| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.03.2013, 15:11
| #1 |
 |  TR/Crypt.XPACK.Gen7 Hallo Trojaner-Board! Ich weiß nicht ganz ob es ein Fehlalarm war, aber ich geh lieber mal auf Nummer sicher. Also ich habe mir heute eine Software (.zip Archiv) auf dem Dekstop heruntergeladen. Ich habe das Archiv geöffnet (mit Win-Rar), und den Ordner der drin war (Name 64bit) auf den Desktop gezogen. In dem Moment kam ein Pop-up von AntiVir, dass der Echtzeitscanner den Virus TR/Crypt.XPACK.Gen7 gefunden hätte. Das Log poste ich. Danach habe ich einen Vollscan mit Antivir gemacht, Log poste ich ebenfalls. Und dann wie beschrieben die Schritte mit defugger, OTL und gmer. PS. Nach den Scans mit OTL und GMER ist der PC nicht ordnungsgemäß heruntergefahren, musste dann den Strom wegnehmen. Vielen Dank im Voraus! AntiVir Echtzeitscanner-log Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 8. März 2013 10:58
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : JULIAN-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 24.02.2013 15:45:49
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 24.02.2013 15:45:49
LUKE.DLL : 13.6.0.602 67808 Bytes 24.02.2013 15:46:52
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 24.02.2013 15:48:24
AVREG.DLL : 13.6.0.600 250592 Bytes 24.02.2013 15:48:23
avlode.dll : 13.6.2.624 434912 Bytes 24.02.2013 15:48:25
avlode.rdf : 13.0.0.38 15231 Bytes 24.02.2013 15:48:24
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 15:38:30
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:39:35
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:40:54
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:41:19
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:41:43
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 15:42:04
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 15:42:33
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:42:53
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 15:43:27
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 15:43:27
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 15:43:27
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 15:43:28
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 15:43:28
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:43:29
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 15:43:31
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 15:43:34
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 15:43:35
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 15:43:36
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 15:43:37
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 15:43:40
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 15:43:41
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 15:43:42
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 15:43:43
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 15:41:24
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 09:22:12
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 11:42:45
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 17:30:33
VBASE027.VDF : 7.11.63.211 212480 Bytes 06.03.2013 16:05:36
VBASE028.VDF : 7.11.63.212 2048 Bytes 06.03.2013 16:05:36
VBASE029.VDF : 7.11.63.213 2048 Bytes 06.03.2013 16:05:36
VBASE030.VDF : 7.11.63.214 2048 Bytes 06.03.2013 16:05:36
VBASE031.VDF : 7.11.64.16 188928 Bytes 08.03.2013 09:32:23
Engineversion : 8.2.12.10
AEVDF.DLL : 8.1.2.10 102772 Bytes 24.02.2013 15:44:31
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 24.02.2013 15:44:30
AESCN.DLL : 8.1.10.0 131445 Bytes 24.02.2013 15:44:30
AESBX.DLL : 8.2.5.12 606578 Bytes 24.02.2013 15:44:31
AERDL.DLL : 8.2.0.88 643444 Bytes 24.02.2013 15:44:29
AEPACK.DLL : 8.3.1.12 815480 Bytes 28.02.2013 20:05:58
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 24.02.2013 15:44:24
AEHEUR.DLL : 8.1.4.222 5767545 Bytes 28.02.2013 20:05:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 24.02.2013 15:43:49
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.02.2013 15:43:47
AEEXP.DLL : 8.4.0.6 192885 Bytes 28.02.2013 20:05:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 24.02.2013 15:43:46
AECORE.DLL : 8.1.31.2 201080 Bytes 24.02.2013 15:43:45
AEBB.DLL : 8.1.1.4 53619 Bytes 24.02.2013 15:43:45
AVWINLL.DLL : 13.6.0.480 26480 Bytes 24.02.2013 15:36:28
AVPREF.DLL : 13.6.0.480 51056 Bytes 24.02.2013 15:45:47
AVREP.DLL : 13.6.0.480 178544 Bytes 24.02.2013 15:48:23
AVARKT.DLL : 13.6.0.624 260832 Bytes 24.02.2013 15:45:33
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 24.02.2013 15:45:42
SQLITE3.DLL : 3.7.0.1 397704 Bytes 24.02.2013 15:47:39
AVSMTP.DLL : 13.6.0.480 62832 Bytes 24.02.2013 15:45:53
NETNT.DLL : 13.6.0.480 16240 Bytes 24.02.2013 15:47:16
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 24.02.2013 15:36:32
RCTEXT.DLL : 13.6.0.480 68976 Bytes 24.02.2013 15:36:32
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5139aef2\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Freitag, 8. März 2013 10:58
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinRAR.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Julian\AppData\Local\Temp\Rar$DR00.626\64bit\plugins\GraphicsCapture\injectHelper.exe'
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.626\64bit\plugins\GraphicsCapture\injectHelper.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58c92688.qua' verschoben!
