Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.02.2013, 14:31   #1
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Hallo Forengemeinschaft,

Ich habe offenbar oben genannten Trojaner eingefangen. Es wird ein Sperrbildschirm angezeigt mit der Aufforderung "100 euros" per "PaysafeCard Vaucher" zu zahlen.

Die verschiedenen Schritte habe ich gelesen. So weit bin ich allerdings noch gar nicht gekommen. Derzeit erscheint immer mal wieder ein Fenster, in dem das Programm Registrierungs-Editor, verifizierter Herausgeber Microsoft Windows, um Erlaubnis fragt Änderungen vorzunehmen. Kann man da jetzt mit der Auswahl noch was beeinflussen?

Alt 03.02.2013, 17:10   #2
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________

Alt 04.02.2013, 21:26   #3
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Ok, hab die CD gebrannt und davon gebootet.
Es erscheint REATOGO-X-PE und ein Balken läuft von links nach rechts durch.
Danach immer bluescreen error:
A problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check for viruseson your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.
Technical information:
*** STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)

Es handelt sich um Windows 7 64 bit.
__________________

Alt 05.02.2013, 14:54   #4
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



hi
gehe ins Bios, prüfe ob der IDE oder ahci mode gewählt ist, konfiguriere jeweils den gegenteiligen Modus und versuchs mit der CD erneut
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2013, 22:19   #5
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Ah, vielen Dank, hat funktioniert.
Habe beim Scan überall "Safe List" ausgewählt und oben rechts standard output.

Hier die Ergebnisse

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/5/2013 9:42:07 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive E: | 452.66 Gb Total Space | 273.84 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/04/26 03:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand] -- E:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2010/06/11 08:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- E:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 08:35:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 15:38:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/11 14:37:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/11 14:37:05 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/11/12 15:39:39 | 004,539,712 | ---- | M] () [Auto] -- E:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/01 09:20:18 | 000,260,608 | ---- | M] (SMServer) [On_Demand] -- E:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2012/05/31 09:38:32 | 000,252,928 | ---- | M] () [On_Demand] -- E:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/09 11:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto] -- E:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV - [2010/11/17 23:07:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 04:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto] -- E:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] -- E:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/23 07:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- E:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/08/31 03:43:46 | 000,241,664 | ---- | M] () [Auto] -- E:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/23 11:47:15 | 000,116,480 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- E:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV:64bit: - [2012/12/11 14:38:05 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/12/11 14:38:05 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/28 04:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/24 03:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/09/19 23:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/09/19 23:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/06/05 04:54:38 | 000,034,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2012/03/07 09:41:32 | 000,065,648 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rockusb.sys -- (Rockusb)
DRV:64bit: - [2012/01/10 15:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/15 12:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/02 00:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 00:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/02/02 14:03:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- E:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/02/01 09:36:29 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- E:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010/12/21 00:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 00:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 00:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/12/21 00:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/21 04:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/17 04:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/03 14:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/15 07:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/03/23 07:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 02:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/08 22:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- E:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- E:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/22 09:35:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- E:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/02/02 11:14:20 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/02/02 11:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/02/02 11:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/11/16 12:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/01/10 13:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- E:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\ruud_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\ruud_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\ruud_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ruud_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.kalenderblatt.de/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "www-proxy.uni-heidelberg.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: E:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: E:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/27 04:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 08:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/10 15:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:35:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 08:35:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/10 15:45:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/04/01 15:13:44 | 000,000,000 | ---D | M] (No name found) -- E:\Users\ruud\AppData\Roaming\Mozilla\Extensions
[2011/04/01 15:13:44 | 000,000,000 | ---D | M] (No name found) -- E:\Users\ruud\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/09/14 17:40:03 | 000,000,000 | ---D | M] (No name found) -- E:\Users\ruud\AppData\Roaming\Mozilla\Firefox\Profiles\qpexaizj.default\extensions
[2013/01/19 08:35:42 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
[2013/01/19 08:35:44 | 000,262,552 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/22 00:30:03 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/07 18:11:33 | 000,002,465 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/22 00:30:03 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/22 00:30:03 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/22 00:30:03 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/22 00:30:03 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/10/20 06:01:20 | 000,000,877 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] E:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] E:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] E:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] E:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] E:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] E:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] E:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] E:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] E:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] E:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [UIExec] E:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\ruud_ON_E..\Run: [] E:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\ruud_ON_E..\Run: [Akamai NetSession Interface] E:\Users\ruud\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\ruud_ON_E..\Run: [AVMUSBFernanschluss] E:\Users\ruud\AppData\Local\Apps\2.0\HNC2VEZN.5LT\MJ8370TH.QZ0\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\ruud_ON_E..\Run: [KiesAirMessage] E:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\ruud_ON_E..\Run: [KiesPDLR] E:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\ruud_ON_E..\Run: [KiesPreload] E:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\ruud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Users\ruud\Desktop\BVs\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Users\ruud\Desktop\BVs\SoundTaxi\YouTubeRipper.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{12b57af6-2d5b-11e0-a754-1c75080c7ae1}\Shell - "" = AutoRun
O33 - MountPoints2\{12b57af6-2d5b-11e0-a754-1c75080c7ae1}\Shell\AutoRun\command - "" = E:\loader.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/19 08:35:41 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Mozilla Firefox
[2013/01/19 07:50:54 | 000,000,000 | -HSD | C] -- E:\Config.Msi
[2013/01/10 15:45:09 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Mozilla Thunderbird
[2013/01/08 15:26:53 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\fpb.rs
[2013/01/08 15:26:53 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\System32\fpb.rs
[2013/01/08 15:26:53 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\oflc-nz.rs
[2013/01/08 15:26:53 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2013/01/08 15:26:53 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\pegibbfc.rs
[2013/01/08 15:26:53 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2013/01/08 15:26:53 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\csrr.rs
[2013/01/08 15:26:53 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\System32\csrr.rs
[2013/01/08 15:26:53 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\cob-au.rs
[2013/01/08 15:26:53 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2013/01/08 15:26:53 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\usk.rs
[2013/01/08 15:26:53 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\System32\usk.rs
[2013/01/08 15:26:53 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\grb.rs
[2013/01/08 15:26:53 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\System32\grb.rs
[2013/01/08 15:26:53 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\djctq.rs
[2013/01/08 15:26:53 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\System32\djctq.rs
[2013/01/08 15:26:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2013/01/08 15:26:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\gameux.dll
[2013/01/08 15:26:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2013/01/08 15:26:52 | 000,308,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\Wpc.dll
[2013/01/08 15:26:52 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\pegi-pt.rs
[2013/01/08 15:26:52 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2013/01/08 15:26:52 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\pegi.rs
[2013/01/08 15:26:52 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi.rs
[2013/01/08 15:26:51 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\cero.rs
[2013/01/08 15:26:51 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\System32\cero.rs
[2013/01/08 15:26:51 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\esrb.rs
[2013/01/08 15:26:51 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\System32\esrb.rs
[2013/01/08 15:26:51 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\oflc.rs
[2013/01/08 15:26:51 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc.rs
[2013/01/08 15:26:51 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\SysWow64\pegi-fi.rs
[2013/01/08 15:26:51 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2013/01/08 15:26:37 | 000,750,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/08 15:26:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\win32spl.dll
[2013/01/08 15:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2013/01/08 15:26:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ncrypt.dll
[2013/01/08 15:26:13 | 000,800,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\usp10.dll
[2013/01/08 15:25:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\kernel32.dll
[2013/01/08 15:25:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KernelBase.dll
[2013/01/08 15:25:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wow64win.dll
[2013/01/08 15:25:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/01/08 15:25:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wow64.dll
[2013/01/08 15:25:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/01/08 15:25:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntvdm64.dll
[2013/01/08 15:25:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntvdm64.dll
[2013/01/08 15:25:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wow64cpu.dll
[2013/01/08 15:25:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/08 15:25:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/08 15:25:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/08 15:25:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\wow32.dll
[2013/01/08 15:25:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/08 15:25:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/08 15:25:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/08 15:25:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/08 15:25:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\setup16.exe
[2013/01/08 15:25:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\instnm.exe
[2013/01/08 15:25:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/08 15:25:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/08 15:25:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/08 15:25:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\user.exe
[2013/01/08 15:25:35 | 000,068,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
[2012/11/28 18:49:32 | 000,292,752 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\iTunesOutlookAddIn.dll
[2012/11/28 18:49:26 | 000,151,952 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\iTunesHelper.exe
[2012/11/28 18:49:26 | 000,148,368 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\iTunesHelper.dll
[2012/11/28 18:49:24 | 000,404,880 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\iTunesAdmin.dll
[2012/11/28 18:49:20 | 009,788,816 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\iTunes.exe
[2012/11/28 18:49:04 | 022,682,512 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\iTunes.dll
[2012/11/28 18:49:00 | 003,014,568 | ---- | C] (Gracenote, Inc.) -- E:\Program Files (x86)\gnsdk_dsp.dll
[2012/11/28 18:49:00 | 000,782,248 | ---- | C] (Gracenote, Inc.) -- E:\Program Files (x86)\gnsdk_sdkmanager.dll
[2012/11/28 18:49:00 | 000,268,712 | ---- | C] (Gracenote, Inc.) -- E:\Program Files (x86)\gnsdk_submit.dll
[2012/11/28 18:49:00 | 000,225,704 | ---- | C] (Gracenote, Inc.) -- E:\Program Files (x86)\gnsdk_musicid.dll
[2012/10/31 09:53:32 | 000,112,528 | ---- | C] (Apple Inc.) -- E:\Program Files (x86)\ITDetector.ocx
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\ruud\Documents\*.tmp files -> E:\Users\ruud\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/04 14:53:14 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/02/04 14:51:58 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/02/04 14:51:23 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/04 14:51:06 | 2962,259,968 | -HS- | M] () -- E:\hiberfil.sys
[2013/02/03 09:09:07 | 000,654,602 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/02/03 09:09:07 | 000,616,484 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/02/03 09:09:07 | 000,130,216 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/02/03 09:09:07 | 000,106,606 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/02/03 07:56:26 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 07:56:26 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 11:38:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/02 10:20:05 | 000,000,159 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.reg
[2013/02/02 10:20:04 | 000,002,866 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/02/02 10:20:04 | 000,001,047 | ---- | M] () -- E:\Users\ruud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/02/02 10:20:04 | 000,000,065 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.bat
[2013/02/02 09:47:00 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 12:47:58 | 000,002,048 | ---- | M] () -- E:\Users\ruud\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/19 07:50:56 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/01/13 04:36:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/12 08:30:48 | 000,002,441 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/11 10:17:57 | 000,002,114 | ---- | M] () -- E:\Users\ruud\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/01/10 15:38:32 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/10 15:38:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/10 14:34:38 | 000,294,344 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\ruud\Documents\*.tmp files -> E:\Users\ruud\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/02 10:20:05 | 000,000,159 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.reg
[2013/02/02 10:20:04 | 000,002,866 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/02/02 10:20:04 | 000,001,047 | ---- | C] () -- E:\Users\ruud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/02/02 10:20:04 | 000,000,065 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.bat
[2013/02/02 10:20:03 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/05 13:12:22 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\GSService.exe
[2012/10/31 09:53:12 | 000,122,375 | ---- | C] () -- E:\Program Files (x86)\Acknowledgements.rtf
[2012/10/27 04:49:14 | 000,000,272 | ---- | C] () -- E:\Users\ruud\AppData\Roaming\.backup.dm
[2012/01/10 14:29:54 | 013,904,384 | ---- | C] () -- E:\Windows\SysWow64\ig4icd32.dll
[2011/10/21 11:27:54 | 000,867,020 | ---- | C] () -- E:\Windows\SysWow64\igkrng575.bin
[2011/10/21 11:27:54 | 000,128,204 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng575.bin
[2011/10/21 11:27:54 | 000,105,608 | ---- | C] () -- E:\Windows\SysWow64\igfcg575m.bin
[2011/09/16 04:54:48 | 000,030,568 | ---- | C] () -- E:\Windows\MusiccityDownload.exe
[2011/09/16 04:54:44 | 000,974,848 | ---- | C] () -- E:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 04:54:44 | 000,081,920 | ---- | C] () -- E:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 04:54:44 | 000,065,536 | ---- | C] () -- E:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 04:54:44 | 000,057,344 | ---- | C] () -- E:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/07/20 11:50:49 | 000,000,359 | ---- | C] () -- E:\Windows\CoDUO.INI
[2011/07/05 15:41:26 | 000,000,745 | ---- | C] () -- E:\Windows\CoD.INI
[2011/06/23 12:57:00 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/26 12:51:17 | 000,175,616 | ---- | C] () -- E:\Windows\SysWow64\unrar.dll
[2011/05/26 12:51:17 | 000,000,038 | ---- | C] () -- E:\Windows\avisplitter.ini
[2011/05/26 12:51:15 | 000,631,808 | ---- | C] () -- E:\Windows\SysWow64\xvidcore.dll
[2011/05/26 12:51:15 | 000,243,200 | ---- | C] () -- E:\Windows\SysWow64\xvidvfw.dll
[2011/05/26 12:51:15 | 000,080,896 | ---- | C] () -- E:\Windows\SysWow64\ff_vfw.dll
[2011/01/31 14:22:27 | 001,527,912 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/30 19:21:56 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2010/08/30 04:12:22 | 000,131,984 | ---- | C] () -- E:\ProgramData\FullRemove.exe
[2010/08/30 03:48:37 | 000,017,920 | ---- | C] () -- E:\Windows\SysWow64\rpcnetp.dll
[2010/08/30 03:47:39 | 000,017,920 | ---- | C] () -- E:\Windows\SysWow64\rpcnetp.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/12/02 12:36:39 | 000,000,000 | ---D | M] -- E:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2010/08/30 04:21:56 | 000,000,000 | ---D | M] -- E:\ProgramData\Acer
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2010/08/30 04:27:27 | 000,000,000 | ---D | M] -- E:\ProgramData\BackupManager
[2013/02/03 08:15:35 | 000,000,000 | ---D | M] -- E:\ProgramData\boost_interprocess
[2012/07/23 12:16:27 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJScan
[2012/10/27 04:48:41 | 000,000,000 | ---D | M] -- E:\ProgramData\ClubSanDisk
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2010/11/17 22:43:36 | 000,000,000 | ---D | M] -- E:\ProgramData\EgisTec IPS
[2011/12/20 05:52:01 | 000,000,000 | ---D | M] -- E:\ProgramData\elsterformular
[2010/08/30 04:10:52 | 000,000,000 | ---D | M] -- E:\ProgramData\eSobi
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/07/12 00:52:30 | 000,000,000 | ---D | M] -- E:\ProgramData\FileOpen
[2010/08/30 04:18:47 | 000,000,000 | ---D | M] -- E:\ProgramData\OberonGameConsole
[2011/01/30 16:46:28 | 000,000,000 | ---D | M] -- E:\ProgramData\oem
[2011/02/02 15:55:24 | 000,000,000 | ---D | M] -- E:\ProgramData\RapidSolution
[2011/10/21 05:11:23 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2012/01/22 12:50:47 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/01 05:45:34 | 000,000,000 | ---D | M] -- E:\ProgramData\VirtualizedApplications
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2011/06/29 06:12:07 | 000,000,000 | ---D | M] -- E:\ProgramData\WinZip
[2011/10/20 04:36:52 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/04/01 14:38:37 | 000,000,000 | ---D | M] -- E:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2012/12/20 11:36:32 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/05/22 14:32:01 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2010/11/17 22:43:51 | 000,000,000 | ---D | M] -- E:\book
[2013/01/20 11:17:02 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2012/12/05 13:15:13 | 000,000,000 | ---D | M] -- E:\Converted
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2012/10/11 07:48:41 | 000,000,000 | -HSD | M] -- E:\found.000
[2010/11/17 22:37:25 | 000,000,000 | ---D | M] -- E:\Intel
[2011/01/30 16:45:51 | 000,000,000 | -H-D | M] -- E:\OEM
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2012/12/02 12:35:27 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/01/20 12:47:54 | 000,000,000 | R--D | M] -- E:\Program Files (x86)
[2013/02/02 10:20:05 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\Programme
[2011/01/30 16:44:17 | 000,000,000 | -HSD | M] -- E:\Recovery
[2013/01/27 13:03:03 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2012/12/22 11:22:03 | 000,000,000 | ---D | M] -- E:\Temp
[2011/01/30 16:44:22 | 000,000,000 | R--D | M] -- E:\Users
[2013/02/03 08:52:39 | 000,000,000 | ---D | M] -- E:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/17 14:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/17 14:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/17 14:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/17 14:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- E:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- E:\Windows\System32\drivers\iaStor.sys
[2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010/04/12 20:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- E:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/17 14:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/17 14:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> E:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> E:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 135 bytes -> E:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> E:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> E:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> E:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> E:\ProgramData\Temp:798A3728
< End of report >
         
