903 4160 Null - ok
19:43:44.0950 4160 [ 550BE6C46110B74C1ED7B156598D67AF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:43:44.0966 4160 nusb3hub - ok
19:43:44.0981 4160 [ 17401C97DCF93F121B89B554D733B836 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:43:44.0997 4160 nusb3xhc - ok
19:43:45.0028 4160 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:43:45.0044 4160 NVENETFD - ok
19:43:45.0075 4160 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:43:45.0075 4160 NVHDA - ok
19:43:45.0262 4160 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:43:45.0387 4160 nvlddmkm - ok
19:43:45.0418 4160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:43:45.0418 4160 nvraid - ok
19:43:45.0434 4160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:43:45.0449 4160 nvstor - ok
19:43:45.0480 4160 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
19:43:45.0512 4160 nvsvc - ok
19:43:45.0543 4160 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:43:45.0558 4160 nvUpdatusService - ok
19:43:45.0590 4160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:43:45.0590 4160 nv_agp - ok
19:43:45.0605 4160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:43:45.0621 4160 ohci1394 - ok
19:43:45.0636 4160 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:43:45.0652 4160 ose - ok
19:43:45.0746 4160 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:43:45.0870 4160 osppsvc - ok
19:43:45.0886 4160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:43:45.0902 4160 p2pimsvc - ok
19:43:45.0933 4160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:43:45.0948 4160 p2psvc - ok
19:43:45.0980 4160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:43:46.0011 4160 Parport - ok
19:43:46.0026 4160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:43:46.0042 4160 partmgr - ok
19:43:46.0058 4160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:43:46.0104 4160 PcaSvc - ok
19:43:46.0120 4160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:43:46.0136 4160 pci - ok
19:43:46.0136 4160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:43:46.0151 4160 pciide - ok
19:43:46.0167 4160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:43:46.0167 4160 pcmcia - ok
19:43:46.0182 4160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:43:46.0198 4160 pcw - ok
19:43:46.0214 4160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:43:46.0229 4160 PEAUTH - ok
19:43:46.0292 4160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:43:46.0323 4160 PerfHost - ok
19:43:46.0354 4160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:43:46.0416 4160 pla - ok
19:43:46.0448 4160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:43:46.0479 4160 PlugPlay - ok
19:43:46.0494 4160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:43:46.0510 4160 PNRPAutoReg - ok
19:43:46.0526 4160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:43:46.0541 4160 PNRPsvc - ok
19:43:46.0572 4160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:43:46.0604 4160 PolicyAgent - ok
19:43:46.0619 4160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:43:46.0650 4160 Power - ok
19:43:46.0666 4160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:43:46.0713 4160 PptpMiniport - ok
19:43:46.0744 4160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:43:46.0760 4160 Processor - ok
19:43:46.0775 4160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:43:46.0791 4160 ProfSvc - ok
19:43:46.0791 4160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:43:46.0791 4160 ProtectedStorage - ok
19:43:46.0806 4160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:43:46.0838 4160 Psched - ok
19:43:46.0884 4160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:43:46.0931 4160 ql2300 - ok
19:43:46.0947 4160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:43:46.0962 4160 ql40xx - ok
19:43:46.0978 4160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:43:46.0994 4160 QWAVE - ok
19:43:46.0994 4160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:43:47.0009 4160 QWAVEdrv - ok
19:43:47.0025 4160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:43:47.0056 4160 RasAcd - ok
19:43:47.0087 4160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:47.0118 4160 RasAgileVpn - ok
19:43:47.0134 4160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:43:47.0165 4160 RasAuto - ok
19:43:47.0181 4160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:47.0212 4160 Rasl2tp - ok
19:43:47.0228 4160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:43:47.0259 4160 RasMan - ok
19:43:47.0274 4160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:47.0290 4160 RasPppoe - ok
19:43:47.0306 4160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:43:47.0368 4160 RasSstp - ok
19:43:47.0384 4160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:43:47.0415 4160 rdbss - ok
19:43:47.0415 4160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:43:47.0446 4160 rdpbus - ok
19:43:47.0446 4160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:47.0477 4160 RDPCDD - ok
19:43:47.0477 4160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:43:47.0524 4160 RDPENCDD - ok
19:43:47.0524 4160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:43:47.0555 4160 RDPREFMP - ok
19:43:47.0571 4160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:43:47.0586 4160 RDPWD - ok
19:43:47.0586 4160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:43:47.0602 4160 rdyboost - ok
19:43:47.0618 4160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:43:47.0649 4160 RemoteAccess - ok
19:43:47.0664 4160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:43:47.0696 4160 RemoteRegistry - ok
19:43:47.0711 4160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:43:47.0742 4160 RpcEptMapper - ok
19:43:47.0742 4160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:43:47.0758 4160 RpcLocator - ok