Ende des Suchlaufs: Freitag, 8. März 2013 10:58
Benötigte Zeit: 00:08 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1575 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1574 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 8. März 2013 11:34
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Admin
Computername : JULIAN-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 24.02.2013 15:45:49
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 24.02.2013 15:45:49
LUKE.DLL : 13.6.0.602 67808 Bytes 24.02.2013 15:46:52
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 24.02.2013 15:48:24
AVREG.DLL : 13.6.0.600 250592 Bytes 24.02.2013 15:48:23
avlode.dll : 13.6.2.624 434912 Bytes 24.02.2013 15:48:25
avlode.rdf : 13.0.0.38 15231 Bytes 24.02.2013 15:48:24
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 15:38:30
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:39:35
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:40:54
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:41:19
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:41:43
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 15:42:04
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 15:42:33
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:42:53
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 15:43:27
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 15:43:27
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 15:43:27
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 15:43:28
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 15:43:28
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:43:29
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 15:43:31
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 15:43:34
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 15:43:35
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 15:43:36
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 15:43:37
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 15:43:40
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 15:43:41
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 15:43:42
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 15:43:43
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 15:41:24
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 09:22:12
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 11:42:45
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 17:30:33
VBASE027.VDF : 7.11.63.211 212480 Bytes 06.03.2013 16:05:36
VBASE028.VDF : 7.11.63.212 2048 Bytes 06.03.2013 16:05:36
VBASE029.VDF : 7.11.63.213 2048 Bytes 06.03.2013 16:05:36
VBASE030.VDF : 7.11.63.214 2048 Bytes 06.03.2013 16:05:36
VBASE031.VDF : 7.11.64.16 188928 Bytes 08.03.2013 09:32:23
Engineversion : 8.2.12.10
AEVDF.DLL : 8.1.2.10 102772 Bytes 24.02.2013 15:44:31
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 24.02.2013 15:44:30
AESCN.DLL : 8.1.10.0 131445 Bytes 24.02.2013 15:44:30
AESBX.DLL : 8.2.5.12 606578 Bytes 24.02.2013 15:44:31
AERDL.DLL : 8.2.0.88 643444 Bytes 24.02.2013 15:44:29
AEPACK.DLL : 8.3.1.12 815480 Bytes 28.02.2013 20:05:58
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 24.02.2013 15:44:24
AEHEUR.DLL : 8.1.4.222 5767545 Bytes 28.02.2013 20:05:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 24.02.2013 15:43:49
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.02.2013 15:43:47
AEEXP.DLL : 8.4.0.6 192885 Bytes 28.02.2013 20:05:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 24.02.2013 15:43:46
AECORE.DLL : 8.1.31.2 201080 Bytes 24.02.2013 15:43:45
AEBB.DLL : 8.1.1.4 53619 Bytes 24.02.2013 15:43:45
AVWINLL.DLL : 13.6.0.480 26480 Bytes 24.02.2013 15:36:28
AVPREF.DLL : 13.6.0.480 51056 Bytes 24.02.2013 15:45:47
AVREP.DLL : 13.6.0.480 178544 Bytes 24.02.2013 15:48:23
AVARKT.DLL : 13.6.0.624 260832 Bytes 24.02.2013 15:45:33
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 24.02.2013 15:45:42
SQLITE3.DLL : 3.7.0.1 397704 Bytes 24.02.2013 15:47:39
AVSMTP.DLL : 13.6.0.480 62832 Bytes 24.02.2013 15:45:53
NETNT.DLL : 13.6.0.480 16240 Bytes 24.02.2013 15:47:16
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 24.02.2013 15:36:32
RCTEXT.DLL : 13.6.0.480 68976 Bytes 24.02.2013 15:36:32
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, J:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 8. März 2013 11:34
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'J:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3732' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
[0] Archivtyp: RSRC
--> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
[1] Archivtyp: RSRC
--> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2] Archivtyp: RSRC
--> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
[3] Archivtyp: RSRC
--> C:\Users\Julian\AppData\Local\Temp\Rar$DR00.375\OBS_0473b_test8.zip
[4] Archivtyp: ZIP
--> 64bit/plugins/GraphicsCapture/injectHelper.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.375\OBS_0473b_test8.zip
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'J:\'
Beginne mit der Desinfektion:
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.375\OBS_0473b_test8.zip
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ab7096.qua' verschoben!