--- --- ---


EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2/5/2013 9:42:07 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive E: | 452.66 Gb Total Space | 273.84 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}" = FileOpen Client (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}" = FileOpen Client (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\ruud_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
"MyFreeCodec" = MyFreeCodec
 
< End of report >
         
--- --- ---


Alt 05.02.2013, 22:22   #6
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/02/04 14:51:58 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/02/02 10:20:05 | 000,000,159 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.reg
[2013/02/02 10:20:04 | 000,002,866 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/02/02 10:20:04 | 000,001,047 | ---- | M] () -- E:\Users\ruud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/02/02 10:20:04 | 000,000,065 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.bat
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
--> GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner

Alt 06.02.2013, 20:55   #7
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Zitat:
========== OTL ==========
E:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
E:\ProgramData\dsgsdgdsgdsgw.reg moved successfully.
E:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
E:\Users\ruud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
E:\ProgramData\dsgsdgdsgdsgw.bat moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: ruud

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Public

User: ruud

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 446433151 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes

Total Files Cleaned = 427.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 02062013_203857
Ein Neustart ist danach aber nicht erfolgt .

Alt 06.02.2013, 20:56   #8
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



dann starte neu evtl. reset drücken, cd rau.
stelle den Modus im Bios wieder um.
wenn er wieder startet:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 21:04   #9
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Beim Neustart kommt die Auswahl
Starthilfe starten (empfohlen)
Windows normal starten

Was sollte ich da wählen?