19:43:47.0774 4160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:43:47.0805 4160 RpcSs - ok
19:43:47.0820 4160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:43:47.0852 4160 rspndr - ok
19:43:47.0883 4160 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:47.0883 4160 RTL8167 - ok
19:43:47.0930 4160 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
19:43:47.0945 4160 RTL8192su - ok
19:43:47.0945 4160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:43:47.0961 4160 SamSs - ok
19:43:47.0976 4160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:43:47.0992 4160 sbp2port - ok
19:43:48.0008 4160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:43:48.0023 4160 SCardSvr - ok
19:43:48.0039 4160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:43:48.0070 4160 scfilter - ok
19:43:48.0086 4160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:43:48.0164 4160 Schedule - ok
19:43:48.0179 4160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:43:48.0210 4160 SCPolicySvc - ok
19:43:48.0226 4160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:43:48.0242 4160 SDRSVC - ok
19:43:48.0257 4160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:43:48.0304 4160 secdrv - ok
19:43:48.0320 4160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:43:48.0351 4160 seclogon - ok
19:43:48.0382 4160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:43:48.0429 4160 SENS - ok
19:43:48.0444 4160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:43:48.0460 4160 SensrSvc - ok
19:43:48.0476 4160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:43:48.0507 4160 Serenum - ok
19:43:48.0538 4160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:43:48.0569 4160 Serial - ok
19:43:48.0600 4160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:43:48.0632 4160 sermouse - ok
19:43:48.0632 4160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:43:48.0663 4160 SessionEnv - ok
19:43:48.0710 4160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:43:48.0725 4160 sffdisk - ok
19:43:48.0741 4160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:43:48.0772 4160 sffp_mmc - ok
19:43:48.0788 4160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:43:48.0803 4160 sffp_sd - ok
19:43:48.0803 4160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:43:48.0834 4160 sfloppy - ok
19:43:48.0866 4160 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:43:48.0897 4160 Sftfs - ok
19:43:48.0928 4160 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:43:48.0944 4160 sftlist - ok
19:43:48.0959 4160 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:43:48.0975 4160 Sftplay - ok
19:43:48.0975 4160 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:43:48.0990 4160 Sftredir - ok
19:43:48.0990 4160 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:43:49.0006 4160 Sftvol - ok
19:43:49.0022 4160 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:43:49.0022 4160 sftvsa - ok
19:43:49.0037 4160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:43:49.0068 4160 SharedAccess - ok
19:43:49.0084 4160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:43:49.0115 4160 ShellHWDetection - ok
19:43:49.0131 4160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:43:49.0146 4160 SiSRaid2 - ok
19:43:49.0178 4160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:43:49.0193 4160 SiSRaid4 - ok
19:43:49.0209 4160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:43:49.0256 4160 Smb - ok
19:43:49.0271 4160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:43:49.0302 4160 SNMPTRAP - ok
19:43:49.0302 4160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:43:49.0318 4160 spldr - ok
19:43:49.0349 4160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:43:49.0380 4160 Spooler - ok
19:43:49.0427 4160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:43:49.0505 4160 sppsvc - ok
19:43:49.0521 4160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:43:49.0552 4160 sppuinotify - ok
19:43:49.0599 4160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:43:49.0630 4160 srv - ok
19:43:49.0646 4160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:43:49.0677 4160 srv2 - ok
19:43:49.0708 4160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:43:49.0739 4160 srvnet - ok
19:43:49.0755 4160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:43:49.0817 4160 SSDPSRV - ok
19:43:49.0833 4160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:43:49.0864 4160 SstpSvc - ok
19:43:49.0895 4160 Steam Client Service - ok
19:43:49.0958 4160 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:43:49.0973 4160 Stereo Service - ok
19:43:49.0989 4160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:43:49.0989 4160 stexstor - ok
19:43:50.0036 4160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:43:50.0082 4160 stisvc - ok
19:43:50.0098 4160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:43:50.0114 4160 swenum - ok
19:43:50.0129 4160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:43:50.0160 4160 swprv - ok
19:43:50.0176 4160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:43:50.0238 4160 SysMain - ok
19:43:50.0254 4160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:43:50.0301 4160 TabletInputService - ok
19:43:50.0332 4160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:43:50.0363 4160 TapiSrv - ok
19:43:50.0379 4160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:43:50.0394 4160 TBS - ok
19:43:50.0441 4160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:43:50.0504 4160 Tcpip - ok
19:43:50.0535 4160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:43:50.0566 4160 TCPIP6 - ok
19:43:50.0582 4160 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:43:50.0613 4160 tcpipreg - ok
19:43:50.0613 4160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:43:50.0628 4160 TDPIPE - ok