Ende des Suchlaufs: Freitag, 8. März 2013 12:48
Benötigte Zeit: 1:13:00 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
36757 Verzeichnisse wurden überprüft
1205170 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1205168 Dateien ohne Befall
15746 Archive wurden durchsucht
1 Warnungen
1 Hinweise
573865 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter OTL logfile created on: 08.03.2013 14:17:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,69 Gb Available Physical Memory | 83,59% Memory free 16,00 Gb Paging File | 14,54 Gb Available in Paging File | 90,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470,81 Gb Total Space | 438,19 Gb Free Space | 93,07% Space Free | Partition Type: NTFS Drive D: | 460,60 Gb Total Space | 450,25 Gb Free Space | 97,75% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\Julian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {14B63DCC-8949-4A54-B7D8-298BC8B8BD5D} IE - HKCU\..\SearchScopes\{14B63DCC-8949-4A54-B7D8-298BC8B8BD5D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: NotScripts = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448EAC2C-0FC3-449F-8DC5-6D3597F2E9D6}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 10:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.03.05 08:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.02 22:31:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.03.02 19:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.01 14:28:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.03.01 14:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.02.27 10:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.27 10:29:34 | 000,000,000 | ---D | C] -- D:\Users\Admin\Desktop\Meine Dateien [2013.02.25 20:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\logs [2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.techniclauncher [2013.02.25 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nero [2013.02.25 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Ahead [2013.02.25 16:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.02.24 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games [2013.02.24 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps [2013.02.24 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla [2013.02.24 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.24 21:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.24 21:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.24 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.24 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer [2013.02.24 19:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.24 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft [2013.02.24 18:13:10 | 000,019,976 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\authuitu.dll [2013.02.24 18:13:10 | 000,016,904 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\authuitu.dll [2013.02.24 18:13:09 | 000,029,704 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll [2013.02.24 18:13:08 | 000,036,360 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll [2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007 [2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2007 [2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2013.02.24 18:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.02.24 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client [2013.02.24 17:29:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2013.02.24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR [2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.24 17:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2013.02.24 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.24 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype [2013.02.24 17:10:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.24 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.02.24 17:05:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Dropbox [2013.02.24 17:03:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.24 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.24 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple [2013.02.24 17:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.24 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira [2013.02.24 16:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google [2013.02.24 16:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.24 16:49:06 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.24 16:49:06 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.24 16:49:06 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.24 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013.02.24 16:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.02.24 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NVIDIA [2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Logitech [2013.02.24 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech [2013.02.24 16:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.02.24 16:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.02.24 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech [2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd [2013.02.24 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.02.24 16:32:08 | 000,015,368 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys [2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.02.24 16:30:33 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.02.24 16:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.02.24 16:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2013.02.24 16:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.24 16:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2013.02.24 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.24 16:26:27 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.24 16:24:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.24 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.02.24 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.02.24 16:24:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.24 16:24:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.24 16:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.02.24 16:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.02.24 16:23:32 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.24 16:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities [2013.02.24 16:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore [2013.02.24 16:20:22 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft [2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten [2013.02.24 16:20:22 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData [2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp [2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft [2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.24 16:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.24 16:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.24 16:12:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.24 16:11:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.02.24 15:27:16 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2013.02.24 15:27:16 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2013.02.24 15:27:15 | 000,248,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2013.02.24 15:26:02 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys ========== Files - Modified Within 30 Days ========== [2013.03.08 14:19:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 14:19:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 14:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 14:16:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.08 14:16:21 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.08 14:16:21 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.08 14:16:21 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.08 14:16:21 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.08 14:12:14 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 14:11:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 14:11:28 | 2146,762,751 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 12:52:13 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.03.05 08:49:02 | 000,002,123 | ---- | M] () -- D:\Users\Admin\Desktop\Google Chrome.lnk [2013.02.25 18:47:04 | 000,001,430 | ---- | M] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk [2013.02.25 18:36:00 | 000,703,117 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar [2013.02.24 21:37:49 | 000,000,600 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd [2013.02.24 21:10:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.24 19:40:50 | 000,002,222 | ---- | M] () -- D:\Users\Admin\Desktop\Minecraft.lnk [2013.02.24 19:03:31 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.02.24 19:03:18 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.24 18:26:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.24 18:26:21 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.24 17:07:19 | 000,001,050 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.24 16:48:22 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.24 16:48:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.24 16:48:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.02.24 16:14:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.10 04:25:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.10 04:25:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb ========== Files Created - No Company Name ========== [2013.03.08 12:52:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.03.05 08:49:02 | 000,002,123 | ---- | C] () -- D:\Users\Admin\Desktop\Google Chrome.lnk [2013.02.27 10:29:47 | 000,002,222 | ---- | C] () -- D:\Users\Admin\Desktop\Minecraft.lnk [2013.02.27 10:29:47 | 000,001,430 | ---- | C] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk [2013.02.25 18:35:57 | 000,703,117 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar [2013.02.24 21:19:23 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd [2013.02.24 21:14:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.24 21:10:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.24 18:38:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.24 18:26:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.24 18:26:21 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.24 18:13:13 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.02.24 18:13:07 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007.lnk [2013.02.24 18:01:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.24 17:12:47 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.24 17:12:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.24 17:07:18 | 000,001,050 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.24 16:27:22 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk [2013.02.24 16:24:05 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.24 16:21:38 | 000,001,405 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.24 16:21:35 | 000,001,439 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.24 16:15:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.24 16:15:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.24 16:14:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.24 16:12:18 | 2146,762,751 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2012.06.19 13:54:28 | 000,038,381 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.203\l.class [2012.10.25 22:15:26 | 000,000,642 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.250\reifnsk\minimap\n.png [2012.10.25 22:15:26 | 000,000,268 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.250\reifnsk\minimap\zantextures\n.png [2012.10.25 22:15:26 | 000,000,642 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.328\reifnsk\minimap\n.png [2012.10.25 22:15:26 | 000,000,268 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.328\reifnsk\minimap\zantextures\n.png [2012.06.13 23:11:04 | 000,038,381 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.906\l.class [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft [2013.02.25 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.techniclauncher [2013.02.27 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox [2013.02.24 21:48:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2013.02.24 16:40:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2013.02.25 18:59:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\logs [2013.02.24 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2013.03.04 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client [2013.02.24 18:13:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.03.2013 14:17:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,69 Gb Available Physical Memory | 83,59% Memory free
16,00 Gb Paging File | 14,54 Gb Available in Paging File | 90,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,81 Gb Total Space | 438,19 Gb Free Space | 93,07% Space Free | Partition Type: NTFS
Drive D: | 460,60 Gb Total Space | 450,25 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{252F1E16-E5E6-4971-8A78-46FD091E1A70}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe |
"{58676EDE-E938-4B8B-BEAF-3B306A0C1C2B}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F59F5C6-C673-418E-80AB-8B0FB654A398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FD17122-0BD7-4CC6-A3B7-48101FFD1AC3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63E0170E-ACDF-46DF-976C-E3BEC5061639}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{6CB23481-F30E-4AC1-B4CC-36F091BF9DEB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{82323116-8164-4BE9-88EC-E2602B664BF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0380429-0722-4CE0-8B1E-937917EEB810}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA69FA37-F0AC-4DCD-B34B-D4F60E930A0C}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDDAF99C-CCEF-43E5-99B8-A0D4B623A326}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D57B9187-5522-4BE7-A89A-D0D8B634299D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DC3EABEA-F6B2-4C26-A4C7-7FEB66CB2A10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC615DFD-05CB-484E-BB24-7B36AB9B6691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{78834E93-0C17-412A-90AD-C808C1175487}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{78C70488-7709-4AF4-A2C5-23AC1FB07B92}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{CFB71FED-8FB6-4577-B0D6-52295FB53622}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{F1AF5481-04C9-4A47-AC1B-D624971DFEEC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{10EF208B-3A2D-4990-A4D4-44CA8967A546}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9057E640-6DF9-4ABE-BD3F-27712BA1AC1A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{909726B0-814E-4BFA-8709-86A60BCE11DB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{E1835FB9-3BD8-43F4-AA93-A78293006CE6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 5.1.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.03.2013 03:42:32 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.03.2013 13:52:11 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.03.2013 05:43:10 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.03.2013 12:01:56 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.03.2013 14:31:49 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.03.2013 05:28:57 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.03.2013 07:59:06 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f5c Startzeit:
01ce1bf3b12ad8b3 Endzeit: 0 Anwendungspfad: D:\Users\Julian\Desktop\OTL.exe Berichts-ID:
Error - 08.03.2013 09:13:20 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.03.2013 09:15:54 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ebc Startzeit:
01ce1bfeda4546fd Endzeit: 15 Anwendungspfad: D:\Users\Julian\Desktop\OTL.exe Berichts-ID:
Error - 08.03.2013 09:17:19 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 724 Startzeit:
01ce1bff32b0706d Endzeit: 3 Anwendungspfad: D:\Users\Julian\Desktop\OTL.exe Berichts-ID:
[ System Events ]
Error - 02.03.2013 17:31:25 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 03.03.2013 10:47:01 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 04.03.2013 13:25:07 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 05.03.2013 03:40:58 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 05.03.2013 13:50:40 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 06.03.2013 05:41:27 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 06.03.2013 12:00:09 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 07.03.2013 14:30:08 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 08.03.2013 05:27:10 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 08.03.2013 09:11:43 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 14:43:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EAVS-00D7B1 rev.01.01A01 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxdiqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
|
|
08.03.2013, 16:34
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen7 Hallo und
__________________ Zitat:
Sagt dir GraphicsCapture bzw injectHelper etwas? 