Hab den normalen Modus gewählt

Zitat:
21:25:27.0589 4116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:25:27.0636 4116 ============================================================
21:25:27.0636 4116 Current date / time: 2013/02/06 21:25:27.0636
21:25:27.0636 4116 SystemInfo:
21:25:27.0636 4116
21:25:27.0636 4116 OS Version: 6.1.7601 ServicePack: 1.0
21:25:27.0636 4116 Product type: Workstation
21:25:27.0636 4116 ComputerName: BRAUNER
21:25:27.0636 4116 UserName: ruud
21:25:27.0636 4116 Windows directory: C:\Windows
21:25:27.0636 4116 System windows directory: C:\Windows
21:25:27.0636 4116 Running under WOW64
21:25:27.0636 4116 Processor architecture: Intel x64
21:25:27.0636 4116 Number of processors: 4
21:25:27.0636 4116 Page size: 0x1000
21:25:27.0636 4116 Boot type: Normal boot
21:25:27.0636 4116 ============================================================
21:25:29.0960 4116 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:25:29.0976 4116 ============================================================
21:25:29.0976 4116 \Device\Harddisk0\DR0:
21:25:29.0976 4116 MBR partitions:
21:25:29.0976 4116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
21:25:29.0976 4116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
21:25:29.0976 4116 ============================================================
21:25:30.0116 4116 C: <-> \Device\Harddisk0\DR0\Partition2
21:25:30.0116 4116 ============================================================
21:25:30.0116 4116 Initialize success
21:25:30.0116 4116 ============================================================
21:26:15.0200 1456 ============================================================
21:26:15.0200 1456 Scan started
21:26:15.0200 1456 Mode: Manual; SigCheck; TDLFS;
21:26:15.0200 1456 ============================================================
21:26:15.0497 1456 ================ Scan system memory ========================
21:26:15.0497 1456 System memory - ok
21:26:15.0497 1456 ================ Scan services =============================
21:26:15.0824 1456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:26:16.0105 1456 1394ohci - ok
21:26:16.0152 1456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:26:16.0167 1456 ACPI - ok
21:26:16.0214 1456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:26:16.0308 1456 AcpiPmi - ok
21:26:16.0464 1456 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:26:16.0479 1456 AdobeARMservice - ok
21:26:16.0635 1456 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:26:16.0667 1456 AdobeFlashPlayerUpdateSvc - ok
21:26:16.0729 1456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:26:16.0760 1456 adp94xx - ok
21:26:16.0776 1456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:26:16.0807 1456 adpahci - ok
21:26:16.0838 1456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:26:16.0854 1456 adpu320 - ok
21:26:16.0885 1456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:26:17.0057 1456 AeLookupSvc - ok
21:26:17.0150 1456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:26:17.0228 1456 AFD - ok
21:26:17.0260 1456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:26:17.0275 1456 agp440 - ok
21:26:17.0462 1456 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
21:26:17.0462 1456 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
21:26:17.0462 1456 Akamai ( HiddenFile.Multi.Generic ) - warning
21:26:17.0462 1456 Akamai - detected HiddenFile.Multi.Generic (1)
21:26:17.0509 1456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:26:17.0572 1456 ALG - ok
21:26:17.0634 1456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:26:17.0650 1456 aliide - ok
21:26:17.0681 1456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:26:17.0681 1456 amdide - ok
21:26:17.0712 1456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:26:17.0790 1456 AmdK8 - ok
21:26:17.0806 1456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:26:17.0837 1456 AmdPPM - ok
21:26:17.0884 1456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:26:17.0899 1456 amdsata - ok
21:26:17.0962 1456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:26:17.0977 1456 amdsbs - ok
21:26:17.0993 1456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:26:18.0008 1456 amdxata - ok
21:26:18.0055 1456 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
21:26:18.0211 1456 androidusb - ok
21:26:18.0336 1456 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:26:18.0352 1456 AntiVirSchedulerService - ok
21:26:18.0414 1456 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:26:18.0430 1456 AntiVirService - ok
21:26:18.0508 1456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:26:18.0742 1456 AppID - ok
21:26:18.0773 1456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:26:18.0851 1456 AppIDSvc - ok
21:26:18.0944 1456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:26:18.0991 1456 Appinfo - ok
21:26:19.0085 1456 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:26:19.0100 1456 Apple Mobile Device - ok
21:26:19.0132 1456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:26:19.0163 1456 arc - ok
21:26:19.0163 1456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:26:19.0178 1456 arcsas - ok
21:26:19.0194 1456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:26:19.0272 1456 AsyncMac - ok
21:26:19.0334 1456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:26:19.0334 1456 atapi - ok
21:26:19.0397 1456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:26:19.0537 1456 AudioEndpointBuilder - ok
21:26:19.0568 1456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:26:19.0615 1456 AudioSrv - ok
21:26:19.0693 1456 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:26:19.0771 1456 avgntflt - ok
21:26:19.0818 1456 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:26:19.0896 1456 avipbb - ok
21:26:19.0927 1456 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:26:20.0005 1456 avkmgr - ok
21:26:20.0036 1456 [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
21:26:20.0177 1456 avmaudio - ok
21:26:20.0224 1456 [ 6A300AD0E23A155B2C3A7FAB0D4AABD1 ] avmaura C:\Windows\system32\DRIVERS\avmaura.sys
21:26:20.0364 1456 avmaura - ok
21:26:20.0411 1456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:26:20.0473 1456 AxInstSV - ok
21:26:20.0504 1456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:26:20.0551 1456 b06bdrv - ok
21:26:20.0582 1456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:26:20.0645 1456 b57nd60a - ok
21:26:20.0770 1456 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:26:20.0863 1456 BCM43XX - ok
21:26:20.0894 1456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:26:20.0926 1456 BDESVC - ok
21:26:20.0957 1456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:26:21.0004 1456 Beep - ok
21:26:21.0066 1456 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:26:21.0160 1456 BFE - ok
21:26:21.0222 1456 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:26:21.0316 1456 BITS - ok
21:26:21.0347 1456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:26:21.0378 1456 blbdrive - ok
21:26:21.0456 1456 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:26:21.0472 1456 Bonjour Service - ok
21:26:21.0550 1456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:26:21.0612 1456 bowser - ok
21:26:21.0628 1456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:26:21.0706 1456 BrFiltLo - ok
21:26:21.0706 1456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:26:21.0752 1456 BrFiltUp - ok
21:26:21.0815 1456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:26:21.0846 1456 Browser - ok
21:26:21.0846 1456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:26:21.0908 1456 Brserid - ok
21:26:21.0924 1456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:26:21.0986 1456 BrSerWdm - ok
21:26:22.0002 1456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:26:22.0049 1456 BrUsbMdm - ok
21:26:22.0080 1456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:26:22.0111 1456 BrUsbSer - ok
21:26:22.0111 1456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:26:22.0142 1456 BTHMODEM - ok
21:26:22.0189 1456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:26:22.0236 1456 bthserv - ok
21:26:22.0267 1456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:26:22.0330 1456 cdfs - ok
21:26:22.0392 1456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:26:22.0439 1456 cdrom - ok
21:26:22.0486 1456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:26:22.0532 1456 CertPropSvc - ok
21:26:22.0673 1456 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
21:26:22.0782 1456 CGVPNCliSrvc - ok
21:26:22.0813 1456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:26:22.0844 1456 circlass - ok
21:26:22.0891 1456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:26:22.0907 1456 CLFS - ok
21:26:23.0000 1456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:26:23.0016 1456 clr_optimization_v2.0.50727_32 - ok
21:26:23.0063 1456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:26:23.0078 1456 clr_optimization_v2.0.50727_64 - ok
21:26:23.0188 1456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:26:23.0266 1456 clr_optimization_v4.0.30319_32 - ok
21:26:23.0312 1456 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:26:23.0328 1456 clr_optimization_v4.0.30319_64 - ok
21:26:23.0344 1456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:26:23.0375 1456 CmBatt - ok
21:26:23.0406 1456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:26:23.0422 1456 cmdide - ok
21:26:23.0468 1456 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:26:23.0515 1456 CNG - ok
21:26:23.0562 1456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:26:23.0562 1456 Compbatt - ok
21:26:23.0609 1456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:26:23.0640 1456 CompositeBus - ok
21:26:23.0656 1456 COMSysApp - ok
21:26:23.0671 1456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:26:23.0687 1456 crcdisk - ok
21:26:23.0749 1456 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:26:23.0796 1456 CryptSvc - ok
21:26:23.0890 1456 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:26:23.0936 1456 cvhsvc - ok
21:26:23.0968 1456 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
21:26:24.0061 1456 CVirtA - ok
21:26:24.0155 1456 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
21:26:24.0202 1456 CVPND - ok
21:26:24.0233 1456 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
21:26:24.0311 1456 CVPNDRVA - ok
21:26:24.0373 1456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:26:24.0436 1456 DcomLaunch - ok
21:26:24.0467 1456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:26:24.0529 1456 defragsvc - ok
21:26:24.0576 1456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:26:24.0623 1456 DfsC - ok
21:26:24.0654 1456 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
21:26:24.0701 1456 DgiVecp - ok
21:26:24.0732 1456 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:26:24.0810 1456 dg_ssudbus - ok
21:26:24.0857 1456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:26:24.0904 1456 Dhcp - ok
21:26:24.0935 1456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:26:24.0982 1456 discache - ok
21:26:25.0013 1456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:26:25.0028 1456 Disk - ok
21:26:25.0075 1456 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
21:26:25.0091 1456 DNE - ok
21:26:25.0138 1456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:26:25.0169 1456 Dnscache - ok
21:26:25.0216 1456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:26:25.0278 1456 dot3svc - ok
21:26:25.0309 1456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:26:25.0356 1456 DPS - ok
21:26:25.0403 1456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:26:25.0434 1456 drmkaud - ok
21:26:25.0496 1456 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:26:25.0543 1456 DsiWMIService - ok
21:26:25.0590 1456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:26:25.0621 1456 DXGKrnl - ok
21:26:25.0652 1456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:26:25.0699 1456 EapHost - ok
21:26:25.0777 1456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:26:25.0918 1456 ebdrv - ok
21:26:25.0964 1456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:26:26.0011 1456 EFS - ok
21:26:26.0089 1456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:26:26.0167 1456 ehRecvr - ok
21:26:26.0198 1456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:26:26.0230 1456 ehSched - ok
21:26:26.0276 1456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:26:26.0308 1456 elxstor - ok
21:26:26.0401 1456 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:26:26.0510 1456 ePowerSvc - ok