19:43:50.0660 4160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:43:50.0660 4160 TDTCP - ok
19:43:50.0675 4160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:43:50.0706 4160 tdx - ok
19:43:50.0722 4160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:43:50.0738 4160 TermDD - ok
19:43:50.0753 4160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:43:50.0784 4160 TermService - ok
19:43:50.0800 4160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:43:50.0831 4160 Themes - ok
19:43:50.0847 4160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:43:50.0878 4160 THREADORDER - ok
19:43:50.0878 4160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:43:50.0909 4160 TrkWks - ok
19:43:50.0940 4160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:43:50.0972 4160 TrustedInstaller - ok
19:43:50.0987 4160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:43:51.0018 4160 tssecsrv - ok
19:43:51.0034 4160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:43:51.0034 4160 TsUsbFlt - ok
19:43:51.0050 4160 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:43:51.0065 4160 TsUsbGD - ok
19:43:51.0081 4160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:43:51.0112 4160 tunnel - ok
19:43:51.0128 4160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:43:51.0143 4160 uagp35 - ok
19:43:51.0159 4160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:43:51.0221 4160 udfs - ok
19:43:51.0237 4160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:43:51.0284 4160 UI0Detect - ok
19:43:51.0315 4160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:43:51.0330 4160 uliagpkx - ok
19:43:51.0346 4160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:43:51.0377 4160 umbus - ok
19:43:51.0408 4160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:43:51.0440 4160 UmPass - ok
19:43:51.0564 4160 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:43:51.0611 4160 UNS - ok
19:43:51.0611 4160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:43:51.0642 4160 upnphost - ok
19:43:51.0658 4160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:43:51.0674 4160 usbccgp - ok
19:43:51.0689 4160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:43:51.0720 4160 usbcir - ok
19:43:51.0720 4160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:43:51.0752 4160 usbehci - ok
19:43:51.0783 4160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:43:51.0814 4160 usbhub - ok
19:43:51.0830 4160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:43:51.0845 4160 usbohci - ok
19:43:51.0861 4160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:43:51.0876 4160 usbprint - ok
19:43:51.0908 4160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:43:51.0939 4160 USBSTOR - ok
19:43:51.0954 4160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:43:51.0986 4160 usbuhci - ok
19:43:52.0001 4160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:43:52.0032 4160 UxSms - ok
19:43:52.0048 4160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:43:52.0048 4160 VaultSvc - ok
19:43:52.0048 4160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:43:52.0064 4160 vdrvroot - ok
19:43:52.0079 4160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:43:52.0110 4160 vds - ok
19:43:52.0126 4160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:43:52.0142 4160 vga - ok
19:43:52.0142 4160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:43:52.0173 4160 VgaSave - ok
19:43:52.0204 4160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:43:52.0220 4160 vhdmp - ok
19:43:52.0220 4160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:43:52.0235 4160 viaide - ok
19:43:52.0251 4160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:43:52.0251 4160 volmgr - ok
19:43:52.0266 4160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:43:52.0282 4160 volmgrx - ok
19:43:52.0298 4160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:43:52.0313 4160 volsnap - ok
19:43:52.0344 4160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:43:52.0344 4160 vsmraid - ok
19:43:52.0376 4160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:43:52.0469 4160 VSS - ok
19:43:52.0485 4160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:43:52.0516 4160 vwifibus - ok
19:43:52.0532 4160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:43:52.0578 4160 vwififlt - ok
19:43:52.0594 4160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:43:52.0625 4160 W32Time - ok
19:43:52.0641 4160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:43:52.0641 4160 WacomPen - ok
19:43:52.0656 4160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:43:52.0719 4160 WANARP - ok
19:43:52.0719 4160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:43:52.0734 4160 Wanarpv6 - ok
19:43:52.0797 4160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:43:52.0859 4160 WatAdminSvc - ok
19:43:52.0906 4160 [ 878C947C69EE89E4DBFF9DBD6155C15D ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
19:43:52.0906 4160 watchmi ( UnsignedFile.Multi.Generic ) - warning
19:43:52.0906 4160 watchmi - detected UnsignedFile.Multi.Generic (1)
19:43:52.0937 4160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:43:52.0984 4160 wbengine - ok
19:43:53.0000 4160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:43:53.0031 4160 WbioSrvc - ok
19:43:53.0046 4160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:43:53.0078 4160 wcncsvc - ok
19:43:53.0078 4160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:43:53.0093 4160 WcsPlugInService - ok
19:43:53.0109 4160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:43:53.0124 4160 Wd - ok
19:43:53.0140 4160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:43:53.0156 4160 Wdf01000 - ok
19:43:53.0156 4160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:43:53.0187 4160 WdiServiceHost - ok