__________________ |
|
08.03.2013, 16:59
| #3 | |
| | TR/Crypt.XPACK.Gen7Zitat:
Vielen Dank für deine schnelle Antwort! Geändert von Julian84 (08.03.2013 um 17:13 Uhr) Grund: Ergänzung |
|
08.03.2013, 17:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen7 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2013, 17:42
| #5 |
| | TR/Crypt.XPACK.Gen7 Okay, dann werde ich deine Anleitung heute Abend durch arbeiten. Eine Frage noch, muss ich vor den Scanns die Internetverbindung trennen oder AntiVir ausschalten? |
|
08.03.2013, 19:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen7 Die Internetverbindung muss aktiv sein, da die Tools neue Signaturen runterladen
__________________ --> TR/Crypt.XPACK.Gen7 |
|
08.03.2013, 19:49
| #7 |
| | TR/Crypt.XPACK.Gen7 Hier die Logs: MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.08.15
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: JULIAN-PC [administrator]
08.03.2013 19:27:43
mbar-log-2013-03-08 (19-27-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29229
Time elapsed: 6 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 19:30:38
-----------------------------
19:30:38.161 OS Version: Windows x64 6.1.7601 Service Pack 1
19:30:38.161 Number of processors: 4 586 0x170A
19:30:38.161 ComputerName: JULIAN-PC UserName: Admin
19:30:39.895 Initialize success
19:33:33.141 AVAST engine defs: 13030800
19:34:23.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
19:34:23.492 Disk 0 Vendor: WDC_WD10EAVS-00D7B1 01.01A01 Size: 953869MB BusType: 3
19:34:23.492 Disk 0 MBR read successfully
19:34:23.492 Disk 0 MBR scan
19:34:23.492 Disk 0 Windows 7 default MBR code
19:34:23.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:34:23.507 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 482114 MB offset 206848
19:34:23.539 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 471652 MB offset 987576320
19:34:23.554 Disk 0 scanning C:\Windows\system32\drivers
19:34:28.500 Service scanning
19:34:42.845 Modules scanning
19:34:42.845 Disk 0 trace - called modules:
19:34:42.861 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
19:34:42.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800786f060]
19:34:42.861 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80075aa9b0]
19:34:42.876 5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80075c5060]
19:34:44.673 AVAST engine scan C:\Windows
19:34:46.424 AVAST engine scan C:\Windows\system32
19:36:23.000 AVAST engine scan C:\Windows\system32\drivers
19:36:29.411 AVAST engine scan C:\Users\Admin
19:37:47.972 AVAST engine scan C:\ProgramData
19:37:56.894 Scan finished successfully
19:39:49.422 Disk 0 MBR has been saved successfully to "D:\Users\Admin\Desktop\MBR.dat"
19:39:49.422 The log file has been saved successfully to "D:\Users\Admin\Desktop\aswMBR.txt"
19:40:14.797 Disk 0 MBR has been saved successfully to "D:\Users\Julian\Desktop\MBR.dat"
19:40:14.797 The log file has been saved successfully to "D:\Users\Julian\Desktop\aswMBR.txt"
Code:
ATTFilter 19:43:36.0698 0656 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:43:36.0852 0656 ============================================================
19:43:36.0852 0656 Current date / time: 2013/03/08 19:43:36.0852
19:43:36.0852 0656 SystemInfo:
19:43:36.0852 0656
19:43:36.0852 0656 OS Version: 6.1.7601 ServicePack: 1.0
19:43:36.0852 0656 Product type: Workstation
19:43:36.0852 0656 ComputerName: JULIAN-PC
19:43:36.0852 0656 UserName: Admin
19:43:36.0852 0656 Windows directory: C:\Windows
19:43:36.0852 0656 System windows directory: C:\Windows
19:43:36.0852 0656 Running under WOW64
19:43:36.0852 0656 Processor architecture: Intel x64
19:43:36.0852 0656 Number of processors: 4
19:43:36.0852 0656 Page size: 0x1000
19:43:36.0852 0656 Boot type: Normal boot
19:43:36.0852 0656 ============================================================
19:43:37.0661 0656 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:37.0663 0656 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:43:38.0096 0656 ============================================================
19:43:38.0096 0656 \Device\Harddisk0\DR0:
19:43:38.0096 0656 MBR partitions:
19:43:38.0096 0656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:43:38.0096 0656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3ADA1000
19:43:38.0096 0656 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3ADD3800, BlocksNum 0x39932000
19:43:38.0096 0656 \Device\Harddisk1\DR1:
19:43:38.0106 0656 MBR partitions:
19:43:38.0106 0656 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
19:43:38.0106 0656 ============================================================
19:43:38.0128 0656 C: <-> \Device\Harddisk0\DR0\Partition2
19:43:38.0174 0656 D: <-> \Device\Harddisk0\DR0\Partition3
19:43:38.0188 0656 J: <-> \Device\Harddisk1\DR1\Partition1
19:43:38.0188 0656 ============================================================
19:43:38.0188 0656 Initialize success
19:43:38.0188 0656 ============================================================
19:43:59.0784 3440 ============================================================
19:43:59.0784 3440 Scan started
19:43:59.0784 3440 Mode: Manual; SigCheck; TDLFS;
19:43:59.0784 3440 ============================================================
19:44:00.0456 3440 ================ Scan system memory ========================
19:44:00.0456 3440 System memory - ok
19:44:00.0456 3440 ================ Scan services =============================