21:26:26.0542 1456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:26:26.0573 1456 ErrDev - ok
21:26:26.0620 1456 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
21:26:26.0635 1456 ETD - ok
21:26:26.0666 1456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:26:26.0729 1456 EventSystem - ok
21:26:26.0776 1456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:26:26.0854 1456 exfat - ok
21:26:26.0885 1456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:26:26.0932 1456 fastfat - ok
21:26:26.0994 1456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:26:27.0072 1456 Fax - ok
21:26:27.0103 1456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:26:27.0134 1456 fdc - ok
21:26:27.0166 1456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:26:27.0228 1456 fdPHost - ok
21:26:27.0228 1456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:26:27.0290 1456 FDResPub - ok
21:26:27.0306 1456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:26:27.0322 1456 FileInfo - ok
21:26:27.0400 1456 [ AD9D3401E1B0949DBC3E59871BC4422F ] FileOpenManagerSvc C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
21:26:27.0415 1456 FileOpenManagerSvc - ok
21:26:27.0446 1456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:26:27.0524 1456 Filetrace - ok
21:26:27.0571 1456 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:26:27.0618 1456 FLEXnet Licensing Service - ok
21:26:27.0634 1456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:26:27.0649 1456 flpydisk - ok
21:26:27.0680 1456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:26:27.0712 1456 FltMgr - ok
21:26:27.0758 1456 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:26:27.0821 1456 FontCache - ok
21:26:27.0883 1456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:26:27.0899 1456 FontCache3.0.0.0 - ok
21:26:27.0930 1456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:26:27.0946 1456 FsDepends - ok
21:26:27.0977 1456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:26:27.0977 1456 Fs_Rec - ok
21:26:28.0024 1456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:26:28.0070 1456 fvevol - ok
21:26:28.0086 1456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:26:28.0102 1456 gagp30kx - ok
21:26:28.0164 1456 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:26:28.0164 1456 GEARAspiWDM - ok
21:26:28.0211 1456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:26:28.0304 1456 gpsvc - ok
21:26:28.0367 1456 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:26:28.0445 1456 GREGService - ok
21:26:28.0554 1456 [ A423E4E2187B5E8DEA8A6B31950ACC18 ] GSService C:\Windows\SysWOW64\GSService.exe
21:26:28.0585 1456 GSService ( UnsignedFile.Multi.Generic ) - warning
21:26:28.0585 1456 GSService - detected UnsignedFile.Multi.Generic (1)
21:26:28.0663 1456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:26:28.0679 1456 gupdate - ok
21:26:28.0694 1456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:26:28.0710 1456 gupdatem - ok
21:26:28.0741 1456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:26:28.0772 1456 hcw85cir - ok
21:26:28.0850 1456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:26:28.0897 1456 HdAudAddService - ok
21:26:28.0928 1456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:26:28.0960 1456 HDAudBus - ok
21:26:28.0991 1456 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:26:29.0084 1456 HECIx64 - ok
21:26:29.0100 1456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:26:29.0131 1456 HidBatt - ok
21:26:29.0131 1456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:26:29.0178 1456 HidBth - ok
21:26:29.0209 1456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:26:29.0225 1456 HidIr - ok
21:26:29.0256 1456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:26:29.0303 1456 hidserv - ok
21:26:29.0350 1456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:26:29.0365 1456 HidUsb - ok
21:26:29.0396 1456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:26:29.0459 1456 hkmsvc - ok
21:26:29.0506 1456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:26:29.0568 1456 HomeGroupListener - ok
21:26:29.0615 1456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:26:29.0630 1456 HomeGroupProvider - ok
21:26:29.0677 1456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:26:29.0693 1456 HpSAMD - ok
21:26:29.0786 1456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:26:29.0864 1456 HTTP - ok
21:26:29.0911 1456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:26:29.0927 1456 hwpolicy - ok
21:26:29.0974 1456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:26:29.0989 1456 i8042prt - ok
21:26:30.0052 1456 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:26:30.0114 1456 iaStor - ok
21:26:30.0176 1456 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:26:30.0254 1456 IAStorDataMgrSvc - ok
21:26:30.0301 1456 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:26:30.0332 1456 iaStorV - ok
21:26:30.0473 1456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:26:30.0535 1456 idsvc - ok
21:26:30.0894 1456 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:26:31.0331 1456 igfx - ok
21:26:31.0362 1456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:26:31.0378 1456 iirsp - ok
21:26:31.0424 1456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:26:31.0534 1456 IKEEXT - ok
21:26:31.0565 1456 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:26:31.0612 1456 Impcd - ok
21:26:31.0690 1456 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:26:31.0768 1456 IntcAzAudAddService - ok
21:26:31.0799 1456 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:26:31.0846 1456 IntcDAud - ok
21:26:31.0861 1456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:26:31.0877 1456 intelide - ok
21:26:31.0908 1456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:26:31.0939 1456 intelppm - ok
21:26:31.0970 1456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:26:32.0002 1456 IPBusEnum - ok
21:26:32.0064 1456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:26:32.0126 1456 IpFilterDriver - ok
21:26:32.0173 1456 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:26:32.0204 1456 iphlpsvc - ok
21:26:32.0251 1456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:26:32.0282 1456 IPMIDRV - ok
21:26:32.0298 1456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:26:32.0360 1456 IPNAT - ok
21:26:32.0407 1456 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:26:32.0423 1456 iPod Service - ok
21:26:32.0501 1456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:26:32.0657 1456 IRENUM - ok
21:26:32.0735 1456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:26:32.0750 1456 isapnp - ok
21:26:32.0860 1456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:26:32.0922 1456 iScsiPrt - ok
21:26:33.0889 1456 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
21:26:33.0936 1456 k57nd60a - ok
21:26:34.0466 1456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:26:34.0482 1456 kbdclass - ok
21:26:34.0638 1456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:26:34.0700 1456 kbdhid - ok
21:26:34.0747 1456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:26:34.0747 1456 KeyIso - ok
21:26:34.0794 1456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:26:34.0810 1456 KSecDD - ok
21:26:35.0075 1456 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:26:35.0090 1456 KSecPkg - ok
21:26:35.0168 1456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:26:35.0215 1456 ksthunk - ok
21:26:35.0246 1456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:26:35.0324 1456 KtmRm - ok
21:26:35.0418 1456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:26:35.0480 1456 LanmanServer - ok
21:26:35.0527 1456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:26:35.0590 1456 LanmanWorkstation - ok
21:26:35.0668 1456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:26:35.0730 1456 lltdio - ok
21:26:35.0761 1456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:26:35.0839 1456 lltdsvc - ok
21:26:35.0886 1456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:26:35.0948 1456 lmhosts - ok
21:26:36.0011 1456 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:26:36.0058 1456 LMS - ok
21:26:36.0120 1456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:26:36.0136 1456 LSI_FC - ok
21:26:36.0136 1456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:26:36.0167 1456 LSI_SAS - ok
21:26:36.0167 1456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:26:36.0182 1456 LSI_SAS2 - ok
21:26:36.0198 1456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:26:36.0214 1456 LSI_SCSI - ok
21:26:36.0229 1456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:26:36.0307 1456 luafv - ok
21:26:36.0385 1456 [ FAA4F845D478F4CEDF95981AFF859712 ] massfilter C:\Windows\system32\drivers\massfilter.sys
21:26:36.0416 1456 massfilter - ok
21:26:36.0448 1456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:26:36.0479 1456 Mcx2Svc - ok
21:26:36.0494 1456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:26:36.0510 1456 megasas - ok
21:26:36.0510 1456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:26:36.0541 1456 MegaSR - ok
21:26:36.0572 1456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:26:36.0650 1456 MMCSS - ok
21:26:36.0666 1456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:26:36.0744 1456 Modem - ok
21:26:36.0775 1456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:26:36.0806 1456 monitor - ok
21:26:36.0822 1456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:26:36.0838 1456 mouclass - ok
21:26:36.0869 1456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:26:36.0884 1456 mouhid - ok
21:26:36.0931 1456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:26:36.0947 1456 mountmgr - ok
21:26:37.0056 1456 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:26:37.0072 1456 MozillaMaintenance - ok
21:26:37.0087 1456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:26:37.0103 1456 mpio - ok
21:26:37.0134 1456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:26:37.0165 1456 mpsdrv - ok
21:26:37.0228 1456 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:26:37.0337 1456 MpsSvc - ok
21:26:37.0384 1456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:26:37.0430 1456 MRxDAV - ok
21:26:37.0477 1456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:26:37.0508 1456 mrxsmb - ok
21:26:37.0555 1456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:26:37.0602 1456 mrxsmb10 - ok
21:26:37.0618 1456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:26:37.0664 1456 mrxsmb20 - ok
21:26:37.0727 1456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:26:37.0742 1456 msahci - ok
21:26:37.0774 1456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:26:37.0805 1456 msdsm - ok
21:26:37.0820 1456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:26:37.0867 1456 MSDTC - ok
21:26:37.0898 1456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:26:37.0961 1456 Msfs - ok
21:26:37.0976 1456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:26:38.0039 1456 mshidkmdf - ok
21:26:38.0086 1456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:26:38.0086 1456 msisadrv - ok
21:26:38.0132 1456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:26:38.0195 1456 MSiSCSI - ok
21:26:38.0195 1456 msiserver - ok
21:26:38.0257 1456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:26:38.0320 1456 MSKSSRV - ok
21:26:38.0351 1456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:26:38.0413 1456 MSPCLOCK - ok
21:26:38.0429 1456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:26:38.0491 1456 MSPQM - ok
21:26:38.0554 1456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:26:38.0600 1456 MsRPC - ok
21:26:38.0647 1456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:26:38.0663 1456 mssmbios - ok
21:26:38.0694 1456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:26:38.0772 1456 MSTEE - ok
21:26:38.0788 1456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:26:38.0819 1456 MTConfig - ok
21:26:38.0834 1456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:26:38.0866 1456 Mup - ok
21:26:38.0897 1456 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:26:38.0944 1456 mwlPSDFilter - ok
21:26:38.0959 1456 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:26:38.0990 1456 mwlPSDNServ - ok
21:26:39.0006 1456 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:26:39.0037 1456 mwlPSDVDisk - ok
21:26:39.0084 1456 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
21:26:39.0115 1456 MWLService - ok
21:26:39.0146 1456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:26:39.0209 1456 napagent - ok
21:26:39.0256 1456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:26:39.0318 1456 NativeWifiP - ok