19:43:53.0187 4160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:43:53.0202 4160 WdiSystemHost - ok
19:43:53.0218 4160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:43:53.0234 4160 WebClient - ok
19:43:53.0249 4160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:43:53.0296 4160 Wecsvc - ok
19:43:53.0312 4160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:43:53.0343 4160 wercplsupport - ok
19:43:53.0358 4160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:43:53.0390 4160 WerSvc - ok
19:43:53.0405 4160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:53.0436 4160 WfpLwf - ok
19:43:53.0452 4160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:43:53.0452 4160 WIMMount - ok
19:43:53.0468 4160 WinDefend - ok
19:43:53.0468 4160 WinHttpAutoProxySvc - ok
19:43:53.0530 4160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:43:53.0577 4160 Winmgmt - ok
19:43:53.0624 4160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:43:53.0702 4160 WinRM - ok
19:43:53.0733 4160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:43:53.0764 4160 Wlansvc - ok
19:43:53.0811 4160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:43:53.0811 4160 wlcrasvc - ok
19:43:53.0858 4160 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:53.0889 4160 wlidsvc - ok
19:43:53.0920 4160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:43:53.0920 4160 WmiAcpi - ok
19:43:53.0936 4160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:43:53.0951 4160 wmiApSrv - ok
19:43:53.0951 4160 WMPNetworkSvc - ok
19:43:53.0967 4160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:43:53.0982 4160 WPCSvc - ok
19:43:53.0998 4160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:43:53.0998 4160 WPDBusEnum - ok
19:43:54.0014 4160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:43:54.0060 4160 ws2ifsl - ok
19:43:54.0060 4160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:43:54.0076 4160 wscsvc - ok
19:43:54.0076 4160 WSearch - ok
19:43:54.0107 4160 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
19:43:54.0107 4160 wsvd - ok
19:43:54.0170 4160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:43:54.0248 4160 wuauserv - ok
19:43:54.0248 4160 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:43:54.0310 4160 WudfPf - ok
19:43:54.0326 4160 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:54.0357 4160 WUDFRd - ok
19:43:54.0357 4160 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:43:54.0388 4160 wudfsvc - ok
19:43:54.0404 4160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:43:54.0419 4160 WwanSvc - ok
19:43:54.0419 4160 ================ Scan global ===============================
19:43:54.0435 4160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:43:54.0450 4160 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:43:54.0450 4160 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:43:54.0466 4160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:43:54.0497 4160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:43:54.0497 4160 [Global] - ok
19:43:54.0497 4160 ================ Scan MBR ==================================
19:43:54.0497 4160 [ 753CA1D394F3C0855134963D7361060F ] \Device\Harddisk0\DR0
19:43:56.0073 4160 \Device\Harddisk0\DR0 - ok
19:43:56.0088 4160 [ 68479F462446EE804FB12EF9F26BFCA3 ] \Device\Harddisk1\DR1
19:44:58.0504 4160 \Device\Harddisk1\DR1 - ok
19:44:58.0504 4160 ================ Scan VBR ==================================
19:44:58.0504 4160 [ 521BA6E06CF73128BB0825C3637A31E0 ] \Device\Harddisk0\DR0\Partition1
19:44:58.0504 4160 \Device\Harddisk0\DR0\Partition1 - ok
19:44:58.0520 4160 [ EA135BEA060F08BC5097F9BE6AA7B099 ] \Device\Harddisk0\DR0\Partition2
19:44:58.0520 4160 \Device\Harddisk0\DR0\Partition2 - ok
19:44:58.0551 4160 [ 1C04A4BB8FFA7E4573FA0CCE1435B078 ] \Device\Harddisk0\DR0\Partition3
19:44:58.0551 4160 \Device\Harddisk0\DR0\Partition3 - ok
19:44:58.0551 4160 ============================================================
19:44:58.0551 4160 Scan finished
19:44:58.0551 4160 ============================================================
19:44:58.0567 5884 Detected object count: 1
19:44:58.0567 5884 Actual detected object count: 1
19:45:13.0137 5884 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:13.0137 5884 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.10.2012, 09:30
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar auch bei mir :-( Auch das ist unauffällig. Sind noch Probleme oder Fragen offen? Mach noch bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2012, 23:48
| #23 |
| | Incredibar auch bei mir :-( Probleme merke ich keine mehr, aber SUPERAntiSpyware hat noch etwas gefunden. Erst mal Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.23.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stefan :: ZENTRAL-PC [Administrator] 23.10.2012 22:47:09 mbam-log-2012-10-23 (22-47-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 352721 Laufzeit: 32 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/24/2012 at 00:42 AM
Application Version : 5.6.1012
Core Rules Database Version : 9460
Trace Rules Database Version: 7272
Scan type : Complete Scan
Total Scan Time : 00:57:48
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 692
Memory threats detected : 0
Registry items scanned : 75431
Registry threats detected : 0
File items scanned : 149805
File threats detected : 236
Adware.Tracking Cookie