19:44:00.0565 3440 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:44:00.0643 3440 1394ohci - ok
19:44:00.0659 3440 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:44:00.0690 3440 ACPI - ok
19:44:00.0690 3440 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:44:00.0721 3440 AcpiPmi - ok
19:44:00.0737 3440 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:44:00.0752 3440 adp94xx - ok
19:44:00.0768 3440 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:44:00.0799 3440 adpahci - ok
19:44:00.0799 3440 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:44:00.0815 3440 adpu320 - ok
19:44:00.0846 3440 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:44:00.0877 3440 AeLookupSvc - ok
19:44:00.0909 3440 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:44:00.0956 3440 AFD - ok
19:44:00.0987 3440 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:44:01.0002 3440 agp440 - ok
19:44:01.0002 3440 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:44:01.0049 3440 ALG - ok
19:44:01.0065 3440 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:44:01.0081 3440 aliide - ok
19:44:01.0081 3440 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:44:01.0096 3440 amdide - ok
19:44:01.0112 3440 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:44:01.0143 3440 AmdK8 - ok
19:44:01.0143 3440 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:44:01.0174 3440 AmdPPM - ok
19:44:01.0190 3440 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:44:01.0221 3440 amdsata - ok
19:44:01.0221 3440 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:44:01.0237 3440 amdsbs - ok
19:44:01.0252 3440 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:44:01.0268 3440 amdxata - ok
19:44:01.0346 3440 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:44:01.0377 3440 AntiVirSchedulerService - ok
19:44:01.0409 3440 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:44:01.0440 3440 AntiVirService - ok
19:44:01.0487 3440 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:44:01.0534 3440 AppID - ok
19:44:01.0549 3440 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:44:01.0596 3440 AppIDSvc - ok
19:44:01.0627 3440 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:44:01.0674 3440 Appinfo - ok
19:44:01.0721 3440 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:01.0752 3440 Apple Mobile Device - ok
19:44:01.0768 3440 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:44:01.0784 3440 arc - ok
19:44:01.0799 3440 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:44:01.0815 3440 arcsas - ok
19:44:01.0846 3440 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
19:44:01.0862 3440 AsrAppCharger - ok
19:44:01.0877 3440 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:01.0924 3440 AsyncMac - ok
19:44:01.0924 3440 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:44:01.0940 3440 atapi - ok
19:44:01.0987 3440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:02.0065 3440 AudioEndpointBuilder - ok
19:44:02.0081 3440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:44:02.0127 3440 AudioSrv - ok
19:44:02.0143 3440 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:44:02.0159 3440 avgntflt - ok
19:44:02.0174 3440 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:44:02.0190 3440 avipbb - ok
19:44:02.0206 3440 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:44:02.0206 3440 avkmgr - ok
19:44:02.0221 3440 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:44:02.0268 3440 AxInstSV - ok
19:44:02.0299 3440 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:44:02.0331 3440 b06bdrv - ok
19:44:02.0362 3440 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:02.0409 3440 b57nd60a - ok
19:44:02.0440 3440 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:44:02.0456 3440 BDESVC - ok
19:44:02.0471 3440 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:44:02.0518 3440 Beep - ok
19:44:02.0565 3440 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:44:02.0612 3440 BFE - ok
19:44:02.0659 3440 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:44:02.0706 3440 BITS - ok
19:44:02.0721 3440 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:02.0752 3440 blbdrive - ok
19:44:02.0768 3440 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:44:02.0784 3440 bowser - ok
19:44:02.0815 3440 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:44:02.0846 3440 BrFiltLo - ok
19:44:02.0846 3440 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:44:02.0862 3440 BrFiltUp - ok
19:44:02.0877 3440 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:44:02.0893 3440 Browser - ok
19:44:02.0909 3440 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:44:02.0940 3440 Brserid - ok
19:44:02.0940 3440 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:02.0971 3440 BrSerWdm - ok
19:44:02.0971 3440 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:02.0987 3440 BrUsbMdm - ok
19:44:03.0002 3440 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:03.0018 3440 BrUsbSer - ok
19:44:03.0018 3440 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:44:03.0049 3440 BTHMODEM - ok
19:44:03.0081 3440 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:44:03.0112 3440 bthserv - ok
19:44:03.0143 3440 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:44:03.0174 3440 cdfs - ok
19:44:03.0206 3440 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:44:03.0221 3440 cdrom - ok
19:44:03.0237 3440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:44:03.0299 3440 CertPropSvc - ok