21:26:39.0380 1456 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:26:39.0396 1456 NDIS - ok
21:26:39.0427 1456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:26:39.0505 1456 NdisCap - ok
21:26:39.0536 1456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:26:39.0599 1456 NdisTapi - ok
21:26:39.0646 1456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:26:39.0708 1456 Ndisuio - ok
21:26:39.0755 1456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:26:39.0833 1456 NdisWan - ok
21:26:39.0880 1456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:26:39.0958 1456 NDProxy - ok
21:26:40.0004 1456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:26:40.0051 1456 NetBIOS - ok
21:26:40.0114 1456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:26:40.0192 1456 NetBT - ok
21:26:40.0238 1456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:26:40.0254 1456 Netlogon - ok
21:26:40.0301 1456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:26:40.0348 1456 Netman - ok
21:26:40.0348 1456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:26:40.0410 1456 netprofm - ok
21:26:40.0426 1456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:26:40.0457 1456 NetTcpPortSharing - ok
21:26:40.0488 1456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:26:40.0504 1456 nfrd960 - ok
21:26:40.0550 1456 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:26:40.0613 1456 NlaSvc - ok
21:26:40.0628 1456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:26:40.0691 1456 Npfs - ok
21:26:40.0706 1456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:26:40.0769 1456 nsi - ok
21:26:40.0784 1456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:26:40.0847 1456 nsiproxy - ok
21:26:40.0909 1456 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:26:41.0018 1456 Ntfs - ok
21:26:41.0081 1456 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:26:41.0096 1456 NTI IScheduleSvc - ok
21:26:41.0143 1456 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
21:26:41.0174 1456 NTIDrvr - ok
21:26:41.0190 1456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:26:41.0252 1456 Null - ok
21:26:41.0299 1456 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:26:41.0315 1456 nvraid - ok
21:26:41.0362 1456 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:26:41.0377 1456 nvstor - ok
21:26:41.0440 1456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:26:41.0455 1456 nv_agp - ok
21:26:41.0502 1456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:26:41.0533 1456 ohci1394 - ok
21:26:41.0580 1456 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:26:41.0596 1456 ose - ok
21:26:41.0736 1456 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:26:41.0954 1456 osppsvc - ok
21:26:42.0032 1456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:26:42.0048 1456 p2pimsvc - ok
21:26:42.0095 1456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:26:42.0126 1456 p2psvc - ok
21:26:42.0142 1456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:26:42.0188 1456 Parport - ok
21:26:42.0235 1456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:26:42.0251 1456 partmgr - ok
21:26:42.0282 1456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:26:42.0313 1456 PcaSvc - ok
21:26:42.0344 1456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:26:42.0360 1456 pci - ok
21:26:42.0407 1456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:26:42.0422 1456 pciide - ok
21:26:42.0454 1456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:42.0485 1456 pcmcia - ok
21:26:42.0516 1456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:26:42.0532 1456 pcw - ok
21:26:42.0547 1456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:26:42.0641 1456 PEAUTH - ok
21:26:42.0672 1456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:26:42.0703 1456 PerfHost - ok
21:26:42.0766 1456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:26:42.0890 1456 pla - ok
21:26:42.0937 1456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:26:42.0984 1456 PlugPlay - ok
21:26:43.0000 1456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:26:43.0015 1456 PNRPAutoReg - ok
21:26:43.0031 1456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:26:43.0062 1456 PNRPsvc - ok
21:26:43.0109 1456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:26:43.0156 1456 PolicyAgent - ok
21:26:43.0187 1456 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:26:43.0234 1456 Power - ok
21:26:43.0280 1456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:26:43.0327 1456 PptpMiniport - ok
21:26:43.0358 1456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:26:43.0390 1456 Processor - ok
21:26:43.0436 1456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:26:43.0468 1456 ProfSvc - ok
21:26:43.0483 1456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:26:43.0499 1456 ProtectedStorage - ok
21:26:43.0546 1456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:26:43.0592 1456 Psched - ok
21:26:44.0435 1456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:26:44.0965 1456 ql2300 - ok
21:26:44.0996 1456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:45.0028 1456 ql40xx - ok
21:26:45.0059 1456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:26:45.0090 1456 QWAVE - ok
21:26:45.0121 1456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:26:45.0199 1456 QWAVEdrv - ok
21:26:45.0215 1456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:26:45.0277 1456 RasAcd - ok
21:26:45.0308 1456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:45.0355 1456 RasAgileVpn - ok
21:26:45.0371 1456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:26:45.0418 1456 RasAuto - ok
21:26:45.0449 1456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:45.0511 1456 Rasl2tp - ok
21:26:45.0542 1456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:26:45.0620 1456 RasMan - ok
21:26:45.0667 1456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:45.0730 1456 RasPppoe - ok
21:26:45.0745 1456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:26:45.0808 1456 RasSstp - ok
21:26:45.0854 1456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:26:45.0901 1456 rdbss - ok
21:26:45.0932 1456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:45.0948 1456 rdpbus - ok
21:26:45.0979 1456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:46.0026 1456 RDPCDD - ok
21:26:46.0042 1456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:26:46.0120 1456 RDPENCDD - ok
21:26:46.0135 1456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:26:46.0198 1456 RDPREFMP - ok
21:26:46.0260 1456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:26:46.0338 1456 RDPWD - ok
21:26:46.0432 1456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:26:46.0463 1456 rdyboost - ok
21:26:46.0525 1456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:26:46.0603 1456 RemoteAccess - ok
21:26:46.0650 1456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:26:46.0712 1456 RemoteRegistry - ok
21:26:46.0759 1456 [ 1A4EFB4E22412E685DCA5654973CB647 ] Rockusb C:\Windows\system32\DRIVERS\rockusb.sys
21:26:46.0790 1456 Rockusb - ok
21:26:46.0837 1456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:26:46.0884 1456 RpcEptMapper - ok
21:26:46.0915 1456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:26:46.0946 1456 RpcLocator - ok
21:26:47.0009 1456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:26:47.0040 1456 RpcSs - ok
21:26:47.0087 1456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:26:47.0149 1456 rspndr - ok
21:26:47.0258 1456 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:26:47.0305 1456 RSUSBSTOR - ok
21:26:47.0321 1456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:26:47.0336 1456 SamSs - ok
21:26:47.0383 1456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:26:47.0399 1456 sbp2port - ok
21:26:47.0430 1456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:26:47.0477 1456 SCardSvr - ok
21:26:47.0539 1456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:26:47.0586 1456 scfilter - ok
21:26:47.0711 1456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:26:47.0773 1456 Schedule - ok
21:26:47.0804 1456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:26:47.0836 1456 SCPolicySvc - ok
21:26:47.0898 1456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:26:47.0929 1456 SDRSVC - ok
21:26:47.0992 1456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:26:48.0038 1456 secdrv - ok
21:26:48.0070 1456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:26:48.0132 1456 seclogon - ok
21:26:48.0163 1456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:26:48.0226 1456 SENS - ok
21:26:48.0257 1456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:26:48.0288 1456 SensrSvc - ok
21:26:48.0304 1456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:26:48.0335 1456 Serenum - ok
21:26:48.0366 1456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:26:48.0382 1456 Serial - ok
21:26:48.0444 1456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:26:48.0475 1456 sermouse - ok
21:26:48.0506 1456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:26:48.0569 1456 SessionEnv - ok
21:26:48.0631 1456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:26:48.0662 1456 sffdisk - ok
21:26:48.0678 1456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:26:48.0709 1456 sffp_mmc - ok
21:26:48.0725 1456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:26:48.0756 1456 sffp_sd - ok
21:26:48.0772 1456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:48.0787 1456 sfloppy - ok
21:26:48.0896 1456 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:26:48.0928 1456 Sftfs - ok
21:26:49.0037 1456 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:26:49.0068 1456 sftlist - ok
21:26:49.0115 1456 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:26:49.0130 1456 Sftplay - ok
21:26:49.0146 1456 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:26:49.0162 1456 Sftredir - ok
21:26:49.0193 1456 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:26:49.0208 1456 Sftvol - ok
21:26:49.0255 1456 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:26:49.0271 1456 sftvsa - ok
21:26:49.0364 1456 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:26:49.0442 1456 SharedAccess - ok
21:26:49.0489 1456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:26:49.0552 1456 ShellHWDetection - ok
21:26:49.0630 1456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:49.0645 1456 SiSRaid2 - ok
21:26:49.0661 1456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:49.0676 1456 SiSRaid4 - ok
21:26:49.0817 1456 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:26:49.0879 1456 SkypeUpdate - ok
21:26:49.0942 1456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:26:50.0035 1456 Smb - ok
21:26:50.0472 1456 [ 6A06C60C6CAE39A87603B03EA7DD404C ] SMServer C:\Windows\SysWOW64\snmvtsvc.exe
21:26:50.0768 1456 SMServer ( UnsignedFile.Multi.Generic ) - warning
21:26:50.0768 1456 SMServer - detected UnsignedFile.Multi.Generic (1)
21:26:50.0862 1456 [ 2CB5E6DCDC301E3D59DA2D5D0CBAFB80 ] SndTAudio C:\Windows\system32\drivers\SndTAudio.sys
21:26:50.0909 1456 SndTAudio - ok
21:26:50.0956 1456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:26:51.0002 1456 SNMPTRAP - ok
21:26:51.0034 1456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:26:51.0049 1456 spldr - ok
21:26:51.0127 1456 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:26:51.0158 1456 Spooler - ok
21:26:51.0486 1456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:26:51.0798 1456 sppsvc - ok
21:26:51.0876 1456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:26:52.0984 1456 sppuinotify - ok
21:26:53.0093 1456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:26:53.0467 1456 srv - ok
21:26:54.0154 1456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:26:54.0263 1456 srv2 - ok
21:26:54.0278 1456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:26:54.0310 1456 srvnet - ok
21:26:54.0356 1456 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
21:26:54.0419 1456 ssadbus - ok
21:26:54.0450 1456 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:26:54.0512 1456 ssadmdfl - ok
21:26:54.0528 1456 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
21:26:54.0590 1456 ssadmdm - ok
21:26:54.0606 1456 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
21:26:54.0668 1456 ssadserd - ok
21:26:54.0684 1456 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
21:26:54.0731 1456 sscdbus - ok
21:26:54.0778 1456 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:26:54.0809 1456 sscdmdfl - ok
21:26:54.0871 1456 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
21:26:54.0918 1456 sscdmdm - ok
