| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: VirenüberprüfungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.01.2013, 21:23
| #1 |
 |  Virenüberprüfung Hallo, als ich gerade eben auf einer "anrüchigen" Webseite auf meinem PC rumsurfte, kam plötzlich ein Pop-Up, wo ich sofort misstrauisch wurde, weil es so aussah, dass irgendein Programm geöffnet wird. (das Pop-Up-Fenster blieb blanko, aber ein neuer Tab (Windows-Leiste) öffnete sich, der mit dem typischen Anwendungs-Icon versehen war, aber es passierte nichts). Ich war mir sofort Klaren, dass irgendeine Anwendung (Virus) sich im Hintergrund geöffnet hat. Folglich habe ich sofort den PC heruntergefahren und bin nun am PC meiner Eltern. Könnt ihr mir bitte sagen, wie ich nun einen Virenscan (bzw. mitw elchem Program) odurchführen soll bzw. was ich tun soll, um einen potenziellen Virus zu bekämpfen, ohne dass Schaden angerechnet wird? Ich habe Windows 7 und G-Data als Virenscanner und Firewall. Vielen Dank für die Hilfe! Liebe Grüße Yoshi08 Habe ich irgendeine Forenregel nicht beachtet? Weil ich bräuchte meinen PC ziemlich dringend zum Arbeiten.. Ich hätte den Betreff präzisieren können: "Angeblicher Virus durch Pop-Up" Wenn ihr Informationen braucht, einfach sagen. Vielen Dank nochmals! |
|
02.01.2013, 16:02
| #2 |
| /// Malware-holic   | Virenüberprüfung Hi
__________________jeder der hier her kommt, benötigt seinen PC, keiner wird schneller bearbeitet als ein anderer, und, falls du es vergessen hast, gestern war ein Feiertag. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
02.01.2013, 19:46
| #3 |
| | Virenüberprüfung Lieber markusg,
__________________da hast Du völlig Recht, wir hatten schließlich Neujahr und man bekommt hier kostenlose Hilfe. Meine Ungeduld war wirklich in keinster Weise gerechtfertigt, es tut mir ernsthaft Leid. Ich habe an meinem PC den Scan durchgeführt. (ich habe ihn ganz normal gestartet, also nicht im abgesicherten Modus, das Fritz-Wlan-Modem zur Sicherheit herausgesteckt, dass der PC keine Internetverbindung hat.) Die LOP- und Purity-Prüfung sowie "Scanne alle Benutzer" habe ich aktiviert, da es so auf dem Bild des Trojaner-Boards stand. Ich hoffe, das war ok so. Die "Extra-Registrierung", die ja wichtig ist, da sonst keine Extras.txt-Datei erstellt wird, wird jedoch immer beim Start automatisch auf "aus" gesetzt, wenn ich einen "Quick Scan" durchführe. Deshalb habe ich mir erlaubt, einen normalen "Scan" durchzuführen. Ich hoffe, das ist ok so. Liebe Grüße Yoshi08 OTL-Logfile Code:
ATTFilter OTL logfile created on: 02.01.2013 19:41:18 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oliver\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 66,97% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 66,92 Gb Free Space | 14,37% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 149,05 Gb Total Space | 3,96 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Drive F: | 1,85 Gb Total Space | 0,54 Gb Free Space | 29,10% Space Free | Partition Type: FAT Computer Name: OLIVERPC | User Name: Oliver | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.02 18:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe PRC - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.03.15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe PRC - [2009.03.15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2009.03.15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.09.08 12:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.12.08 00:07:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.04.29 09:27:44 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.08 16:24:32 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.10.08 15:03:13 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.10.08 15:03:13 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.10.08 15:03:13 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.09.29 13:59:50 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.07.29 17:13:03 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.14 20:11:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.30 10:18:52 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.22 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.02.27 21:36:11 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.11.15 22:45:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.02 09:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.05.25 07:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.11.29 06:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.10.28 01:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2008.04.28 14:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2008.02.22 17:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2007.01.29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2011.06.24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.03.27 13:44:03 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.01 22:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 00:07:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.08 00:07:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.01 22:54:48 | 000,000,000 | ---D | M] [2011.10.06 09:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions [2012.12.01 00:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions [2012.10.05 00:24:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.25 18:43:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.29 13:39:54 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions\bytubed@cs213.cse.iitk.ac.in [2012.12.01 00:06:30 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\bjlhf82i.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.12.08 00:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.08 00:07:23 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.12.08 00:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012.12.08 00:07:33 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.25 11:24:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 23:27:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.25 11:24:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 11:24:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 11:24:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 11:24:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.06 22:00:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A0A3DA-E17D-4D5E-9082-4E1681ADB89D}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {BBCBF1DE-CFC6-DE2F-DDDA-AACFC07ADEB4} - C:\Users\Oliver\AppData\Roaming\WinDefender.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Oliver\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.02 19:39:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe [2012.12.27 14:52:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.27 14:52:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.27 14:52:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.27 14:52:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.27 14:51:17 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.27 14:51:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.27 14:51:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.27 14:51:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.27 14:51:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.27 14:51:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.27 14:51:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.27 14:51:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.27 14:51:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.27 14:51:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.27 14:51:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.27 14:51:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.27 14:51:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.27 14:51:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.27 14:51:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.27 14:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.27 14:51:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.27 14:51:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.27 14:51:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.27 14:51:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.27 14:51:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.27 14:51:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.27 14:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.27 14:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.27 14:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.27 14:51:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.27 14:50:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.12.27 14:50:49 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.12.27 14:50:49 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.12.27 14:50:40 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.12.27 14:50:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.12.27 14:50:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.27 14:50:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.27 14:50:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.12.27 14:50:36 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.12.27 14:50:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.12.17 01:00:25 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\frisur [2012.12.16 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Catullneuueste [2012.12.08 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.01.02 18:49:29 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.02 18:49:29 | 000,645,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.02 18:49:29 | 000,607,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.02 18:49:29 | 000,126,904 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.02 18:49:29 | 000,104,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.02 18:36:26 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 18:36:26 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 18:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe [2013.01.02 18:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.02 18:28:51 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2013.01.01 20:27:36 | 000,648,474 | ---- | M] () -- C:\Users\Oliver\Desktop\standbild.png [2012.12.29 04:54:05 | 000,932,469 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.12.29 04:54:05 | 000,050,597 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.12.28 18:24:27 | 000,312,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 19:06:16 | 000,195,524 | ---- | M] () -- C:\Users\Oliver\Documents\Handout.pdf [2012.12.20 18:56:48 | 000,215,645 | ---- | M] () -- C:\Users\Oliver\Documents\feeeeeeeeeee.pdf [2012.12.20 18:56:28 | 000,217,112 | ---- | M] () -- C:\feeeeeeeeeee.pdf [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.09 16:22:07 | 000,171,716 | ---- | M] () -- C:\Users\Oliver\Documents\Planungsmatrix.pdf ========== Files Created - No Company Name ========== [2013.01.01 20:27:36 | 000,648,474 | ---- | C] () -- C:\Users\Oliver\Desktop\standbild.png [2012.12.20 19:06:14 | 000,195,524 | ---- | C] () -- C:\Users\Oliver\Documents\Handout.pdf [2012.12.20 18:56:48 | 000,215,645 | ---- | C] () -- C:\Users\Oliver\Documents\feeeeeeeeeee.pdf [2012.12.20 18:56:28 | 000,217,112 | ---- | C] () -- C:\feeeeeeeeeee.pdf [2012.12.09 16:22:06 | 000,171,716 | ---- | C] () -- C:\Users\Oliver\Documents\Planungsmatrix.pdf [2012.11.11 17:15:22 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.11.11 17:15:22 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.09.29 14:02:38 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.02.22 17:28:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable [2011.10.03 09:21:36 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.07.06 21:49:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.07.06 21:49:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.07.06 21:49:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.07.06 21:49:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.07.06 21:49:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.07.01 09:32:57 | 000,932,469 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.06.27 19:21:28 | 000,000,838 | ---- | C] () -- C:\Users\Oliver\.recently-used.xbel [2011.06.01 22:50:09 | 000,176,186 | ---- | C] () -- C:\Windows\hphins27.dat [2011.06.01 22:50:09 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.04.03 18:51:45 | 000,024,576 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.25 14:20:58 | 000,007,598 | ---- | C] () -- C:\Users\Oliver\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.02.07 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Canneverbe Limited [2012.09.11 18:40:19 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DAEMON Tools Lite [2010.03.24 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Design Science [2012.05.29 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Downloaded Installations [2010.10.05 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.29 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FileOpen [2012.05.29 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FreePDF [2011.04.10 18:04:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\gtk-2.0 [2012.12.23 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ICQ [2012.03.