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\JH4S06KU.txt [ /tracking.localperformance.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\2DC5WDD4.txt [ /specificclick.net ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\TWHF8LKC.txt [ /xiti.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\VRVHTWFT.txt [ /tracking.quisma.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\CQB62L61.txt [ /revsci.net ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\3NALGGM0.txt [ /zanox.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\ENUD7VDO.txt [ /adbrite.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\O3T9NS3H.txt [ /casalemedia.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\OJAEVY8O.txt [ /tradedoubler.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\EKI1HFVL.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\L5WFQC2A.txt [ /doubleclick.net ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\GMU4DXS0.txt [ /apmebf.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\ZPH47T56.txt [ /serving-sys.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\9KZL2BTQ.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\AIGFGQAQ.txt [ /ad.360yield.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\WSM3OF4Q.txt [ /ad.zanox.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\R81LUNI3.txt [ /adtech.de ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\39MLOKJG.txt [ /adfarm1.adition.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\WUEYS1IJ.txt [ /www.googleadservices.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\3F97DFZQ.txt [ /statse.webtrendslive.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\E0MD3Q4P.txt [ /teufel-media.de ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\XLGN13ZN.txt [ /tribalfusion.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\SVLR76A0.txt [ /ad.yieldmanager.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\6P1W1S4W.txt [ /ad.adc-serv.net ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\JIXIC1M1.txt [ /tracker.vinsight.de ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\CMTND105.txt [ /webmasterplan.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\9A85RVBU.txt [ /2o7.net ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\XSKSZRA1.txt [ Cookie:stefan@clkads.com/adServe/banners ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJ12UL0S.txt [ Cookie:stefan@gmeurope.112.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OZO9GFZM.txt [ Cookie:stefan@aktionsfinder.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUD455Q3.txt [ Cookie:stefan@specificclick.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZO6A1OL0.txt [ Cookie:stefan@xiti.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YS6G2GYV.txt [ Cookie:stefan@sonyeurope.112.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YL9NGCG3.txt [ Cookie:stefan@stat.aldi.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K3Z2URR5.txt [ Cookie:stefan@tracking.quisma.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\84STWDB9.txt [ Cookie:stefan@in.getclicky.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WS1E5CWZ.txt [ Cookie:stefan@ww251.smartadserver.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C82Z9V0O.txt [ Cookie:stefan@smartadserver.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B1V7E5B.txt [ Cookie:stefan@www.etracker.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZG9U253U.txt [ Cookie:stefan@revsci.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\12K7BL3K.txt [ Cookie:stefan@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BK9GHYR.txt [ Cookie:stefan@zanox.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0181ABAK.txt [ Cookie:stefan@de.sitestat.com/idgcom-de/gamestar/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWUFZ331.txt [ Cookie:stefan@amazon-adsystem.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZM9AZI33.txt [ Cookie:stefan@optimize.indieclick.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WGYZLPRE.txt [ Cookie:stefan@traffictrack.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VHGA0J67.txt [ Cookie:stefan@fastclick.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VSJ32QWM.txt [ Cookie:stefan@www.burstnet.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOQI32PV.txt [ Cookie:stefan@stat.dealtime.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZN5H8EI.txt [ Cookie:stefan@wm.wiredminds.de/track/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBK7Q43O.txt [ Cookie:stefan@doubleclick.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GFDTCKNW.txt [ Cookie:stefan@therapeutenfinder.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4D7EGNQ.txt [ Cookie:stefan@www.aktionsfinder.at/produktgruppen/elektro-und-elektronik/haus-und-kueche/Miele-Waschvollautomat-Eco-W-6500-WPS/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BVHFSOZ.txt [ Cookie:stefan@apmebf.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3AVW0SN.txt [ Cookie:stefan@serving-sys.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q55OGSSM.txt [ Cookie:stefan@bs.serving-sys.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S10SX33T.txt [ Cookie:stefan@ad.zanox.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSFXRZLG.txt [ Cookie:stefan@adtech.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQLWZ7WQ.txt [ Cookie:stefan@edsa.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUEWREIL.txt [ Cookie:stefan@atdmt.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q2EUL04Q.txt [ Cookie:stefan@banners.victor.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QNADO2E1.txt [ Cookie:stefan@adserver.yopi.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\21CJ5X6P.txt [ Cookie:stefan@mediaplex.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TK3AG6K7.txt [ Cookie:stefan@ad4.adfarm1.adition.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HKO4F1DZ.txt [ Cookie:stefan@yieldmanager.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B95LE357.txt [ Cookie:stefan@livestat.derstandard.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MWBU3Z6I.txt [ Cookie:stefan@teufel-media.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AIN0FR0U.txt [ Cookie:stefan@adviva.