21:26:54.0965 1456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:26:55.0027 1456 SSDPSRV - ok
21:26:55.0058 1456 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:26:55.0105 1456 SSPORT - ok
21:26:55.0168 1456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:26:55.0246 1456 SstpSvc - ok
21:26:55.0324 1456 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:26:55.0402 1456 ssudmdm - ok
21:26:55.0433 1456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:26:55.0448 1456 stexstor - ok
21:26:55.0511 1456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:26:55.0620 1456 stisvc - ok
21:26:55.0667 1456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:26:55.0682 1456 swenum - ok
21:26:55.0745 1456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:26:55.0807 1456 swprv - ok
21:26:55.0963 1456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:26:56.0057 1456 SysMain - ok
21:26:56.0135 1456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:26:56.0166 1456 TabletInputService - ok
21:26:56.0213 1456 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
21:26:56.0306 1456 tap0901 - ok
21:26:56.0353 1456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:26:56.0431 1456 TapiSrv - ok
21:26:56.0478 1456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:26:56.0540 1456 TBS - ok
21:26:56.0665 1456 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:26:56.0837 1456 Tcpip - ok
21:26:56.0915 1456 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:26:56.0962 1456 TCPIP6 - ok
21:26:56.0993 1456 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:26:57.0024 1456 tcpipreg - ok
21:26:57.0040 1456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:26:57.0086 1456 TDPIPE - ok
21:26:57.0133 1456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:26:57.0164 1456 TDTCP - ok
21:26:57.0227 1456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:26:57.0305 1456 tdx - ok
21:26:57.0367 1456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:26:57.0383 1456 TermDD - ok
21:26:57.0430 1456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:26:57.0523 1456 TermService - ok
21:26:57.0539 1456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:26:57.0570 1456 Themes - ok
21:26:57.0586 1456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:26:57.0632 1456 THREADORDER - ok
21:26:57.0726 1456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:26:57.0804 1456 TrkWks - ok
21:26:57.0866 1456 [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
21:26:57.0898 1456 truecrypt - ok
21:26:58.0054 1456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:26:58.0132 1456 TrustedInstaller - ok
21:26:58.0241 1456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:58.0303 1456 tssecsrv - ok
21:26:58.0943 1456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:26:59.0005 1456 TsUsbFlt - ok
21:26:59.0302 1456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:26:59.0348 1456 tunnel - ok
21:26:59.0380 1456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:26:59.0395 1456 uagp35 - ok
21:26:59.0411 1456 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
21:26:59.0442 1456 UBHelper - ok
21:26:59.0707 1456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:26:59.0910 1456 udfs - ok
21:27:00.0830 1456 [ A447361E6156AFEF47A42AE9E89B2BB3 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
21:27:00.0924 1456 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
21:27:00.0924 1456 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
21:27:00.0955 1456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:27:01.0002 1456 UI0Detect - ok
21:27:01.0049 1456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:27:01.0064 1456 uliagpkx - ok
21:27:01.0127 1456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:27:01.0158 1456 umbus - ok
21:27:01.0189 1456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:27:01.0205 1456 UmPass - ok
21:27:01.0376 1456 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:27:01.0470 1456 UNS - ok
21:27:01.0610 1456 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:27:01.0704 1456 Updater Service - ok
21:27:01.0735 1456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:27:01.0798 1456 upnphost - ok
21:27:01.0876 1456 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:27:01.0922 1456 USBAAPL64 - ok
21:27:02.0156 1456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:27:02.0203 1456 usbccgp - ok
21:27:02.0234 1456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:27:02.0422 1456 usbcir - ok
21:27:02.0453 1456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:27:02.0500 1456 usbehci - ok
21:27:02.0578 1456 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:27:02.0609 1456 usbhub - ok
21:27:02.0656 1456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:27:02.0687 1456 usbohci - ok
21:27:02.0749 1456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:27:02.0780 1456 usbprint - ok
21:27:02.0843 1456 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:27:02.0858 1456 usbscan - ok
21:27:02.0905 1456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:27:02.0936 1456 USBSTOR - ok
21:27:02.0983 1456 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:27:03.0014 1456 usbuhci - ok
21:27:03.0092 1456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:27:03.0124 1456 usbvideo - ok
21:27:03.0155 1456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:27:03.0217 1456 UxSms - ok
21:27:03.0248 1456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:27:03.0248 1456 VaultSvc - ok
21:27:03.0311 1456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:27:03.0326 1456 vdrvroot - ok
21:27:03.0482 1456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:27:03.0560 1456 vds - ok
21:27:03.0638 1456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:27:03.0654 1456 vga - ok
21:27:03.0732 1456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:27:03.0779 1456 VgaSave - ok
21:27:03.0888 1456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:27:03.0904 1456 vhdmp - ok
21:27:04.0013 1456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:27:04.0060 1456 viaide - ok
21:27:04.0153 1456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:27:04.0169 1456 volmgr - ok
21:27:04.0216 1456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:27:04.0247 1456 volmgrx - ok
21:27:04.0278 1456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:27:04.0294 1456 volsnap - ok
21:27:04.0403 1456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:27:04.0434 1456 vsmraid - ok
21:27:05.0058 1456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:27:05.0339 1456 VSS - ok
21:27:05.0370 1456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:27:05.0401 1456 vwifibus - ok
21:27:05.0432 1456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:27:05.0464 1456 vwififlt - ok
21:27:05.0495 1456 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:27:05.0510 1456 vwifimp - ok
21:27:05.0698 1456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:27:05.0760 1456 W32Time - ok
21:27:05.0807 1456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:27:05.0838 1456 WacomPen - ok
21:27:05.0932 1456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:27:06.0025 1456 WANARP - ok
21:27:06.0103 1456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:27:06.0134 1456 Wanarpv6 - ok
21:27:06.0509 1456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:27:06.0649 1456 wbengine - ok
21:27:06.0743 1456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:27:06.0774 1456 WbioSrvc - ok
21:27:06.0899 1456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:27:06.0946 1456 wcncsvc - ok
21:27:07.0008 1456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:27:07.0024 1456 WcsPlugInService - ok
21:27:07.0070 1456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:27:07.0086 1456 Wd - ok
21:27:07.0148 1456 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:27:07.0211 1456 Wdf01000 - ok
21:27:07.0226 1456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:27:07.0273 1456 WdiServiceHost - ok
21:27:07.0289 1456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:27:07.0304 1456 WdiSystemHost - ok
21:27:07.0382 1456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:27:07.0414 1456 WebClient - ok
21:27:07.0507 1456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:27:07.0585 1456 Wecsvc - ok
21:27:07.0601 1456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:27:07.0663 1456 wercplsupport - ok
21:27:07.0710 1456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:27:07.0757 1456 WerSvc - ok
21:27:07.0772 1456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:27:07.0819 1456 WfpLwf - ok
21:27:07.0835 1456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:27:07.0850 1456 WIMMount - ok
21:27:07.0850 1456 WinDefend - ok
21:27:07.0866 1456 WinHttpAutoProxySvc - ok
21:27:08.0209 1456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:27:08.0256 1456 Winmgmt - ok
21:27:08.0677 1456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:27:08.0786 1456 WinRM - ok
21:27:08.0864 1456 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:27:08.0880 1456 WinUsb - ok
21:27:08.0958 1456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:27:09.0005 1456 Wlansvc - ok
21:27:09.0067 1456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:27:09.0067 1456 WmiAcpi - ok
21:27:09.0098 1456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:27:09.0145 1456 wmiApSrv - ok
21:27:09.0192 1456 WMPNetworkSvc - ok
21:27:09.0239 1456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:27:09.0254 1456 WPCSvc - ok
21:27:09.0286 1456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:27:09.0317 1456 WPDBusEnum - ok
21:27:09.0332 1456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:27:09.0379 1456 ws2ifsl - ok
21:27:09.0395 1456 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:27:09.0426 1456 wscsvc - ok
21:27:09.0426 1456 WSearch - ok
21:27:09.0551 1456 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:27:09.0629 1456 wuauserv - ok
21:27:09.0676 1456 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:27:09.0691 1456 WudfPf - ok
21:27:09.0722 1456 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:09.0754 1456 WUDFRd - ok
21:27:09.0800 1456 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:27:09.0832 1456 wudfsvc - ok
21:27:09.0863 1456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:27:09.0910 1456 WwanSvc - ok
21:27:10.0034 1456 [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
21:27:10.0081 1456 ZTEusbmdm6k - ok
21:27:10.0112 1456 [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
21:27:10.0128 1456 ZTEusbnmea - ok
21:27:10.0175 1456 [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
21:27:10.0190 1456 ZTEusbser6k - ok
21:27:10.0222 1456 ================ Scan global ===============================
21:27:10.0253 1456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:27:10.0300 1456 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:27:10.0315 1456 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:27:10.0346 1456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:27:10.0378 1456 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:27:10.0393 1456 [Global] - ok
21:27:10.0393 1456 ================ Scan MBR ==================================
21:27:10.0409 1456 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:27:10.0814 1456 \Device\Harddisk0\DR0 - ok
21:27:10.0814 1456 ================ Scan VBR ==================================
21:27:10.0846 1456 [ C3F0927A613F854EC890D15BBA8A6BFC ] \Device\Harddisk0\DR0\Partition1
21:27:10.0846 1456 \Device\Harddisk0\DR0\Partition1 - ok
21:27:10.0861 1456 [ 50EAC70B613112632E485C975C751224 ] \Device\Harddisk0\DR0\Partition2
21:27:10.0861 1456 \Device\Harddisk0\DR0\Partition2 - ok
21:27:10.0861 1456 ============================================================
21:27:10.0861 1456 Scan finished
21:27:10.0861 1456 ============================================================
21:27:10.0877 3848 Detected object count: 4
21:27:10.0877 3848 Actual detected object count: 4
21:28:22.0294 3848 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:28:22.0294 3848 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:28:22.0294 3848 GSService ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:22.0294 3848 GSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:22.0294 3848 SMServer ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:22.0294 3848 SMServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:22.0294 3848 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:22.0294 3848 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:35.0008 2348 Deinitialize success