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\IrfanView [2009.12.06 14:12:13 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Leadertech [2010.06.29 15:59:53 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mobipocket [2012.02.29 21:00:01 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Need for Speed World [2012.06.03 15:12:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nitro PDF [2010.04.13 16:19:01 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\pokerth [2009.12.06 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\smc [2010.12.04 14:16:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TeamViewer [2009.12.06 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TrueCrypt [2010.09.28 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Video DVD Maker FREE ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.06 22:00:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.12.19 20:16:45 | 000,000,000 | ---D | M] -- C:\Aniem mix [2010.01.15 16:00:48 | 000,000,000 | ---D | M] -- C:\ATI [2011.09.28 15:05:11 | 000,000,000 | -HSD | M] -- C:\Boot [2012.03.14 10:56:06 | 000,000,000 | ---D | M] -- C:\CoD MW3 [2012.11.12 01:29:28 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.17 15:51:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.02.03 18:22:45 | 000,000,000 | ---D | M] -- C:\Filme [2010.10.10 12:46:52 | 000,000,000 | ---D | M] -- C:\ISOs [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.11.07 17:42:34 | 000,000,000 | ---D | M] -- C:\Pics [2010.10.03 14:32:09 | 000,000,000 | ---D | M] -- C:\PKMN [2012.11.04 12:27:32 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.09 01:04:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.09.30 13:34:48 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.09.17 15:51:18 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.06 22:04:09 | 000,000,000 | ---D | M] -- C:\Qoobox [2009.12.06 14:31:00 | 000,000,000 | ---D | M] -- C:\Recovery [2012.02.03 12:26:21 | 000,000,000 | ---D | M] -- C:\Spiele [2009.10.30 20:54:23 | 000,000,000 | ---D | M] -- C:\SUPERPUTT [2013.01.02 19:42:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.17 15:23:20 | 000,000,000 | ---D | M] -- C:\Team17 [2011.02.22 13:54:06 | 000,000,000 | R--D | M] -- C:\Users [2012.12.26 13:28:13 | 000,000,000 | ---D | M] -- C:\Windows [2012.02.03 11:47:41 | 000,000,000 | ---D | M] -- C:\ZOliver [2011.07.05 16:31:25 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.06.27 19:21:28 | 000,000,838 | ---- | M] () -- C:\Users\Oliver\.recently-used.xbel [2012.02.22 17:28:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable [2013.01.02 19:43:10 | 004,194,304 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT [2013.01.02 19:43:10 | 000,262,144 | -HS- | M] () -- C:\Users\Oliver\ntuser.dat.LOG1 [2009.12.06 14:04:17 | 000,000,000 | -HS- | M] () -- C:\Users\Oliver\ntuser.dat.LOG2 [2009.12.06 14:04:19 | 000,065,536 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2009.12.06 14:04:19 | 000,524,288 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2009.12.06 14:04:19 | 000,524,288 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2009.12.06 14:31:04 | 000,000,020 | -HS- | M] () -- C:\Users\Oliver\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Files - Unicode (All) ========== [2012.05.27 12:47:05 | 000,024,064 | ---- | M] ()(C:\Users\Oliver\Desktop\?e??µta?t???e???s??.doc) -- C:\Users\Oliver\Desktop\λεοψμταλτγριεψηισψη.doc [2012.05.27 11:46:45 | 000,024,064 | ---- | C] ()(C:\Users\Oliver\Desktop\?e??µta?t???e???s??.doc) -- C:\Users\Oliver\Desktop\λεοψμταλτγριεψηισψη.doc < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.01.2013 19:41:18 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oliver\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 66,97% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 66,92 Gb Free Space | 14,37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 149,05 Gb Total Space | 3,96 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive F: | 1,85 Gb Total Space | 0,54 Gb Free Space | 29,10% Space Free | Partition Type: FAT
Computer Name: OLIVERPC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Oliver\AppData\Roaming\WinDefender.exe" = C:\Users\Oliver\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger
"C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe" = C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe:*:Enabled:Windows Messanger
"C:\Users\Oliver\AppData\Roaming\WinDefender.exe" = C:\Users\Oliver\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger
"C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe" = C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{40CE1310-F6C5-4E67-9B24-08E98CD069F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CA9B4D4-5469-4020-87B1-60FA9CE78DDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E8E4248-E2FB-4E8A-BB64-2FC7CF9DA3DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C6FE98A-5855-4788-A7FB-8108CD90565C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF152052-AD9A-4A87-9E74-3A73E850A821}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E83518E3-FECD-480E-81C8-CD33D87779B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{382300D4-777B-4233-A98C-99EA0F6B881F}" = HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CD75E31-9E55-D89F-AAE8-8ED39A763C1E}" = ATI AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{476B3339-1C29-4660-85B9-15850DCCD4EE}" = D4300
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B961AE86-6165-0571-CEA6-8C7B88BE31EE}" = HydraVision
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6F30DBC-9003-497C-8ADD-39F90801932A}" = DJ_SF_03_D4300_Software_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"auxilium 3.1 light_is1" = auxilium 3.1 light
"AVMWLANCLI" = AVM FRITZ!WLAN
"Batch PPTX to PPT Converter" = Batch PPTX to PPT Converter
"Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Corel Home Super Putt" = Corel Home Super Putt
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube Download_is1" = Free YouTube Download 2.9
"GTA2 Game Hunter" = GTA2 Game Hunter
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"IrfanView" = IrfanView (remove only)
"KaloMa_is1" = KaloMa 4.91
"Latein-Wörterbuch_is1" = Das Latein-Wörterbuch 2.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSchach3a_is1" = N Schach 3
"Picasa 3" = Picasa 3
"PokerTH 0.8.3" = PokerTH
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 22600" = Worms Reloaded
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"Worms Armageddon" = Worms Armageddon
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2012 20:50:35 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 26.12.2012 08:22:50 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 07:43:31 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 13:31:48 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.12.2012 18:55:54 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Oliver\Downloads\SoftonicDownloader_fuer_gspot.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 28.12.2012 13:25:54 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 28.12.2012 23:51:34 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 29.12.2012 04:12:47 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 29.12.2012 08:12:45 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 29.12.2012 09:12:01 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 30.12.2012 08:15:56 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2012 13:05:38 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 31.12.2012 07:50:42 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2012 13:14:02 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 02.01.2013 13:30:43 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.11.2012 07:03:41 | Computer Name = OliverPC | Source = BROWSER | ID = 8032
Description =
Error - 05.11.2012 06:49:00 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 11.11.2012 20:29:26 | Computer Name = OliverPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Cisco Systems, Inc. VPN Service" ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 18.11.2012 21:47:08 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 19.11.2012 06:52:08 | Computer Name = OliverPC | Source = DCOM | ID = 10010
Description =
Error - 24.11.2012 14:15:44 | Computer Name = OliverPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?11.?2012 um 12:02:10 unerwartet heruntergefahren.
Error - 09.12.2012 21:34:56 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 13.12.2012 20:52:13 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 23.12.2012 08:51:38 | Computer Name = OliverPC | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.103 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 30.12.2012 22:02:28 | Computer Name = OliverPC | Source = DCOM | ID = 10010
Description =
< End of report >
Geändert von Yoshi08 (02.01.2013 um 20:05 Uhr) |
|
02.01.2013, 20:17
| #4 |
| /// Malware-holic | Virenüberprüfung Hi internet kann ruhig aktiv bleiben download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.01.2013, 21:00
| #5 |
| | Virenüberprüfung Hey, ich habe einen Scan gemacht (somit war jedes Kästchen außer "loaded moduls" aktiviert), der Log sagt Folgendes: Code:
ATTFilter 20:48:49.0910 1664 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:48:49.0925 1664 ============================================================
20:48:49.0925 1664 Current date / time: 2013/01/02 20:48:49.0925
20:48:49.0925 1664 SystemInfo:
20:48:49.0925 1664
20:48:49.0925 1664 OS Version: 6.1.7601 ServicePack: 1.0
20:48:49.0925 1664 Product type: Workstation
20:48:49.0925 1664 ComputerName: OLIVERPC
20:48:49.0925 1664 UserName: Oliver
20:48:49.0925 1664 Windows directory: C:\Windows
20:48:49.0925 1664 System windows directory: C:\Windows
20:48:49.0925 1664 Running under WOW64
20:48:49.0925 1664 Processor architecture: Intel x64
20:48:49.0925 1664 Number of processors: 4
20:48:49.0925 1664 Page size: 0x1000
20:48:49.0925 1664 Boot type: Normal boot
20:48:49.0925 1664 ============================================================
20:48:50.0846 1664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:50.0846 1664 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:50.0861 1664 Drive \Device\Harddisk2\DR6 - Size: 0x76800000 (1.85 Gb), SectorSize: 0x200, Cylinders: 0xF1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:48:50.0861 1664 ============================================================
20:48:50.0861 1664 \Device\Harddisk0\DR0:
20:48:50.0861 1664 MBR partitions:
20:48:50.0861 1664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
20:48:50.0861 1664 \Device\Harddisk1\DR1:
20:48:50.0861 1664 MBR partitions:
20:48:50.0861 1664 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
20:48:50.0861 1664 \Device\Harddisk2\DR6:
20:48:50.0861 1664 MBR partitions:
20:48:50.0861 1664 \Device\Harddisk2\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B3FE0
20:48:50.0861 1664 ============================================================
20:48:50.0877 1664 C: <-> \Device\Harddisk0\DR0\Partition1
20:48:50.0877 1664 E: <-> \Device\Harddisk1\DR1\Partition1
20:48:50.0877 1664 ============================================================
20:48:50.0877 1664 Initialize success
20:48:50.0877 1664 ============================================================
20:49:37.0271 2336 ============================================================
20:49:37.0271 2336 Scan started
20:49:37.0271 2336 Mode: Manual; SigCheck; TDLFS;
20:49:37.0271 2336 ============================================================
20:49:37.0739 2336 ================ Scan system memory ========================
20:49:37.0739 2336 System memory - ok
20:49:37.0739 2336 ================ Scan services =============================
20:49:37.0926 2336 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:49:38.0082 2336 1394ohci - ok
20:49:38.0098 2336 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:49:38.0114 2336 ACPI - ok