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2FMZ4WSK.txt [ Cookie:stefan@insightexpressai.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0VCMWT53.txt [ Cookie:stefan@neckermannde.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YI3IQI3F.txt [ Cookie:stefan@tracker.vinsight.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNC521JM.txt [ Cookie:stefan@eas.apm.emediate.eu/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W3XWWFKX.txt [ Cookie:stefan@tracking.mindshare.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\386SXVLZ.txt [ Cookie:stefan@yadro.ru/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYPAQ7V1.txt [ Cookie:stefan@www.usenext.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WOAYAYCG.txt [ Cookie:stefan@invitemedia.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCJPK9NG.txt [ Cookie:stefan@kaspersky.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PC75YA4S.txt [ Cookie:stefan@ad.adnet.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1JGGUPX.txt [ Cookie:stefan@banner.testberichte.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCBFIG7C.txt [ Cookie:stefan@imrworldwide.com/cgi-bin ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHDTU7AO.txt [ Cookie:stefan@2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6CGUKMM.txt [ Cookie:stefan@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QTKPD4D0.txt [ Cookie:stefan@a.revenuemax.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8J8P8DFD.txt [ Cookie:stefan@c.atdmt.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1QSI354.txt [ Cookie:stefan@ar.atwola.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QBZBBKA6.txt [ Cookie:stefan@tv-media.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U57N77JO.txt [ Cookie:stefan@eas4.emediate.eu/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJL3ILP4.txt [ Cookie:stefan@server.adform.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\92O4TSAH.txt [ Cookie:stefan@myroitracking.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DBVU6YY.txt [ Cookie:stefan@adserver.thema.cc/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLB9T1YN.txt [ Cookie:stefan@eyewonder.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6J6BEQIC.txt [ Cookie:stefan@im.banner.t-online.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP6FJS0G.txt [ Cookie:stefan@msnportal.112.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P96YE228.txt [ Cookie:stefan@nextag.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O4GK6TQK.txt [ Cookie:stefan@www.tv-media.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLX6T24Z.txt [ Cookie:stefan@tracking.s24.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LQ39Y25.txt [ Cookie:stefan@adformdsp.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BIFI9M7R.txt [ Cookie:stefan@statcounter.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GLDDD53P.txt [ Cookie:stefan@zanox-affiliate.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YTX0RZ7.txt [ Cookie:stefan@ad.dyntracker.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7N4CW29A.txt [ Cookie:stefan@quartermedia.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETNUGW4T.txt [ Cookie:stefan@de.sitestat.com/idgcom-de/tecchannel/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JXCYIY8.txt [ Cookie:stefan@nextag.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OBFRMR9I.txt [ Cookie:stefan@adserver.adtechus.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SRNJSFCJ.txt [ Cookie:stefan@ad1.emediate.dk/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TMQJZ399.txt [ Cookie:stefan@advertising.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KPVB85TT.txt [ Cookie:stefan@rambler.ru/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2LXUVFA.txt [ Cookie:stefan@indoormedia.co.uk/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3SG3KZAM.txt [ Cookie:stefan@e-2dj6aekycicjcbo.stats.esomniture.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\54UYRDML.txt [ Cookie:stefan@track.adform.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6U3JSNMX.txt [ Cookie:stefan@liveperson.net/hc/35311086 ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZARQV5V6.txt [ Cookie:stefan@fr.sitestat.com/srg/srf-test/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1T12W10C.txt [ Cookie:stefan@discount24.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TXS7ZE8Y.txt [ Cookie:stefan@indieclick.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N3EQW7YN.txt [ Cookie:stefan@butlers.traffective-tracking.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3JIJAJ3.txt [ Cookie:stefan@htc.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMOJE9E7.txt [ Cookie:stefan@media.gan-online.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2D1V2AH.txt [ Cookie:stefan@overture.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7B1SL6BD.txt [ Cookie:stefan@at.atwola.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7CYSZR00.txt [ Cookie:stefan@fr.sitestat.com/srg/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HG41AGT0.txt [ Cookie:stefan@counter.all.biz/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7XWHMLM.txt [ Cookie:stefan@xxxlutz.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3LJK26L.txt [ Cookie:stefan@casalemedia.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EI6HI5UM.txt [ Cookie:stefan@legolas-media.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IOWS4IA.txt [ Cookie:stefan@hightraffic.hugoboss.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXTL1DYN.txt [ Cookie:stefan@tns-counter.ru/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VLNCI1E.txt [ Cookie:stefan@moviepilot.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IH41J6TB.txt [ Cookie:stefan@zedo.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1QJR595W.txt [ Cookie:stefan@estat.