19:44:03.0299 3440 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:44:03.0331 3440 circlass - ok
19:44:03.0346 3440 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:44:03.0377 3440 CLFS - ok
19:44:03.0440 3440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:03.0456 3440 clr_optimization_v2.0.50727_32 - ok
19:44:03.0487 3440 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:03.0502 3440 clr_optimization_v2.0.50727_64 - ok
19:44:03.0549 3440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:03.0565 3440 clr_optimization_v4.0.30319_32 - ok
19:44:03.0581 3440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:03.0596 3440 clr_optimization_v4.0.30319_64 - ok
19:44:03.0627 3440 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:44:03.0659 3440 CmBatt - ok
19:44:03.0659 3440 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:44:03.0674 3440 cmdide - ok
19:44:03.0706 3440 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:44:03.0737 3440 CNG - ok
19:44:03.0752 3440 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:44:03.0752 3440 Compbatt - ok
19:44:03.0768 3440 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:44:03.0799 3440 CompositeBus - ok
19:44:03.0815 3440 COMSysApp - ok
19:44:03.0831 3440 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:44:03.0846 3440 crcdisk - ok
19:44:03.0893 3440 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:44:03.0909 3440 CryptSvc - ok
19:44:03.0940 3440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:44:03.0987 3440 DcomLaunch - ok
19:44:04.0018 3440 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:44:04.0081 3440 defragsvc - ok
19:44:04.0096 3440 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:44:04.0143 3440 DfsC - ok
19:44:04.0159 3440 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:44:04.0190 3440 Dhcp - ok
19:44:04.0206 3440 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:44:04.0252 3440 discache - ok
19:44:04.0268 3440 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:44:04.0299 3440 Disk - ok
19:44:04.0315 3440 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:44:04.0346 3440 Dnscache - ok
19:44:04.0362 3440 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:44:04.0409 3440 dot3svc - ok
19:44:04.0409 3440 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:44:04.0456 3440 DPS - ok
19:44:04.0487 3440 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:44:04.0518 3440 drmkaud - ok
19:44:04.0549 3440 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:44:04.0581 3440 DXGKrnl - ok
19:44:04.0596 3440 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:44:04.0627 3440 EapHost - ok
19:44:04.0706 3440 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:44:04.0752 3440 ebdrv - ok
19:44:04.0784 3440 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:44:04.0815 3440 EFS - ok
19:44:04.0862 3440 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:44:04.0893 3440 ehRecvr - ok
19:44:04.0909 3440 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:44:04.0924 3440 ehSched - ok
19:44:04.0971 3440 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:44:04.0987 3440 elxstor - ok
19:44:05.0002 3440 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:44:05.0018 3440 ErrDev - ok
19:44:05.0049 3440 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:44:05.0112 3440 EventSystem - ok
19:44:05.0127 3440 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:44:05.0159 3440 exfat - ok
19:44:05.0159 3440 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:44:05.0221 3440 fastfat - ok
19:44:05.0252 3440 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:44:05.0284 3440 Fax - ok
19:44:05.0284 3440 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:44:05.0315 3440 fdc - ok
19:44:05.0331 3440 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:44:05.0362 3440 fdPHost - ok
19:44:05.0377 3440 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:44:05.0424 3440 FDResPub - ok
19:44:05.0471 3440 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:44:05.0502 3440 FileInfo - ok
19:44:05.0502 3440 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:44:05.0596 3440 Filetrace - ok
19:44:05.0659 3440 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:44:05.0674 3440 flpydisk - ok
19:44:05.0706 3440 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:44:05.0721 3440 FltMgr - ok
19:44:05.0768 3440 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:44:05.0799 3440 FontCache - ok
19:44:05.0846 3440 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:05.0862 3440 FontCache3.0.0.0 - ok
19:44:05.0862 3440 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:44:05.0877 3440 FsDepends - ok
19:44:05.0893 3440 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:44:05.0909 3440 Fs_Rec - ok
19:44:05.0924 3440 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:44:05.0956 3440 fvevol - ok
19:44:05.0956 3440 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:44:05.0971 3440 gagp30kx - ok
19:44:06.0002 3440 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:06.0018 3440 GEARAspiWDM - ok
19:44:06.0049 3440 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:44:06.0096 3440 gpsvc - ok
19:44:06.0127 3440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:06.0143 3440 gupdate - ok
19:44:06.0159 3440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:06.0159 3440 gupdatem - ok