20:49:38.0129 2336 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:49:38.0238 2336 AcpiPmi - ok
20:49:38.0379 2336 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:38.0410 2336 AdobeARMservice - ok
20:49:38.0457 2336 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:49:38.0504 2336 adp94xx - ok
20:49:38.0519 2336 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:49:38.0535 2336 adpahci - ok
20:49:38.0550 2336 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:49:38.0566 2336 adpu320 - ok
20:49:38.0613 2336 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:49:38.0753 2336 AeLookupSvc - ok
20:49:38.0816 2336 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:49:38.0909 2336 AFD - ok
20:49:38.0956 2336 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:49:38.0987 2336 agp440 - ok
20:49:39.0159 2336 [ 1125C7D9FB8898015829C387C1BC87C7 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:49:39.0159 2336 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125C7D9FB8898015829C387C1BC87C7
20:49:39.0159 2336 Akamai ( HiddenFile.Multi.Generic ) - warning
20:49:39.0159 2336 Akamai - detected HiddenFile.Multi.Generic (1)
20:49:39.0206 2336 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:49:39.0268 2336 ALG - ok
20:49:39.0299 2336 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:49:39.0315 2336 aliide - ok
20:49:39.0330 2336 [ 87E226C0E11182943D28E8BEC61618CD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:49:39.0440 2336 AMD External Events Utility - ok
20:49:39.0549 2336 AMD FUEL Service - ok
20:49:39.0549 2336 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:49:39.0580 2336 amdide - ok
20:49:39.0596 2336 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
20:49:39.0642 2336 amdiox64 - ok
20:49:39.0689 2336 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:49:39.0752 2336 AmdK8 - ok
20:49:39.0970 2336 [ 446A1AAD34191665A8DF6092BD8EB5A8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:49:40.0266 2336 amdkmdag - ok
20:49:40.0298 2336 [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:49:40.0329 2336 amdkmdap - ok
20:49:40.0407 2336 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:49:40.0485 2336 AmdPPM - ok
20:49:40.0547 2336 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:49:40.0578 2336 amdsata - ok
20:49:40.0594 2336 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:49:40.0610 2336 amdsbs - ok
20:49:40.0625 2336 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:49:40.0625 2336 amdxata - ok
20:49:40.0734 2336 [ B01289CC07A2E21C4EFCA722D1EFB243 ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
20:49:40.0766 2336 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
20:49:40.0766 2336 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
20:49:40.0812 2336 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:49:40.0828 2336 AODDriver4.01 - ok
20:49:40.0890 2336 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:49:41.0046 2336 AppID - ok
20:49:41.0093 2336 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:49:41.0171 2336 AppIDSvc - ok
20:49:41.0249 2336 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:49:41.0358 2336 Appinfo - ok
20:49:41.0561 2336 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:49:41.0592 2336 arc - ok
20:49:41.0592 2336 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:49:41.0608 2336 arcsas - ok
20:49:41.0624 2336 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:41.0702 2336 AsyncMac - ok
20:49:41.0733 2336 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:49:41.0764 2336 atapi - ok
20:49:41.0811 2336 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:49:41.0826 2336 AtiHDAudioService - ok
20:49:41.0842 2336 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:49:41.0858 2336 AtiHdmiService - ok
20:49:42.0029 2336 [ 446A1AAD34191665A8DF6092BD8EB5A8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:49:42.0154 2336 atikmdag - ok
20:49:42.0201 2336 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:49:42.0248 2336 AtiPcie - ok
20:49:42.0310 2336 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:49:42.0388 2336 AudioEndpointBuilder - ok
20:49:42.0404 2336 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:49:42.0435 2336 AudioSrv - ok
20:49:42.0575 2336 [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
20:49:42.0622 2336 AVKProxy - ok
20:49:42.0747 2336 [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
20:49:42.0778 2336 AVKService - ok
20:49:42.0872 2336 [ 22F1444896844B0462359825EF628507 ] AVKWCtl C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe
20:49:42.0934 2336 AVKWCtl - ok
20:49:42.0965 2336 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
20:49:43.0012 2336 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
20:49:43.0012 2336 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
20:49:43.0059 2336 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
20:49:43.0106 2336 avmeject - ok
20:49:43.0152 2336 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:49:43.0277 2336 AxInstSV - ok
20:49:43.0340 2336 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:49:43.0371 2336 b06bdrv - ok
20:49:43.0418 2336 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:49:43.0480 2336 b57nd60a - ok
20:49:43.0542 2336 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:49:43.0589 2336 BDESVC - ok
20:49:43.0620 2336 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:49:43.0698 2336 Beep - ok
20:49:43.0761 2336 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:49:43.0808 2336 BFE - ok
20:49:43.0839 2336 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:49:43.0886 2336 BITS - ok
20:49:43.0964 2336 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:44.0010 2336 blbdrive - ok
20:49:44.0057 2336 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:49:44.0088 2336 bowser - ok
20:49:44.0104 2336 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:49:44.0166 2336 BrFiltLo - ok
20:49:44.0198 2336 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:49:44.0213 2336 BrFiltUp - ok
20:49:44.0276 2336 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:49:44.0322 2336 Browser - ok
20:49:44.0369 2336 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:49:44.0432 2336 Brserid - ok
20:49:44.0463 2336 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:44.0525 2336 BrSerWdm - ok
20:49:44.0556 2336 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:44.0619 2336 BrUsbMdm - ok
20:49:44.0634 2336 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:44.0666 2336 BrUsbSer - ok
20:49:44.0697 2336 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:49:44.0728 2336 BTHMODEM - ok
20:49:44.0806 2336 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:49:44.0900 2336 bthserv - ok
20:49:44.0931 2336 catchme - ok
20:49:44.0962 2336 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:49:45.0009 2336 cdfs - ok
20:49:45.0071 2336 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:49:45.0118 2336 cdrom - ok
20:49:45.0180 2336 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:49:45.0258 2336 CertPropSvc - ok
20:49:45.0336 2336 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:49:45.0399 2336 circlass - ok
20:49:45.0446 2336 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:49:45.0492 2336 CLFS - ok
20:49:45.0586 2336 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:45.0602 2336 clr_optimization_v2.0.50727_32 - ok
20:49:45.0664 2336 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:49:45.0695 2336 clr_optimization_v2.0.50727_64 - ok
20:49:45.0742 2336 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:45.0789 2336 CmBatt - ok
20:49:45.0820 2336 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:49:45.0851 2336 cmdide - ok
20:49:45.0898 2336 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:49:45.0992 2336 CNG - ok
20:49:46.0007 2336 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:49:46.0023 2336 Compbatt - ok
20:49:46.0070 2336 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:49:46.0132 2336 CompositeBus - ok
20:49:46.0148 2336 COMSysApp - ok
20:49:46.0179 2336 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:49:46.0194 2336 crcdisk - ok
20:49:46.0257 2336 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:49:46.0304 2336 CryptSvc - ok
20:49:46.0366 2336 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
20:49:46.0413 2336 CVirtA - ok
20:49:46.0569 2336 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:49:46.0647 2336 CVPND - ok
20:49:46.0662 2336 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
20:49:46.0678 2336 CVPNDRVA - ok
20:49:46.0756 2336 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:49:46.0834 2336 DcomLaunch - ok
20:49:46.0912 2336 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:49:47.0006 2336 defragsvc - ok
20:49:47.0037 2336 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:49:47.0099 2336 DfsC - ok
20:49:47.0146 2336 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:49:47.0224 2336 Dhcp - ok
20:49:47.0271 2336 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:49:47.0333 2336 discache - ok
20:49:47.0333 2336 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:49:47.0349 2336 Disk - ok
20:49:47.0396 2336 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
20:49:47.0443 2336 DNE - ok
20:49:47.0505 2336 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:49:47.0567 2336 Dnscache - ok
20:49:47.0614 2336 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:49:47.0692 2336 dot3svc - ok
20:49:47.0739 2336 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:49:47.0817 2336 DPS - ok
20:49:47.0879 2336 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:49:47.0942 2336 drmkaud - ok
20:49:47.0973 2336 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:49:48.0020 2336 dtsoftbus01 - ok
20:49:48.0098 2336 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:49:48.0129 2336 DXGKrnl - ok
20:49:48.0176 2336 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:49:48.0254 2336 EapHost - ok
20:49:48.0363 2336 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:49:48.0472 2336 ebdrv - ok
20:49:48.0503 2336 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:49:48.0519 2336 EFS - ok
20:49:48.0628 2336 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:49:48.0691 2336 ehRecvr - ok
20:49:48.0753 2336 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:49:48.0815 2336 ehSched - ok
20:49:48.0862 2336 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:49:48.0909 2336 elxstor - ok
20:49:48.0956 2336 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:49:49.0003 2336 ErrDev - ok
20:49:49.0065 2336 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:49:49.0127 2336 EventSystem - ok
20:49:49.0159 2336 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:49:49.0205 2336 exfat - ok
20:49:49.0221 2336 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:49:49.0268 2336 fastfat - ok
20:49:49.0346 2336 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:49:49.0393 2336 Fax - ok
20:49:49.0424 2336 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:49:49.0439 2336 fdc - ok
20:49:49.0486 2336 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:49:49.0564 2336 fdPHost - ok
20:49:49.0611 2336 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:49:49.0705 2336 FDResPub - ok
20:49:49.0736 2336 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:49:49.0767 2336 FileInfo - ok
20:49:49.0783 2336 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:49:49.0861 2336 Filetrace - ok
20:49:49.0876 2336 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:49:49.0892 2336 flpydisk - ok
20:49:49.0954 2336 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:49:49.0985 2336 FltMgr - ok
20:49:50.0032 2336 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
20:49:50.0079 2336 FontCache - ok
20:49:50.0173 2336 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:50.0188 2336 FontCache3.0.0.0 - ok
20:49:50.0204 2336 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:49:50.0219 2336 FsDepends - ok
20:49:50.0266 2336 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:49:50.0297 2336 Fs_Rec - ok
20:49:50.0360 2336 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:49:50.0391 2336 fvevol - ok
20:49:50.0453 2336 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
20:49:50.0500 2336 FWLANUSB ( UnsignedFile.Multi.Generic ) - warning
20:49:50.0500 2336 FWLANUSB - detected UnsignedFile.Multi.Generic (1)
20:49:50.0578 2336 [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4 C:\Windows\system32\DRIVERS\fwlanusb4.sys
20:49:50.0641 2336 fwlanusb4 - ok