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\25AUE6M1.txt [ Cookie:stefan@ad.adserver01.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AORGPZER.txt [ Cookie:stefan@lucidmedia.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5B5QJ7L5.txt [ Cookie:stefan@tvtv.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGDA42LW.txt [ Cookie:stefan@tracking.livingo.de/c_tracker/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KX0JNLHK.txt [ Cookie:stefan@pointroll.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KE4QPUK6.txt [ Cookie:stefan@adlegend.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NSMLNLNZ.txt [ Cookie:stefan@liveperson.net/hc/90688962 ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VU0V90NV.txt [ Cookie:stefan@ad.dyntracker.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NAX2XN2C.txt [ Cookie:stefan@komtrack.com/tr ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RTPG85GE.txt [ Cookie:stefan@premiumtv.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCFXVP9N.txt [ Cookie:stefan@www.office-discount.at/webapp/wcs/stores/servlet/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HMEXRSBJ.txt [ Cookie:stefan@gotacha.rotator.hadj7.adjuggler.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PW5703TR.txt [ Cookie:stefan@kontera.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJU0DYGB.txt [ Cookie:stefan@tribalfusion.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QMLJI6M.txt [ Cookie:stefan@collective-media.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HDPRGW15.txt [ Cookie:stefan@tracking.mlsat02.de/tmobile/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y39DEEFY.txt [ Cookie:stefan@de.sitestat.com/otto-eu/at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKUAWYMG.txt [ Cookie:stefan@tracking.livingo.de/cid_tracker/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7VTIMBH.txt [ Cookie:stefan@uk.at.atwola.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7BESJ3V6.txt [ Cookie:stefan@olympiaverlag.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00TQCERN.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1044679853/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G08EKDZY.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1071725985/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3FQ9BA9.txt [ Cookie:stefan@www.raddiscount.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OV6GEJ3P.txt [ Cookie:stefan@banners.202.fm/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRPPPVFH.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1008138746/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QTVIVX0E.txt [ Cookie:stefan@www.therapeutenfinder.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EW25ZHP7.txt [ Cookie:stefan@counters.gigya.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T24PIGS8.txt [ Cookie:stefan@clickfuse.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R64YRVDE.txt [ Cookie:stefan@stat.mystat.hu/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8TMIMTDB.txt [ Cookie:stefan@tracking.3gnet.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VOXHFNW1.txt [ Cookie:stefan@banners.181.fm/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH3CHFU9.txt [ Cookie:stefan@tacoda.at.atwola.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GAKWS40J.txt [ Cookie:stefan@sn-multimedia.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KHYO3L68.txt [ Cookie:stefan@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4I449KY1.txt [ Cookie:stefan@stats-piwik.iks.lt/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBY6BKKY.txt [ Cookie:stefan@bikediscount.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OCZT2SBN.txt [ Cookie:stefan@tradetracker.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IA278BG.txt [ Cookie:stefan@tracking.bikeunit.de/cid_tracker/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H4I0XJWE.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1001925265/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3C2VI7Z3.txt [ Cookie:stefan@www.xxxlutz.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FSJ1S1S.txt [ Cookie:stefan@sales.liveperson.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KBCVI4P8.txt [ Cookie:stefan@tracking.bikester.at/cid_tracker/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2V1C1PRE.txt [ Cookie:stefan@fr.sitestat.com/aef/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I98VHWLZ.txt [ Cookie:stefan@tracking.oe24.at// ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1H1C7ANB.txt [ Cookie:stefan@track.effiliation.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RI0GQHH5.txt [ Cookie:stefan@elite-seefeld.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKSES92G.txt [ Cookie:stefan@www.mediamarkt.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3YJH9J2.txt [ Cookie:stefan@deutschepostag.112.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X262O473.txt [ Cookie:stefan@adserver.gb4.motorpresse.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PIN2FBCS.txt [ Cookie:stefan@therapeutenfinder.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JM1D38Z4.txt [ Cookie:stefan@fr.sitestat.com/aef/f24-en/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Z2NQKBH.txt [ Cookie:stefan@e-2dj6afkiaodzwbo.stats.esomniture.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0U2VC2CF.txt [ Cookie:stefan@tracking.lengow.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q2QNHBIK.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1012619962/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PDGN08TN.txt [ Cookie:stefan@zbox.zanox.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRHVI9L1.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1045321740/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UXKTN6A.txt [ Cookie:stefan@tracking.bruegelmann.de/cid_tracker/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6K4NBHOW.txt [ Cookie:stefan@navtracks.