Alt 07.02.2013, 12:24   #10
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Hi
schau mal ob du den modus im bios wieder umgeendert hast, danach sollte alles wieder passen.
Combofix:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.02.2013, 17:03   #11
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Ok. Hab Avira deaktiviert = Regenschirm zugeklappt beim Symbol. Trotzdem kam zwischendurch eine Meldung, dass ein verdächtiger Zugriff auf die Registry erfolgt sei. Combofix hat sich aber nicht beschwert...

Code:
ATTFilter
ComboFix 13-02-07.01 - ruud 07.02.2013  21:46:09.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3767.2490 [GMT 1:00]
ausgeführt von:: c:\users\ruud\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\ruud\Documents\~WRL0003.tmp
c:\users\ruud\wgsdgsdgdsgsd.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-07 bis 2013-02-07  ))))))))))))))))))))))))))))))
.
.
2013-02-07 21:20 . 2013-02-07 21:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-07 01:39 . 2013-02-07 01:39	--------	d-----w-	C:\_OTL
2013-01-10 20:45 . 2013-01-11 15:16	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 20:38 . 2012-05-21 04:51	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 20:38 . 2011-05-20 10:58	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 20:43 . 2011-02-02 21:25	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-23 16:47 . 2012-12-23 16:47	116480	----a-w-	c:\windows\system32\drivers\avmaura.sys
2012-12-16 17:11 . 2012-12-21 12:13	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:13	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-11 19:38 . 2012-11-15 20:00	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 19:38 . 2012-11-15 20:00	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-07 13:20 . 2013-01-08 20:26	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 20:26	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 20:26	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 20:26	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 20:26	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 20:26	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 20:26	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 20:26	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 20:26	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 20:26	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 20:26	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 20:26	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 20:26	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 20:26	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 20:26	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 20:26	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 20:26	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 20:26	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 20:26	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 20:26	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 20:26	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 20:26	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 20:26	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 20:26	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 20:26	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 20:26	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 20:26	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 20:26	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 20:26	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 20:26	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 20:26	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 20:26	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-02 13:26 . 2012-12-02 13:26	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
2012-11-30 05:45 . 2013-01-08 20:25	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 20:25	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 20:25	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-08 20:25	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-08 20:25	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 20:25	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-08 20:25	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-08 20:25	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-08 20:25	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-08 20:25	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-08 20:25	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 20:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\ruud\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"AVMUSBFernanschluss"="c:\users\ruud\AppData\Local\Apps\2.0\HNC2VEZN.5LT\MJ8370TH.QZ0\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2012-12-23 139264]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2009-08-31 132608]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunesHelper.exe" [2012-11-28 151952]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-05-31 252928]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 12800]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2012-03-07 65648]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2012-06-01 260608]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc64.exe [2011-03-09 331648]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-10 11576]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-02-01 116096]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2012-12-23 116480]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2012-06-05 34088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 11:33	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 20:38]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 17:44]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\ruud\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
FF - ProfilePath - c:\users\ruud\AppData\Roaming\Mozilla\Firefox\Profiles\qpexaizj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kalenderblatt.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-07  22:22:57
ComboFix-quarantined-files.txt  2013-02-07 21:22
.
Vor Suchlauf: 11 Verzeichnis(se), 320.997.679.104 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 323.067.711.488 Bytes frei
.
- - End Of File - - 7B61243B79E39EFF6A6694E9F31342AC
         

Alt 08.02.2013, 18:01   #12
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.02.2013, 23:48   #13
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Hallo,
ich habe einen scan mit Malwarebytes gemacht. dabei wurde nichts gefunden.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ruud :: BRAUNER [Administrator]

Schutz: Aktiviert

08.02.2013 19:00:25
mbam-log-2013-02-08 (19-00-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395004
Laufzeit: 1 Stunde(n), 52 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Das kam mir merkwürdig vor.
Habe daher Avira deaktiviert und nochmal gescannt. Diesmal 2 Funde:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ruud :: BRAUNER [Administrator]

Schutz: Aktiviert

08.02.2013 22:48:59
MBAM-log-2013-02-08 (23-38-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395071
Laufzeit: 48 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine\C\Users\ruud\wgsdgsdgdsgsd.exe.vir (Trojan.Ransom.NUM) -> Keine Aktion durchgeführt.
C:\Users\ruud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7210df0f-2a6457a4 (Trojan.Ransom.NUM) -> Keine Aktion durchgeführt.

(Ende)
         
Die hab ich dann entfernt:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ruud :: BRAUNER [Administrator]

Schutz: Aktiviert

08.02.2013 22:48:59
mbam-log-2013-02-08 (22-48-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395071
Laufzeit: 48 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine\C\Users\ruud\wgsdgsdgdsgsd.exe.vir (Trojan.Ransom.NUM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ruud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7210df0f-2a6457a4 (Trojan.Ransom.NUM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 08.02.2013, 23:52   #14
markusg
/// Malware-holic
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



hi
sieht ok aus.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.02.2013, 00:19   #15
LaHupa
 
GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Standard

GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner



Hallo,
bins mal durchgegangen.
Viel Ahnung hab ich nicht.
Von dem was ich als notwendig eingestuft hab, kann man aber fast alles kostenlos runterladen. Könnte also auch runter, wenns das erleichtern sollte.
Zitat:
7-Zip 9.20 (x64 edition) Igor Pavlov 12.03.2012 4,53 MB 9.20.00.0 notwendig
Acer Backup Manager NewTech Infosystems 30.08.2010 27,5 MB 2.0.0.68 unbekannt
Acer Crystal Eye webcam Liteon 18.11.2010 3,25 MB 1.0.4.5 unbekannt
Acer ePower Management Acer Incorporated 18.11.2010 5.00.3005 unbekannt
Acer eRecovery Management Acer Incorporated 30.08.2010 4.05.3013 unbekannt
Acer Registration Acer Incorporated 18.11.2010 1.03.3003 unbekannt
Acer ScreenSaver Acer Incorporated 18.11.2010 1.1.0707.2010 unbekannt
Acer Updater Acer Incorporated 30.08.2010 1.02.3001 unbekannt
Acrobat.com Adobe Systems Incorporated 30.08.2010 1,60 MB 1.6.65 unbekannt
Adobe AIR Adobe Systems Inc. 30.08.2010 1.5.0.7220 unbekannt
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.01.2013 6,00 MB 11.5.502.146 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.01.2013 6,00 MB 11.5.502.146 notwendig
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 12.01.2013 121 MB 10.1.5 unbekannt
Akamai NetSession Interface Akamai Technologies, Inc 24.06.2012 unnötig
Akamai NetSession Interface Service 10.11.2011 unnötig
Apple Application Support Apple Inc. 02.12.2012 65,0 MB 2.3.2 unnötig
Apple Mobile Device Support Apple Inc. 02.12.2012 25,1 MB 6.0.1.3 unnötig
Apple Software Update Apple Inc. 02.12.2012 2,38 MB 2.1.3.127 unnötig
Audible Download Manager Audible, Inc. 02.12.2012 6.6.0.15 unnötig
AudibleManager Audible, Inc. 02.12.2012 2010725614.48.56.33623274 unnötig
Avira Free Antivirus Avira 11.12.2012 124 MB 13.0.0.2890 notwendig
Bonjour Apple Inc. 02.12.2012 2,04 MB 3.0.0.10 unnötig
Broadcom Gigabit NetLink Controller Broadcom Corporation 30.08.2010 448 KB 14.0.2.3 unbekannt
Call of Duty 05.07.2011 unnötig
Call of Duty - United Offensive Activision 20.07.2011 895 MB 1.00.0000 unnötig
Call of Duty - United Offensive Single Player Demo 29.06.2011 unnötig
Canon MP Navigator EX 2.0 23.07.2012 notwendig
CanoScan LiDE 200 Scanner Driver 23.07.2012 notwendig
CCleaner Piriform 23.01.2013 3.27 notwendig
Cisco Systems VPN Client 5.0.07.0290 01.02.2011 10,6 MB unnötig
CyberGhost VPN Patch 4.7.19 CyberGhost S.R.L. 27.10.2012 56,1 MB notwendig
CyberLink PowerDVD 9 CyberLink Corp. 18.11.2010 114 MB 9.0.3216.50 unnötig
DivX-Setup DivX, LLC 26.12.2012 2.6.1.22 unnötig
Dropbox Dropbox, Inc. 08.06.2012 1.4.7 unnötig
ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 20.12.2011 12.2.0.6412p notwendig
ETDWare PS/2-x64 7.0.6.5_WHQL ELAN Microelectronics Corp. 18.11.2010 7.0.6.5 unbekannt
FileOpen Client (x64) FileOpen Systems, Inc. 12.07.2011 3,03 MB 3.0.47.900 unbekannt
Foxit Reader Foxit Corporation 31.01.2011 11,1 MB 4.3.0.1110 notwendig
Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 24.01.2012 85,5 MB unnötig
FRITZ!Box USB-Fernanschluss AVM Berlin 23.12.2012 2.3.0.2 unnötig
Google Chrome Google Inc. 27.12.2012 24.0.1312.57 notwendig
Google Drive Google, Inc. 19.01.2013 16,2 MB 1.7.4018.3496 notwendig
Identity Card Acer Incorporated 18.11.2010 1.00.3003 unbekannt
Intel(R) Control Center Intel Corporation 1.2.1.1007 unbekannt
Intel(R) Graphics Media Accelerator Driver Intel Corporation 8.15.10.2182 unbekannt
Intel(R) Management Engine Components Intel Corporation 6.0.0.1179 unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 9.6.2.1001 unbekannt
iTunes Apple Inc. 02.12.2012 188 MB 11.0.0.163 unbekannt
Java 7 Update 9 Oracle 05.10.2012 128 MB 7.0.90 unbekannt
Java(TM) 7 Update 5 (64-bit) Oracle 18.08.2012 95,0 MB 7.0.50 unbekannt
Join Air ZTE Corporation 19.08.2011 1.0.0.1 unbekannt
K-Lite Codec Pack 7.1.0 (Full) 26.05.2011 49,1 MB 7.1.0 unbekannt
Launch Manager Acer Inc. 18.11.2010 4.0.14 unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 08.02.2013 18,4 MB 1.70.0.1100 unbekannt
Merriam Websters Spell Jam Oberon Media 18.11.2010 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.10.2011 38,8 MB 4.0.30320 notwendig
Microsoft Office 2010 Microsoft Corporation 18.11.2010 6,31 MB 14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 31.01.2011 14.0.4763.1000 unbekannt
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 31.01.2011 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 18.08.2012 50,6 MB 5.1.10411.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.11.2010 1,72 MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252 KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300 KB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 31.01.2011 200 KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.02.2011 786 KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.06.2011 788 KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 06.05.2011 234 KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.08.2010 596 KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.02.2011 592 KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600 KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 08.05.2012 16,5 MB 10.0.40219 unbekannt
Mozilla Firefox 18.0.1 (x86 de) Mozilla 20.01.2013 44,8 MB 18.0.1 notwendig
Mozilla Maintenance Service Mozilla 20.01.2013 330 KB 18.0.1 unbekannt
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 11.01.2013 41,9 MB 17.0.2 notwendig
MyFreeCodec 22.12.2012 unbekannt
MyWinLocker Suite Egis Technology Inc. 30.08.2010 2,20 MB 3.1.212.0 unbekannt
OpenOffice.org 3.3 OpenOffice.org 02.02.2011 414 MB 3.3.9567 notwendig
PDFCreator Frank Heindörfer, Philip Chinery 20.11.2011 1.2.3 notwendig
QuickTime Apple Inc. 18.08.2012 73,2 MB 7.72.80.56 unnötig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.11.2010 6.0.1.6141 unbekannt
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 18.11.2010 6.1.7600.30122 notwendig
Samsung Kies Samsung Electronics Co., Ltd. 21.10.2011 193 MB 2.0.3.11082_152 notwendig
Samsung ML-1640 Series Samsung Electronics CO.,LTD 01.02.2011 notwendig
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 22.12.2012 42,9 MB 1.5.16.0 notwendig
Skype™ 5.10 Skype Technologies S.A. 02.09.2012 19,3 MB 5.10.116 notwendig
SoundTaxi 4.3.8 cyan soft ltd 05.12.2012 135 MB 4.3.8 unbekannt
SoundTaxi Media Suite 4.3.8 cyan soft ltd 05.12.2012 21,1 MB 4.3.8 unbekannt
TrueCrypt TrueCrypt Foundation 02.02.2011 7.0a unnötig
VLC media player 2.0.3 VideoLAN 18.08.2012 2.0.3 notwendig
Welcome Center Acer Incorporated 18.11.2010 1.02.3004 unbekannt
Windows Live Anmelde-Assistent Microsoft Corporation 18.11.2010 1,93 MB 5.000.818.5 unbekannt
Windows Live Essentials Microsoft Corporation 18.11.2010 14.0.8117.0416 unbekannt
Windows Live Sync Microsoft Corporation 18.11.2010 2,79 MB 14.0.8117.416 unbekannt
Windows Live-Uploadtool Microsoft Corporation 18.11.2010 224 KB 14.0.8014.1029 unbekannt
Windows Media Player Firefox Plugin Microsoft Corp 16.07.2011 296 KB 1.0.0.8 notwendig
WinZip 14.5 WinZip Computing, S.L. 24.04.2011 19,9 MB 14.5.9095 notwendig

Antwort

Themen zu GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner
angezeigt, aufforderung, bundesamt, bundesamt für sicherheit, bundesamt für sicherheit in der informationstechnik, erlaubnis, erschein, erscheint, euros, fenster, fragt, gvu bundesamt, microsoft, paysafecard, programm, schaf, schritte, sicherheit, sperrbildschirm, troja, trojane, trojaner, verschiedene, verschiedenen, webcam gvu trojaner, windows, Änderungen




Ähnliche Themen: GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner


  1. Windows 7: Sperrbildschirm, Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (33)
  2. Bundesamt für Sicherheit in der Informationstechnik/GVU-Virus
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (1)
  3. Bundesamt für Sicherheit und Informationstechnik.
    Log-Analyse und Auswertung - 13.10.2013 (8)
  4. Erpressungstrojaner Bundesamt für Sicherheit in der informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (3)
  5. GVU Bundesamt für Sicherheit in der Informationstechnik TROJANER
    Log-Analyse und Auswertung - 15.09.2013 (4)
  6. Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...
    Log-Analyse und Auswertung - 12.08.2013 (5)
  7. GVU Trojaner / Bundesamt für Sicherheit in der Informationstechnik // XP
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (1)
  8. Trojaner auf dem PC (angebl. Bundesamt für Sicherheit in der Informationstechnik)
    Log-Analyse und Auswertung - 24.05.2013 (14)
  9. trojaner gvu bundesamt für sicherheit in der informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (7)
  10. GVU Bundesamt für Sicherheit in der Informationstechnik TROJANER
    Log-Analyse und Auswertung - 08.03.2013 (1)
  11. Bundesamt für Sicherheit in der Informationstechnik
    Log-Analyse und Auswertung - 29.01.2013 (9)
  12. Bundesamt für Sicherheit in der Informationstechnik - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (7)
  13. Trojaner : Bundesamt für Sicherheit in der Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (4)
  14. Bundesamt für Sicherheit in der Informationstechnik Virus
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (10)
  15. Bundesamt für Sicherheit in der Informationstechnik - Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (19)
  16. Bundesamt für SIcherheit in der Informationstechnik - VIRUS
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (2)
  17. Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (21)

Zum Thema GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner - Hallo Forengemeinschaft, Ich habe offenbar oben genannten Trojaner eingefangen. Es wird ein Sperrbildschirm angezeigt mit der Aufforderung "100 euros" per "PaysafeCard Vaucher" zu zahlen. Die verschiedenen Schritte habe ich gelesen. - GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner...
Archiv
Du betrachtest: GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.