20:49:50.0687 2336 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:49:50.0719 2336 gagp30kx - ok
20:49:50.0765 2336 [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
20:49:50.0828 2336 GDBehave - ok
20:49:50.0953 2336 [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
20:49:51.0046 2336 GDFwSvc - ok
20:49:51.0093 2336 [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
20:49:51.0124 2336 GDMnIcpt - ok
20:49:51.0171 2336 [ CEBDA28D56F0CA2F08367C93741E5F76 ] GdNetMon C:\Windows\system32\drivers\GdNetMon64.sys
20:49:51.0202 2336 GdNetMon - ok
20:49:51.0249 2336 [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
20:49:51.0296 2336 GDPkIcpt - ok
20:49:51.0374 2336 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
20:49:51.0405 2336 GDScan - ok
20:49:51.0452 2336 [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd C:\Windows\system32\DRIVERS\gdwfpcd64.sys
20:49:51.0499 2336 gdwfpcd - ok
20:49:51.0514 2336 [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
20:49:51.0561 2336 GearAspiWDM - ok
20:49:51.0623 2336 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:49:51.0717 2336 gpsvc - ok
20:49:51.0826 2336 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\Windows\system32\drivers\GRD.sys
20:49:51.0857 2336 GRD - ok
20:49:52.0029 2336 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:52.0060 2336 gupdate - ok
20:49:52.0107 2336 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:49:52.0123 2336 gusvc - ok
20:49:52.0138 2336 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:49:52.0154 2336 hamachi - ok
20:49:52.0201 2336 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:49:52.0247 2336 hcw85cir - ok
20:49:52.0279 2336 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:49:52.0341 2336 HDAudBus - ok
20:49:52.0372 2336 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:49:52.0419 2336 HidBatt - ok
20:49:52.0450 2336 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:49:52.0513 2336 HidBth - ok
20:49:52.0528 2336 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:49:52.0544 2336 HidIr - ok
20:49:52.0591 2336 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:49:52.0669 2336 hidserv - ok
20:49:52.0747 2336 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:49:52.0778 2336 HidUsb - ok
20:49:52.0825 2336 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:49:52.0871 2336 hkmsvc - ok
20:49:52.0903 2336 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:49:52.0965 2336 HomeGroupListener - ok
20:49:53.0012 2336 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:49:53.0074 2336 HomeGroupProvider - ok
20:49:53.0121 2336 [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
20:49:53.0121 2336 HookCentre - ok
20:49:53.0261 2336 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:49:53.0293 2336 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:49:53.0293 2336 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:49:53.0339 2336 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:49:53.0355 2336 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:49:53.0355 2336 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:49:53.0402 2336 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:49:53.0433 2336 HpSAMD - ok
20:49:53.0495 2336 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:49:53.0589 2336 HTTP - ok
20:49:53.0620 2336 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:49:53.0651 2336 hwpolicy - ok
20:49:53.0667 2336 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:49:53.0683 2336 i8042prt - ok
20:49:53.0698 2336 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:49:53.0729 2336 iaStorV - ok
20:49:53.0761 2336 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:49:53.0792 2336 idsvc - ok
20:49:53.0839 2336 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:49:53.0870 2336 iirsp - ok
20:49:53.0932 2336 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:49:54.0010 2336 IKEEXT - ok
20:49:54.0041 2336 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:49:54.0073 2336 intelide - ok
20:49:54.0088 2336 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:49:54.0119 2336 intelppm - ok
20:49:54.0166 2336 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:49:54.0260 2336 IPBusEnum - ok
20:49:54.0307 2336 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:54.0353 2336 IpFilterDriver - ok
20:49:54.0369 2336 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:49:54.0431 2336 iphlpsvc - ok
20:49:54.0463 2336 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:49:54.0494 2336 IPMIDRV - ok
20:49:54.0541 2336 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:49:54.0619 2336 IPNAT - ok
20:49:54.0650 2336 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:49:54.0728 2336 IRENUM - ok
20:49:54.0743 2336 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:49:54.0759 2336 isapnp - ok
20:49:54.0775 2336 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:49:54.0790 2336 iScsiPrt - ok
20:49:54.0806 2336 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:49:54.0806 2336 kbdclass - ok
20:49:54.0821 2336 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:49:54.0868 2336 kbdhid - ok
20:49:54.0899 2336 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:49:54.0915 2336 KeyIso - ok
20:49:54.0931 2336 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:49:54.0946 2336 KMWDFILTER - ok
20:49:54.0993 2336 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:49:55.0009 2336 KSecDD - ok
20:49:55.0009 2336 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:49:55.0024 2336 KSecPkg - ok
20:49:55.0071 2336 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:49:55.0165 2336 ksthunk - ok
20:49:55.0211 2336 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:49:55.0274 2336 KtmRm - ok
20:49:55.0352 2336 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:49:55.0430 2336 LanmanServer - ok
20:49:55.0492 2336 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:49:55.0570 2336 LanmanWorkstation - ok
20:49:55.0617 2336 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:49:55.0726 2336 lltdio - ok
20:49:55.0789 2336 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:49:55.0835 2336 lltdsvc - ok
20:49:55.0851 2336 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:49:55.0882 2336 lmhosts - ok
20:49:55.0929 2336 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:55.0960 2336 LSI_FC - ok
20:49:55.0976 2336 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:55.0991 2336 LSI_SAS - ok
20:49:55.0991 2336 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:56.0007 2336 LSI_SAS2 - ok
20:49:56.0007 2336 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:56.0023 2336 LSI_SCSI - ok
20:49:56.0023 2336 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:49:56.0101 2336 luafv - ok
20:49:56.0132 2336 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:49:56.0194 2336 Mcx2Svc - ok
20:49:56.0225 2336 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:49:56.0257 2336 megasas - ok
20:49:56.0272 2336 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:56.0288 2336 MegaSR - ok
20:49:56.0335 2336 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:49:56.0413 2336 MMCSS - ok
20:49:56.0444 2336 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:49:56.0506 2336 Modem - ok
20:49:56.0553 2336 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:49:56.0600 2336 monitor - ok
20:49:56.0662 2336 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:49:56.0693 2336 mouclass - ok
20:49:56.0709 2336 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:49:56.0725 2336 mouhid - ok
20:49:56.0771 2336 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:49:56.0803 2336 mountmgr - ok
20:49:56.0849 2336 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:49:56.0881 2336 MozillaMaintenance - ok
20:49:56.0896 2336 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:49:56.0927 2336 mpio - ok
20:49:56.0943 2336 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:49:56.0974 2336 mpsdrv - ok
20:49:57.0083 2336 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:49:57.0161 2336 MpsSvc - ok
20:49:57.0193 2336 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:49:57.0255 2336 MRxDAV - ok
20:49:57.0286 2336 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:57.0364 2336 mrxsmb - ok
20:49:57.0427 2336 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:57.0458 2336 mrxsmb10 - ok
20:49:57.0505 2336 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:57.0536 2336 mrxsmb20 - ok
20:49:57.0567 2336 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:49:57.0598 2336 msahci - ok
20:49:57.0645 2336 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:49:57.0676 2336 msdsm - ok
20:49:57.0692 2336 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:49:57.0723 2336 MSDTC - ok
20:49:57.0770 2336 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:49:57.0832 2336 Msfs - ok
20:49:57.0832 2336 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:49:57.0879 2336 mshidkmdf - ok
20:49:57.0910 2336 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:49:57.0926 2336 msisadrv - ok
20:49:57.0973 2336 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:49:58.0035 2336 MSiSCSI - ok
20:49:58.0035 2336 msiserver - ok
20:49:58.0051 2336 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:49:58.0097 2336 MSKSSRV - ok
20:49:58.0113 2336 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:58.0160 2336 MSPCLOCK - ok
20:49:58.0175 2336 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:49:58.0207 2336 MSPQM - ok
20:49:58.0238 2336 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:49:58.0253 2336 MsRPC - ok
20:49:58.0300 2336 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:49:58.0300 2336 mssmbios - ok
20:49:58.0316 2336 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:49:58.0363 2336 MSTEE - ok
20:49:58.0394 2336 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:49:58.0441 2336 MTConfig - ok
20:49:58.0487 2336 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:49:58.0534 2336 MTsensor - ok
20:49:58.0550 2336 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:49:58.0581 2336 Mup - ok
20:49:58.0628 2336 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:49:58.0721 2336 napagent - ok
20:49:58.0768 2336 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:49:58.0815 2336 NativeWifiP - ok
20:49:58.0893 2336 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
20:49:58.0940 2336 NBService - ok
20:49:59.0018 2336 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:49:59.0065 2336 NDIS - ok
20:49:59.0111 2336 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:59.0158 2336 NdisCap - ok
20:49:59.0189 2336 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:59.0252 2336 NdisTapi - ok
20:49:59.0299 2336 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:59.0361 2336 Ndisuio - ok
20:49:59.0392 2336 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:59.0470 2336 NdisWan - ok
20:49:59.0517 2336 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:49:59.0595 2336 NDProxy - ok
20:49:59.0657 2336 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:49:59.0751 2336 NetBIOS - ok
20:49:59.0782 2336 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:49:59.0798 2336 NetBT - ok
20:49:59.0813 2336 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:49:59.0813 2336 Netlogon - ok
20:49:59.0876 2336 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:49:59.0969 2336 Netman - ok
20:50:00.0001 2336 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:50:00.0063 2336 netprofm - ok
20:50:00.0094 2336 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:50:00.0110 2336 NetTcpPortSharing - ok
20:50:00.0157 2336 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:50:00.0188 2336 nfrd960 - ok
20:50:00.0235 2336 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:50:00.0297 2336 NlaSvc - ok
20:50:00.0344 2336 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
20:50:00.0375 2336 NMIndexingService - ok
20:50:00.0391 2336 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:50:00.0453 2336 Npfs - ok
20:50:00.0500 2336 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:50:00.0578 2336 nsi - ok
20:50:00.0593 2336 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:50:00.0671 2336 nsiproxy - ok
20:50:00.0749 2336 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:50:00.0796 2336 Ntfs - ok
20:50:00.0796 2336 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:50:00.0843 2336 Null - ok
20:50:00.0890 2336 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:50:00.0921 2336 nvraid - ok
20:50:00.0952 2336 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:50:00.0968 2336 nvstor - ok