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VP529V35.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1071668411/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UQXDPUQL.txt [ Cookie:stefan@adserver.cusoon.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\44Q6UCVH.txt [ Cookie:stefan@testtaketraffic.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQIL2S1Q.txt [ Cookie:stefan@dealtime.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GRJ96KB.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1071386484/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IGULRZ1I.txt [ Cookie:stefan@mb.motorpresse-statistik.de/track/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T14V9BQN.txt [ Cookie:stefan@banner.electronic4you.at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2NFRBJU.txt [ Cookie:stefan@tracking.fahrrad.de/cid_tracker/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IAJUJ4LZ.txt [ Cookie:stefan@delivery.ctasnet.com/adserver/www/delivery/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4VVBBD9.txt [ Cookie:stefan@observare.de/tracking/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IFO5DZ9T.txt [ Cookie:stefan@tomtailor.dyntracker.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOKRGBB1.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1009101215/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DCHTDGG.txt [ Cookie:stefan@observare.de/tracking/track.php/29/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8HYD11YQ.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1004714372/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BXR5XFHF.txt [ Cookie:stefan@mh.motorpresse-statistik.de/track/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2RBQ5BB.txt [ Cookie:stefan@discounto.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5I349UCI.txt [ Cookie:stefan@komtrack.com/tr/545450 ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZ3PL3Y9.txt [ Cookie:stefan@raddiscount.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVBOUXLC.txt [ Cookie:stefan@bizrate.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1C1NJ5J.txt [ Cookie:stefan@beiersdorf.122.2o7.net/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBY97VJP.txt [ Cookie:stefan@tracking.tchibo.de/683553670525906/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YO52COEZ.txt [ Cookie:stefan@www.discounto.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NBECXIRI.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/1071271514/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YSVULACV.txt [ Cookie:stefan@de.sitestat.com/laola1/skrapid-at/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFAHH795.txt [ Cookie:stefan@www.office-discount.at/ ]
C:\USERS\STEFAN\Cookies\JH4S06KU.txt [ Cookie:stefan@tracking.localperformance.com/ ]
C:\USERS\STEFAN\Cookies\2DC5WDD4.txt [ Cookie:stefan@specificclick.net/ ]
C:\USERS\STEFAN\Cookies\TWHF8LKC.txt [ Cookie:stefan@xiti.com/ ]
C:\USERS\STEFAN\Cookies\VRVHTWFT.txt [ Cookie:stefan@tracking.quisma.com/ ]
C:\USERS\STEFAN\Cookies\CQB62L61.txt [ Cookie:stefan@revsci.net/ ]
C:\USERS\STEFAN\Cookies\3NALGGM0.txt [ Cookie:stefan@zanox.com/ ]
C:\USERS\STEFAN\Cookies\O3T9NS3H.txt [ Cookie:stefan@casalemedia.com/ ]
C:\USERS\STEFAN\Cookies\L5WFQC2A.txt [ Cookie:stefan@doubleclick.net/ ]
C:\USERS\STEFAN\Cookies\GMU4DXS0.txt [ Cookie:stefan@apmebf.com/ ]
C:\USERS\STEFAN\Cookies\ZPH47T56.txt [ Cookie:stefan@serving-sys.com/ ]
C:\USERS\STEFAN\Cookies\WSM3OF4Q.txt [ Cookie:stefan@ad.zanox.com/ ]
C:\USERS\STEFAN\Cookies\R81LUNI3.txt [ Cookie:stefan@adtech.de/ ]
C:\USERS\STEFAN\Cookies\WUEYS1IJ.txt [ Cookie:stefan@www.googleadservices.com/pagead/conversion/984167948/ ]
C:\USERS\STEFAN\Cookies\E0MD3Q4P.txt [ Cookie:stefan@teufel-media.de/ ]
C:\USERS\STEFAN\Cookies\XLGN13ZN.txt [ Cookie:stefan@tribalfusion.com/ ]
C:\USERS\STEFAN\Cookies\JIXIC1M1.txt [ Cookie:stefan@tracker.vinsight.de/ ]
C:\USERS\STEFAN\Cookies\XSKSZRA1.txt [ Cookie:stefan@clkads.com/adServe/banners ]
C:\USERS\STEFAN\Cookies\9A85RVBU.txt [ Cookie:stefan@2o7.net/ ]
adserv.quality-channel.de [ C:\USERS\STEFAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DSHJE5LX ]
delivery.ibanner.de [ C:\USERS\STEFAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DSHJE5LX ]
imagesrv.adition.com [ C:\USERS\STEFAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DSHJE5LX ]
s0.2mdn.net [ C:\USERS\STEFAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DSHJE5LX ]
secure-uk.imrworldwide.com [ C:\USERS\STEFAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DSHJE5LX ]
PotentiallyUnwanted.Softonic
C:\USERS\STEFAN\DOWNLOADS\SOFTONICDOWNLOADER_FUER_FORMATWANDLER-4.EXE
|
|
24.10.2012, 14:42
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar auch bei mir :-( Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Den Softonic-Müll bitte auch entsorgen und in Zukunft Finger weg davon. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 19:21
| #25 |
| | Incredibar auch bei mir :-( Also ich würd keine Probleme mehr sehen Danke, cosinus, für Deine Betreuung!  |
|
24.10.2012, 20:39
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar auch bei mir :-( Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Incredibar auch bei mir :-( |
| autorun, benachrichtigungsdienst, benutzerprofildienst, bho, converter, downloader, error, erste mal, fehler, firefox, flash player, helper, home, ib updater, iexplore.exe, incredibar, install.exe, internet, internet explorer, kaspersky, logfile, microsoft office starter 2010, nvidia update, onlineshop, plug-in, programm, realtek, registry, richtlinie, scan, security, software, svchost.exe, systemereignisse, tastatur, usb, usb 3.0, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