20:50:01.0015 2336 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:50:01.0061 2336 nv_agp - ok
20:50:01.0061 2336 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:50:01.0077 2336 ohci1394 - ok
20:50:01.0124 2336 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:50:01.0155 2336 ose - ok
20:50:01.0202 2336 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:50:01.0249 2336 p2pimsvc - ok
20:50:01.0280 2336 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:50:01.0295 2336 p2psvc - ok
20:50:01.0342 2336 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:50:01.0389 2336 Parport - ok
20:50:01.0436 2336 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:50:01.0483 2336 partmgr - ok
20:50:01.0483 2336 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:50:01.0529 2336 PcaSvc - ok
20:50:01.0561 2336 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:50:01.0607 2336 pci - ok
20:50:01.0607 2336 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:50:01.0623 2336 pciide - ok
20:50:01.0639 2336 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:50:01.0654 2336 pcmcia - ok
20:50:01.0654 2336 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:50:01.0670 2336 pcw - ok
20:50:01.0685 2336 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:50:01.0732 2336 PEAUTH - ok
20:50:01.0826 2336 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:50:01.0888 2336 PerfHost - ok
20:50:01.0951 2336 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:50:02.0013 2336 pla - ok
20:50:02.0075 2336 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:50:02.0107 2336 PlugPlay - ok
20:50:02.0169 2336 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:50:02.0216 2336 PNRPAutoReg - ok
20:50:02.0247 2336 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:50:02.0263 2336 PNRPsvc - ok
20:50:02.0356 2336 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:50:02.0434 2336 PolicyAgent - ok
20:50:02.0559 2336 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:50:02.0653 2336 Power - ok
20:50:02.0699 2336 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:50:02.0731 2336 PptpMiniport - ok
20:50:02.0731 2336 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:50:02.0746 2336 Processor - ok
20:50:02.0762 2336 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:50:02.0809 2336 ProfSvc - ok
20:50:02.0824 2336 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:50:02.0824 2336 ProtectedStorage - ok
20:50:02.0887 2336 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:50:02.0965 2336 Psched - ok
20:50:03.0043 2336 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:50:03.0089 2336 ql2300 - ok
20:50:03.0105 2336 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:50:03.0121 2336 ql40xx - ok
20:50:03.0167 2336 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:50:03.0199 2336 QWAVE - ok
20:50:03.0214 2336 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:50:03.0277 2336 QWAVEdrv - ok
20:50:03.0292 2336 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:50:03.0339 2336 RasAcd - ok
20:50:03.0355 2336 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:03.0370 2336 RasAgileVpn - ok
20:50:03.0386 2336 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:50:03.0433 2336 RasAuto - ok
20:50:03.0464 2336 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:03.0542 2336 Rasl2tp - ok
20:50:03.0557 2336 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:50:03.0620 2336 RasMan - ok
20:50:03.0651 2336 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:03.0729 2336 RasPppoe - ok
20:50:03.0760 2336 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:50:03.0838 2336 RasSstp - ok
20:50:03.0885 2336 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:50:03.0963 2336 rdbss - ok
20:50:03.0994 2336 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:50:04.0041 2336 rdpbus - ok
20:50:04.0057 2336 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:04.0088 2336 RDPCDD - ok
20:50:04.0103 2336 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:50:04.0150 2336 RDPENCDD - ok
20:50:04.0166 2336 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:50:04.0197 2336 RDPREFMP - ok
20:50:04.0213 2336 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:50:04.0228 2336 RDPWD - ok
20:50:04.0291 2336 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:50:04.0337 2336 rdyboost - ok
20:50:04.0369 2336 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:50:04.0447 2336 RemoteAccess - ok
20:50:04.0493 2336 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:50:04.0571 2336 RemoteRegistry - ok
20:50:04.0603 2336 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:50:04.0681 2336 RpcEptMapper - ok
20:50:04.0696 2336 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:50:04.0743 2336 RpcLocator - ok
20:50:04.0790 2336 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:50:04.0837 2336 RpcSs - ok
20:50:04.0883 2336 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:50:04.0961 2336 rspndr - ok
20:50:05.0024 2336 [ DFADCAE64AEBE2C67DA9CD2AE74CCDE5 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:50:05.0117 2336 RTL8169 - ok
20:50:05.0133 2336 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:50:05.0149 2336 SamSs - ok
20:50:05.0195 2336 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:50:05.0227 2336 sbp2port - ok
20:50:05.0258 2336 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:50:05.0367 2336 SCardSvr - ok
20:50:05.0383 2336 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:50:05.0461 2336 scfilter - ok
20:50:05.0523 2336 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:50:05.0585 2336 Schedule - ok
20:50:05.0617 2336 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:50:05.0648 2336 SCPolicySvc - ok
20:50:05.0695 2336 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:50:05.0741 2336 SDRSVC - ok
20:50:05.0819 2336 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:50:05.0897 2336 secdrv - ok
20:50:05.0929 2336 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:50:06.0007 2336 seclogon - ok
20:50:06.0038 2336 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:50:06.0069 2336 SENS - ok
20:50:06.0085 2336 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:50:06.0085 2336 SensrSvc - ok
20:50:06.0100 2336 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:50:06.0147 2336 Serenum - ok
20:50:06.0225 2336 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:50:06.0272 2336 Serial - ok
20:50:06.0303 2336 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:50:06.0319 2336 sermouse - ok
20:50:06.0365 2336 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:50:06.0443 2336 SessionEnv - ok
20:50:06.0475 2336 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:50:06.0537 2336 sffdisk - ok
20:50:06.0553 2336 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:50:06.0615 2336 sffp_mmc - ok
20:50:06.0646 2336 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:50:06.0693 2336 sffp_sd - ok
20:50:06.0740 2336 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:06.0755 2336 sfloppy - ok
20:50:06.0802 2336 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:50:06.0880 2336 SharedAccess - ok
20:50:06.0927 2336 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:50:06.0958 2336 ShellHWDetection - ok
20:50:06.0974 2336 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:50:06.0989 2336 SiSRaid2 - ok
20:50:06.0989 2336 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:50:07.0005 2336 SiSRaid4 - ok
20:50:07.0052 2336 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:50:07.0083 2336 SkypeUpdate - ok
20:50:07.0099 2336 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:50:07.0177 2336 Smb - ok
20:50:07.0223 2336 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:50:07.0286 2336 SNMPTRAP - ok
20:50:07.0317 2336 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:50:07.0333 2336 spldr - ok
20:50:07.0395 2336 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:50:07.0457 2336 Spooler - ok
20:50:07.0567 2336 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:50:07.0769 2336 sppsvc - ok
20:50:07.0785 2336 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:50:07.0863 2336 sppuinotify - ok
20:50:07.0925 2336 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
20:50:07.0972 2336 sptd - ok
20:50:08.0019 2336 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:50:08.0113 2336 srv - ok
20:50:08.0175 2336 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:50:08.0222 2336 srv2 - ok
20:50:08.0253 2336 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:50:08.0284 2336 srvnet - ok
20:50:08.0362 2336 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:50:08.0456 2336 SSDPSRV - ok
20:50:08.0487 2336 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:50:08.0518 2336 SstpSvc - ok
20:50:08.0518 2336 StarOpen - ok
20:50:08.0549 2336 Steam Client Service - ok
20:50:08.0581 2336 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:50:08.0612 2336 stexstor - ok
20:50:08.0674 2336 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:50:08.0737 2336 stisvc - ok
20:50:08.0768 2336 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:50:08.0783 2336 swenum - ok
20:50:08.0799 2336 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:50:08.0861 2336 swprv - ok
20:50:08.0908 2336 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:50:08.0939 2336 SysMain - ok
20:50:08.0955 2336 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:50:08.0971 2336 TabletInputService - ok
20:50:08.0986 2336 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:50:09.0033 2336 TapiSrv - ok
20:50:09.0064 2336 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:50:09.0142 2336 TBS - ok
20:50:09.0205 2336 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:50:09.0251 2336 Tcpip - ok
20:50:09.0283 2336 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:50:09.0314 2336 TCPIP6 - ok
20:50:09.0361 2336 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:50:09.0439 2336 tcpipreg - ok
20:50:09.0470 2336 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:50:09.0532 2336 TDPIPE - ok
20:50:09.0579 2336 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:50:09.0626 2336 TDTCP - ok
20:50:09.0673 2336 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:50:09.0766 2336 tdx - ok
20:50:09.0875 2336 [ EFD6843C137991CD253CA959E300E886 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:50:09.0953 2336 TeamViewer6 - ok
20:50:09.0969 2336 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:50:09.0985 2336 TermDD - ok
20:50:10.0000 2336 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:50:10.0047 2336 TermService - ok
20:50:10.0078 2336 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:50:10.0109 2336 Themes - ok
20:50:10.0156 2336 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:50:10.0203 2336 THREADORDER - ok
20:50:10.0219 2336 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:50:10.0281 2336 TrkWks - ok
20:50:10.0390 2336 [ C6A1A2B4E8A7B92C11CA038369BD7DBE ] truecrypt C:\Windows\syswow64\drivers\truecrypt.sys
20:50:10.0437 2336 truecrypt - ok
20:50:10.0515 2336 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:50:10.0593 2336 TrustedInstaller - ok
20:50:10.0640 2336 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:10.0702 2336 tssecsrv - ok
20:50:10.0749 2336 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:50:10.0796 2336 TsUsbFlt - ok
20:50:10.0874 2336 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:50:10.0952 2336 tunnel - ok
20:50:10.0999 2336 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:50:11.0030 2336 uagp35 - ok
20:50:11.0077 2336 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:50:11.0155 2336 udfs - ok
20:50:11.0186 2336 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:50:11.0233 2336 UI0Detect - ok
20:50:11.0264 2336 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:50:11.0295 2336 uliagpkx - ok
20:50:11.0342 2336 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:50:11.0389 2336 umbus - ok
20:50:11.0435 2336 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:50:11.0482 2336 UmPass - ok
20:50:11.0513 2336 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:50:11.0576 2336 upnphost - ok
20:50:11.0591 2336 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
20:50:11.0623 2336 usbccgp - ok
20:50:11.0654 2336 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:50:11.0669 2336 usbcir - ok
20:50:11.0669 2336 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:50:11.0685 2336 usbehci - ok
20:50:11.0701 2336 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:50:11.0716 2336 usbhub - ok
20:50:11.0732 2336 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:50:11.0732 2336 usbohci - ok
20:50:11.0779 2336 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:50:11.0841 2336 usbprint - ok
20:50:11.0872 2336 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:11.0919 2336 USBSTOR - ok
20:50:11.0950 2336 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:50:11.0997 2336 usbuhci - ok
20:50:12.0044 2336 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:50:12.0122 2336 UxSms - ok
20:50:12.0153 2336 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:50:12.0153 2336 VaultSvc - ok
20:50:12.0169 2336 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:50:12.0184 2336 vdrvroot - ok
20:50:12.0231 2336 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:50:12.0325 2336 vds - ok
20:50:12.0387 2336 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:12.0418 2336 vga - ok
20:50:12.0434 2336 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:50:12.0512 2336 VgaSave - ok
20:50:12.0559 2336 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:50:12.0590 2336 vhdmp - ok
20:50:12.0652 2336 [ EB8E24360CAF3492E129B9E485CDCA9C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:50:12.0761 2336 VIAHdAudAddService - ok
20:50:12.0761 2336 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:50:12.0777 2336 viaide - ok
20:50:12.0824 2336 [ 091E009EF749C9D65CF9ADFAD316D251 ] vmm C:\Windows\system32\Treiber\vmm.sys
20:50:12.0855 2336 vmm - ok
20:50:12.0855 2336 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:50:12.0871 2336 volmgr - ok
20:50:12.0917 2336 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:50:12.0949 2336 volmgrx - ok
20:50:12.0964 2336 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:50:12.0980 2336 volsnap - ok
20:50:12.0995 2336 [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
20:50:13.0011 2336 VPCNetS2 - ok
20:50:13.0042 2336 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:50:13.0089 2336 vsmraid - ok
20:50:13.0151 2336 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:50:13.0292 2336 VSS - ok
20:50:13.0323 2336 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:50:13.0370 2336 vwifibus - ok
20:50:13.0432 2336 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:50:13.0495 2336 W32Time - ok
20:50:13.0526 2336 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:50:13.0557 2336 WacomPen - ok
20:50:13.0635 2336 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:50:13.0697 2336 WANARP - ok
20:50:13.0697 2336 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:50:13.0729 2336 Wanarpv6 - ok
20:50:13.0791 2336 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:50:13.0853 2336 wbengine - ok
20:50:13.0900 2336 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:50:13.0931 2336 WbioSrvc - ok
20:50:13.0978 2336 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:50:14.0025 2336 wcncsvc - ok
20:50:14.0041 2336 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:50:14.0041 2336 WcsPlugInService - ok
20:50:14.0087 2336 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:50:14.0119 2336 Wd - ok
20:50:14.0134 2336 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:50:14.0165 2336 Wdf01000 - ok
20:50:14.0165 2336 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:50:14.0212 2336 WdiServiceHost - ok
20:50:14.0212 2336 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:50:14.0228 2336 WdiSystemHost - ok
20:50:14.0290 2336 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:50:14.0353 2336 WebClient - ok
20:50:14.0399 2336 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:50:14.0493 2336 Wecsvc - ok
20:50:14.0493 2336 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:50:14.0524 2336 wercplsupport - ok
20:50:14.0540 2336 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:50:14.0587 2336 WerSvc - ok
20:50:14.0649 2336 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:50:14.0696 2336 WfpLwf - ok
20:50:14.0711 2336 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:50:14.0727 2336 WIMMount - ok
20:50:14.0743 2336 WinDefend - ok
20:50:14.0758 2336 WinHttpAutoProxySvc - ok
20:50:14.0821 2336 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:50:14.0914 2336 Winmgmt - ok
20:50:14.0992 2336 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:50:15.0070 2336 WinRM - ok
20:50:15.0133 2336 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:50:15.0179 2336 WinUsb - ok
20:50:15.0242 2336 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:50:15.0304 2336 Wlansvc - ok
20:50:15.0445 2336 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:50:15.0523 2336 wlidsvc - ok
20:50:15.0569 2336 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:50:15.0632 2336 WmiAcpi - ok
20:50:15.0679 2336 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:50:15.0725 2336 wmiApSrv - ok
20:50:15.0803 2336 WMPNetworkSvc - ok
20:50:15.0850 2336 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:50:15.0881 2336 WPCSvc - ok
20:50:15.0913 2336 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:50:15.0959 2336 WPDBusEnum - ok
20:50:16.0006 2336 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:50:16.0053 2336 ws2ifsl - ok
20:50:16.0069 2336 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:50:16.0131 2336 wscsvc - ok
20:50:16.0147 2336 WSearch - ok
20:50:16.0240 2336 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:50:16.0287 2336 wuauserv - ok
20:50:16.0303 2336 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:50:16.0334 2336 WudfPf - ok
20:50:16.0412 2336 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:16.0474 2336 WUDFRd - ok
20:50:16.0505 2336 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:50:16.0537 2336 wudfsvc - ok
20:50:16.0583 2336 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:50:16.0630 2336 WwanSvc - ok
20:50:16.0661 2336 ================ Scan global ===============================
20:50:16.0708 2336 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:50:16.0739 2336 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:50:16.0755 2336 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:50:16.0786 2336 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:50:16.0802 2336 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:50:16.0802 2336 [Global] - ok
20:50:16.0802 2336 ================ Scan MBR ==================================
20:50:16.0817 2336 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:50:16.0989 2336 \Device\Harddisk0\DR0 - ok
20:50:17.0005 2336 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
20:50:17.0317 2336 \Device\Harddisk1\DR1 - ok
20:50:17.0332 2336 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR6
20:50:19.0391 2336 \Device\Harddisk2\DR6 - ok
20:50:19.0391 2336 ================ Scan VBR ==================================
20:50:19.0391 2336 [ E50E1156EB21C77C57DCC8858753D89C ] \Device\Harddisk0\DR0\Partition1
20:50:19.0391 2336 \Device\Harddisk0\DR0\Partition1 - ok
20:50:19.0407 2336 [ 00D59D865C4A466E5ED6E74A8E9DB724 ] \Device\Harddisk1\DR1\Partition1
20:50:19.0407 2336 \Device\Harddisk1\DR1\Partition1 - ok
20:50:19.0407 2336 [ 55AC3538E1C52BEAAF62EB8705ACDAC1 ] \Device\Harddisk2\DR6\Partition1
20:50:19.0407 2336 \Device\Harddisk2\DR6\Partition1 - ok
20:50:19.0407 2336 ============================================================
20:50:19.0407 2336 Scan finished
20:50:19.0407 2336 ============================================================
20:50:19.0407 1496 Detected object count: 6
20:50:19.0407 1496 Actual detected object count: 6
20:50:39.0375 1496 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:50:39.0375 1496 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:50:39.0375 1496 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0375 1496 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:39.0391 1496 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:39.0391 1496 FWLANUSB ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496 FWLANUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:39.0391 1496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:39.0391 1496 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
 Danke! Liebe Grüße |
|
03.01.2013, 19:01
| #6 | |
| /// Malware-holic | Virenüberprüfung hi passt combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Virenüberprüfung |
|
03.01.2013, 22:36
| #7 |
| | Virenüberprüfung Hey markusg, anbei der Log: Code:
ATTFilter ComboFix 13-01-03.05 - Oliver 03.01.2013 22:11:33.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2848 [GMT 1:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 21:15 . 2013-01-03 21:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-03 21:15 . 2013-01-03 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 13:25 . 2013-01-03 13:25 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-01-03 13:25 . 2013-01-03 13:25 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-01-03 13:25 . 2013-01-03 13:25 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-01-03 13:25 . 2013-01-03 13:25 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-01-03 13:25 . 2013-01-03 13:25 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-01-03 13:25 . 2013-01-03 13:25 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-01-03 13:25 . 2013-01-03 13:25 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-01-03 13:25 . 2013-01-03 13:25 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-01-03 13:25 . 2013-01-03 13:25 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-01-03 13:24 . 2013-01-03 13:24 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-01-03 13:24 . 2013-01-03 13:24 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-01-03 13:24 . 2013-01-03 13:24 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-01-03 13:24 . 2013-01-03 13:24 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-01-03 13:24 . 2013-01-03 13:24 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-01-03 13:24 . 2013-01-03 13:24 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-01-03 13:24 . 2013-01-03 13:24 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-01-03 13:24 . 2013-01-03 13:24 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-12-27 13:52 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-27 13:52 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-27 13:52 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-27 13:52 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-27 13:50 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 14:58 . 2009-12-23 13:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 22:28 . 2012-09-11 17:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 22:28 . 2012-09-11 17:37 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 16:53 . 2012-10-08 16:53 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2012-10-08 15:24 . 2009-09-27 13:59 60320 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-10-08 14:03 . 2009-12-04 19:04 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-10-08 14:03 . 2009-09-27 13:59 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-10-08 14:03 . 2009-09-27 13:49 64416 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2008-10-28 460800]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2011-06-30 31448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-15 834544]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-08 54176]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-08 126880]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd64.sys [2012-10-08 64416]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-09-29 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-29 64376]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [2010-10-22 1293824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-08 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2012-03-29 470008]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1207808]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\bjlhf82i.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: !HIDDEN! 2011-06-01 23:54; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{BBCBF1DE-CFC6-DE2F-DDDA-AACFC07ADEB4} - c:\users\Oliver\AppData\Roaming\WinDefender.exe
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube Download\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2456086448-1967686859-238135647-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,c7,ae,1d,03,1f,7b,40,b5,61,0a,86,eb,d1,b0,54,69,5b,0d,f5,cb,
3e,64,5c,5c,3d,0a,fa,ca,30,4b,49,fa,31,f9,09,bb,0d,ee,70,0e,e9,a0,a5,42,ae,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03 22:22:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-03 21:22
.
Vor Suchlauf: 21 Verzeichnis(se), 70.129.270.784 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 69.925.683.200 Bytes frei
.
- - End Of File - - EDBC4350483DB41315782B6ECEAA8D4C
|
|
04.01.2013, 15:33
| #8 |
| /// Malware-holic | Virenüberprüfung Sieht gut aus malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 05:26
| #9 |
| | Virenüberprüfung Hey, anbei der Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.04.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Oliver :: OLIVERPC [Administrator] 04.01.2013 23:47:23 MBAM-log-2013-01-05 (01-39-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442682 Laufzeit: 1 Stunde(n), 11 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 E:\Downloads\wf40\winfehler1.tpl (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. (Ende) Aber schon komisch, ich meine, ich habe genau gesehen, wie der Bildschirm nach dem Pop-Up geflackert hat, nichts mehr gescheit reagiert hat, und ansonsten kam auch immer soofrt der G-Data, nur dieses Mal nicht. Im Prinzip muss der Virus ausgeführt worden sein. Ich habe noch das alte-Gdata drauf, mein Vater hat die neue Version gekauft (für mehrere PC's), würdet du mir auch wie cosinus raten, Avira zu installieren, einfach weil es weniger reccourcenreich ist und genau so viel bringt? Lg |
|
06.01.2013, 17:44
| #10 |
| /// Malware-holic | Virenüberprüfung Hi wenn deine Lizenz noch läuft, kannst du kostenlos upgraden. Ich persönlich nutze emsisoft, läuft flüssiger, und bietet, aus meiner Sicht, bessere schutzmodule, wie zb die Verhaltensanalyse. kostet rund 20 €. link kann ich dir später geben. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 23:04
| #11 |
| | Virenüberprüfung Hallo markusg, ich bin seit gestern wieder in der Stadt meiner Uni, von daher kann ich deine Angaben erst am Wochenende ausführen! (was ich auch tun werde!) Bis dann! Lg und danke für Dein Verständnis |
|
08.01.2013, 18:01
| #12 |
| /// Malware-holic | Virenüberprüfung Hi einfach weiter wenn du Zeit hast
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 00:14
| #13 |
| | Virenüberprüfung Hallo markusg, anbei die Liste (wo ich nichts geschrieben habe, ist das Programm "nötig" - wie wohl 90 % . Ich meine, bei den Spielen ist das so eine Sache, zur Zeit tu ich es nicht, natürlich könnte man die löschen.. Bei all den (Windows-)Updates erlaube ich mir kein Urteil. Bitte lass dir so viel Zeit, so viel du willst, ich habe es mri auch gelassen. Ich binb ab morgen wieder inmeiner Unistadt und in den nächsten 2 Wochen sind Klausuren, von daher eilt es nicht. Lg Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.10.2012 6,00MB 11.4.402.287 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.09.2012 6,00MB 11.4.402.265 " Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 10.09.2012 122MB 10.1.4 " Adobe Shockwave Player 11.6 Adobe Systems, Inc. 03.06.2012 11.6.5.635 " Akamai NetSession Interface 28.02.2012 unbekannt Akamai NetSession Interface Service 28.02.2012 unbekannt AMD Catalyst Install Manager Advanced Micro Devices, Inc. 02.10.2011 22,7MB 3.0.842.0 AMD Processor Driver AMD 04.10.2009 1.3.2.0053 Apple Application Support Apple Inc. 14.11.2009 32,2MB 1.0 Apple Software Update Apple Inc. 14.11.2009 2,15MB 2.1.1.116 Audacity 1.2.6 01.07.2011 Audiograbber 1.83 SE Audiograbber Deutschland 12.12.2009 1.83 SE auxilium 3.1 light CommTec-Softwareentwicklung 03.10.2009 AVM FRITZ!WLAN AVM Berlin 03.02.2012 Batch PPTX to PPT Converter Batchwork Software 02.07.2012 2012.4.605.1806 unnötig Call of Duty Modern Warfare 3 (c) Activision version 1 14.03.2012 1 Call of Duty: Modern Warfare 2 Infinity Ward 13.03.2012 Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 13.03.2012 CCleaner Piriform 19.12.2012 3.26 Cheat Engine 6.1 Dark Byte 03.10.2011 23,5MB Cisco Systems VPN Client 5.0.07.0290 12.11.2012 10,6MB unbekannt Compatibility Pack for the 2007 Office system Microsoft Corporation 02.07.2012 66,9MB 12.0.6514.5001 Corel Home Super Putt 01.07.2011 DAEMON Tools Lite DT Soft Ltd 14.02.2012 4.45.3.0297 Das Latein-Wörterbuch 2.1.1 Florian Schoppmann 01.07.2011 2.1.1 ESET Online Scanner v3 17.09.2011 Facebook Video Calling 1.2.0.287 Skype Limited 06.01.2013 4,76MB 1.2.287 unnötig Free YouTube Download 2.9 DVDVideoSoft Limited. 05.10.2010 25,5MB G Data InternetSecurity 2011 G Data Software AG 05.12.2010 69,2MB 21.0.0.0 Google Earth Google 01.01.2010 69,5MB 5.1.7894.7252 unnötig Grand Theft Auto IV Rockstar Games 17.09.2009 1.00.0000 Grand Theft Auto: Episodes From Liberty City Rockstar Games 16.04.2010 1.1.0.0 GTA2 01.07.2011 1.00.001 GTA2 Game Hunter 01.07.2011 1.511 HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 HP 01.06.2011 13.0 unnötig HP Imaging Device Functions 13.0 HP 01.06.2011 13.0 unnötig HP Photosmart Essential 3.5 HP 01.06.2011 3.5 unnötig HP Smart Web Printing 4.51 HP 01.06.2011 4.51 unnötig HP Solution Center 13.0 HP 01.06.2011 13.0 unnötig HP Update Hewlett-Packard 01.06.2011 3,72MB 4.000.011.006 ICQ7.6 ICQ 06.10.2011 7.6 unnötig IrfanView (remove only) Irfan Skiljan 04.03.2012 1,50MB 4.32 Java 7 Update 7 Oracle 11.09.2012 128MB 7.0.70 KaloMa 4.91 Frank Böpple 12.01.2011 4,57MB unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 04.01.2013 18,4MB 1.70.0.1100 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 04.02.2012 31,3MB 3.5.92.0 Microsoft Games for Windows Marketplace Microsoft Corporation 27.06.2011 6,03MB 3.5.50.0 Microsoft Office Live Add-in 1.5 Microsoft Corporation 11.09.2012 508KB 2.0.4024.1 Microsoft Office Professional Edition 2003 Microsoft Corporation 13.12.2009 206MB 11.0.5614.0 Microsoft Virtual PC 2007 Microsoft Corporation 25.02.2010 36,9MB 6.0.156.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 06.12.2009 260KB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 06.12.2009 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.03.2012 2,69MB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 17.09.2009 702KB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 06.12.2009 200KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.01.2010 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.09.2009 590KB 9.0.30729 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 27.02.2012 15,0MB 10.0.30319 Mobipocket Reader 6.2 Mobipocket.com 29.06.2010 11,2MB 6.2.608 Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 45,4MB 18.0.1 Mozilla Maintenance Service Mozilla 19.01.2013 330KB 18.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.10.2010 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 07.10.2010 1,33MB 4.20.9876.0 N Schach 3 N Company, Inc. 09.05.2011 Need for Speed(TM) Hot Pursuit Electronic Arts 14.02.2012 7,73GB 1.0.0.0 Need for Speed™ Most Wanted 01.07.2011 Nero 7 Ultra Edition Nero AG 28.09.2010 1,48GB 7.02.6445 NVIDIA PhysX NVIDIA Corporation 18.09.2010 78,9MB 9.10.0513 PC Inspector File Recovery 01.07.2011 4.0 PDF24 Creator 4.9.0 PDF24.org 04.11.2012 33,9MB Picasa 3 Google, Inc. 01.07.2011 3.1 PokerTH www.pokerth.net 24.07.2011 29,7GB 0.8.3 Project64 1.6 Project64 10.12.2009 3,46MB 1.6 QuickTime Apple Inc. 14.11.2009 76,4MB 7.64.17.73 RAIDXpert AMD 17.09.2009 105MB 2.4.1540.26 Realtek 8136 8168 8169 Ethernet Driver Realtek 17.09.2009 1.00.0005 RedMon - Redirection Port Monitor 29.05.2012 Skype™ 5.10 Skype Technologies S.A. 30.09.2012 19,4MB 5.10.116 Steam Valve Corporation 23.08.2010 42,2MB 1.0.0.0 StreamTransport version: 1.0.2.2171 09.10.2012 SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 eRightSoft 29.09.2012 54,0MB v2012.build.53 System Requirements Lab CYRI Husdawg, LLC 13.03.2012 463KB 4.5.1.0 TeamViewer 6 TeamViewer GmbH 01.07.2011 6.0.10511 TrueCrypt TrueCrypt Foundation 01.07.2011 6.3a VIA Plattform-Geräte-Manager VIA Technologies, Inc. 17.09.2009 2,61MB 1.34 VLC media player 2.0.4 VideoLAN 03.11.2012 2.0.4 Windows Live Essentials Microsoft Corporation 01.07.2011 14.0.8089.0726 Windows Live ID Sign-in Assistant Microsoft Corporation 30.12.2010 10,0MB 6.500.3165.0 Windows Live-Uploadtool Microsoft Corporation 06.12.2009 224KB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 17.12.2009 296KB 1.0.0.8 WinRAR 06.12.2009 Worms Armageddon 01.07.2011 Worms Reloaded Team17 02.10.2011 Xvid Video Codec Xvid Team 11.11.2012 1.3.2 |
|
22.01.2013, 12:37
| #14 |
| /// Malware-holic | Virenüberprüfung wieso stehen an manchen "
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 10:43
| #15 |
| | Virenüberprüfung Hey, ich habe es mal eben anständig korrigiert: Bei manchen Programmen (hauptsächlich (WIndows)updates) erlaueb ich mir kein Urteil. Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.10.2012 6,00MB 11.4.402.287 nötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.09.2012 6,00MB 11.4.402.265 "nötig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 10.09.2012 122MB 10.1.4 " nötig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 03.06.2012 11.6.5.635 nötig Akamai NetSession Interface 28.02.2012 unbekannt Akamai NetSession Interface Service 28.02.2012 unbekannt AMD Catalyst Install Manager Advanced Micro Devices, Inc. 02.10.2011 22,7MB 3.0.842.0 AMD Processor Driver AMD 04.10.2009 1.3.2.0053 Apple Application Support Apple Inc. 14.11.2009 32,2MB 1.0 nötig Apple Software Update Apple Inc. 14.11.2009 2,15MB 2.1.1.116 unbekannt Audacity 1.2.6 01.07.2011 nötig Audiograbber 1.83 SE Audiograbber Deutschland 12.12.2009 1.83 SE nötig auxilium 3.1 light CommTec-Softwareentwicklung 03.10.2009 nötig AVM FRITZ!WLAN AVM Berlin 03.02.2012 B]nötig[/B] Batch PPTX to PPT Converter Batchwork Software 02.07.2012 unnötig 2012.4.605.1806 unnötig Call of Duty Modern Warfare 3 (c) Activision version 1 14.03.201nötig Call of Duty: Modern Warfare 2 Infinity Ward 13.03.2012 unnötig Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 13.03.2012 unnötig CCleaner Piriform 19.12.2012 3.26 nötig Cheat Engine 6.1 Dark Byte 03.10.2011 23,5MB unnötig Cisco Systems VPN Client 5.0.07.0290 12.11.2012 10,6MB unbekannt Compatibility Pack for the 2007 Office system Microsoft Corporation 02.07.2012 66,9MB 12.0.6514.5001 Corel Home Super Putt 01.07.2011 DAEMON Tools Lite DT Soft Ltd 14.02.2012 4.45.3.0297 unnötig Das Latein-Wörterbuch 2.1.1 Florian Schoppmann 01.07.2011 2.1.1 unnötig ESET Online Scanner v3 17.09.2011 .... Facebook Video Calling 1.2.0.287 Skype Limited 06.01.2013 4,76MB unnötig1.2.287 unnötig Free YouTube Download 2.9 DVDVideoSoft Limited. 05.10.2010 25,5MB unnötig G Data InternetSecurity 2011 G Data Software AG 05.12.2010 69,2MB 21.0.0.0 Google Earth Google 01.01.2010 69,5MB 5.1.7894.7252 unnötig Grand Theft Auto IV Rockstar Games 17.09.2009 1.00.0000 (un)nötig Grand Theft Auto: Episodes From Liberty City Rockstar Games 16.04.2010 1.1.0.0 (un)nötig GTA2 01.07.2011 1.00.001 unnötig GTA2 Game Hunter 01.07.2011 1.511 unnötig HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 HP 01.06.2011 13.0 unnötig HP Imaging Device Functions 13.0 HP 01.06.2011 13.0 unnötig HP Photosmart Essential 3.5 HP 01.06.2011 3.5 unnötig HP Smart Web Printing 4.51 HP 01.06.2011 4.51 unnötig HP Solution Center 13.0 HP 01.06.2011 13.0 unnötig HP Update Hewlett-Packard 01.06.2011 3,72MB 4.000.011.006 unnötig ICQ7.6 ICQ 06.10.2011 7.6 unnötig IrfanView (remove only) Irfan Skiljan 04.03.2012 1,50MB 4.32 Java 7 Update 7 Oracle 11.09.2012 128MB 7.0.70 KaloMa 4.91 Frank Böpple 12.01.2011 4,57MB unnötig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 04.01.2013 18,4MB 1.70.0.1100 ... Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 04.02.2012 31,3MB 3.5.92.0 (un)nötig Microsoft Games for Windows Marketplace Microsoft Corporation 27.06.2011 6,03MB 3.5.50.0 (un)nötig Microsoft Office Live Add-in 1.5 Microsoft Corporation 11.09.2012 508KB 2.0.4024.1 Microsoft Office Professional Edition 2003 Microsoft Corporation 13.12.2009 206MB 11.0.5614.0 Microsoft Virtual PC 2007 Microsoft Corporation 25.02.2010 36,9MB 6.0.156.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 06.12.2009 260KB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 06.12.2009 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.03.2012 2,69MB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 17.09.2009 702KB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 06.12.2009 200KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.01.2010 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.09.2009 590KB 9.0.30729 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 27.02.2012 15,0MB 10.0.30319 Mobipocket Reader 6.2 Mobipocket.com 29.06.2010 11,2MB 6.2.608 unnötig Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 45,4MB 18.0.1 nötig Mozilla Maintenance Service Mozilla 19.01.2013 330KB 18.0.1 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.10.2010 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 07.10.2010 1,33MB 4.20.9876.0 N Schach 3 N Company, Inc. 09.05.2011 unnötig Need for Speed(TM) Hot Pursuit Electronic Arts 14.02.2012 7,73GB 1.0.0.0 unnötig Need for Speed™ Most Wanted 01.07.2011 unnötig Nero 7 Ultra Edition Nero AG 28.09.2010 1,48GB 7.02.6445 nötig NVIDIA PhysX NVIDIA Corporation 18.09.2010 78,9MB 9.10.0513 PC Inspector File Recovery 01.07.2011 4.0 unnötig PDF24 Creator 4.9.0 PDF24.org 04.11.2012 33,9MB nötig Picasa 3 Google, Inc. 01.07.2011 3.1 (un)nötig PokerTH www.pokerth.net 24.07.2011 29,7GB 0.8.3 unnötig Project64 1.6 Project64 10.12.2009 3,46MB 1.6 unnötig QuickTime Apple Inc. 14.11.2009 76,4MB 7.64.17.73 unnötig RAIDXpert AMD 17.09.2009 105MB 2.4.1540.26 Realtek 8136 8168 8169 Ethernet Driver Realtek 17.09.2009 1.00.0005 RedMon - Redirection Port Monitor 29.05.2012 unbekannt Skype™ 5.10 Skype Technologies S.A. 30.09.2012 19,4MB 5.10.116 unnötig Steam Valve Corporation 23.08.2010 42,2MB 1.0.0.0 unnötig StreamTransport version: 1.0.2.2171 09.10.2012 unnötig SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 eRightSoft 29.09.2012 54,0MB v2012.build.53 unnötig System Requirements Lab CYRI Husdawg, LLC 13.03.2012 463KB 4.5.1.0 unbekannt TeamViewer 6 TeamViewer GmbH 01.07.2011 6.0.10511 (un)nötig TrueCrypt TrueCrypt Foundation 01.07.2011 6.3a nötig VIA Plattform-Geräte-Manager VIA Technologies, Inc. 17.09.2009 2,61MB 1.34 unbekannt VLC media player 2.0.4 VideoLAN 03.11.2012 2.0.4 nötig Windows Live Essentials Microsoft Corporation 01.07.2011 14.0.8089.0726 Windows Live ID Sign-in Assistant Microsoft Corporation 30.12.2010 10,0MB 6.500.3165.0 Windows Live-Uploadtool Microsoft Corporation 06.12.2009 224KB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 17.12.2009 296KB 1.0.0.8 WinRAR 06.12.2009 Worms Armageddon 01.07.2011 unnötig Worms Reloaded Team17 02.10.2011 unnötig Xvid Video Codec Xvid Team 11.11.2012 1.3.2 |
|
| Themen zu Virenüberprüfung |
| bekämpfen, bla, blieb, g-data, hintergrund, neuer, nichts, plötzlich, pop-up, programm, scan, scanner, schaden, sofort, tab, typische, virenscan, virenscanner, virus, webseite, windows 7, überprüfung |
Linear-Darstellung