19:44:06.0190 3440 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:44:06.0206 3440 hamachi - ok
19:44:06.0284 3440 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:44:06.0331 3440 Hamachi2Svc - ok
19:44:06.0377 3440 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:44:06.0424 3440 hcw85cir - ok
19:44:06.0487 3440 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:06.0518 3440 HdAudAddService - ok
19:44:06.0534 3440 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:06.0565 3440 HDAudBus - ok
19:44:06.0565 3440 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:44:06.0581 3440 HidBatt - ok
19:44:06.0596 3440 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:44:06.0612 3440 HidBth - ok
19:44:06.0627 3440 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:44:06.0643 3440 HidIr - ok
19:44:06.0674 3440 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:44:06.0706 3440 hidserv - ok
19:44:06.0737 3440 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:44:06.0752 3440 HidUsb - ok
19:44:06.0768 3440 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:44:06.0831 3440 hkmsvc - ok
19:44:06.0831 3440 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:06.0877 3440 HomeGroupListener - ok
19:44:06.0893 3440 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:06.0924 3440 HomeGroupProvider - ok
19:44:06.0940 3440 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:44:06.0956 3440 HpSAMD - ok
19:44:06.0971 3440 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:44:07.0034 3440 HTTP - ok
19:44:07.0034 3440 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:44:07.0049 3440 hwpolicy - ok
19:44:07.0081 3440 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:44:07.0112 3440 i8042prt - ok
19:44:07.0143 3440 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:44:07.0159 3440 iaStorV - ok
19:44:07.0206 3440 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:07.0252 3440 idsvc - ok
19:44:07.0252 3440 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:44:07.0268 3440 iirsp - ok
19:44:07.0299 3440 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:44:07.0346 3440 IKEEXT - ok
19:44:07.0346 3440 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:44:07.0362 3440 intelide - ok
19:44:07.0377 3440 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:44:07.0409 3440 intelppm - ok
19:44:07.0424 3440 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:44:07.0456 3440 IPBusEnum - ok
19:44:07.0471 3440 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:07.0518 3440 IpFilterDriver - ok
19:44:07.0534 3440 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:44:07.0565 3440 iphlpsvc - ok
19:44:07.0581 3440 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:44:07.0596 3440 IPMIDRV - ok
19:44:07.0596 3440 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:44:07.0643 3440 IPNAT - ok
19:44:07.0721 3440 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:44:07.0737 3440 iPod Service - ok
19:44:07.0768 3440 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:44:07.0799 3440 IRENUM - ok
19:44:07.0815 3440 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:44:07.0831 3440 isapnp - ok
19:44:07.0831 3440 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:44:07.0862 3440 iScsiPrt - ok
19:44:07.0862 3440 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:07.0877 3440 kbdclass - ok
19:44:07.0893 3440 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:07.0924 3440 kbdhid - ok
19:44:07.0940 3440 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:44:07.0940 3440 KeyIso - ok
19:44:07.0956 3440 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:44:07.0987 3440 KSecDD - ok
19:44:08.0002 3440 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:44:08.0018 3440 KSecPkg - ok
19:44:08.0034 3440 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:44:08.0081 3440 ksthunk - ok
19:44:08.0096 3440 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:44:08.0143 3440 KtmRm - ok
19:44:08.0190 3440 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:44:08.0190 3440 L1C - ok
19:44:08.0221 3440 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:44:08.0284 3440 LanmanServer - ok
19:44:08.0315 3440 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:08.0362 3440 LanmanWorkstation - ok
19:44:08.0393 3440 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:44:08.0409 3440 LGBusEnum - ok
19:44:08.0424 3440 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:44:08.0424 3440 LGVirHid - ok
19:44:08.0471 3440 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:44:08.0518 3440 lltdio - ok
19:44:08.0534 3440 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:44:08.0581 3440 lltdsvc - ok
19:44:08.0596 3440 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:44:08.0643 3440 lmhosts - ok
19:44:08.0659 3440 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:44:08.0674 3440 LSI_FC - ok
19:44:08.0674 3440 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:44:08.0690 3440 LSI_SAS - ok
19:44:08.0690 3440 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:44:08.0706 3440 LSI_SAS2 - ok
19:44:08.0721 3440 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:44:08.0737 3440 LSI_SCSI - ok
19:44:08.0752 3440 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:44:08.0799 3440 luafv - ok
19:44:08.0815 3440 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:44:08.0846 3440 Mcx2Svc - ok
19:44:08.0846 3440 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:44:08.0862 3440 megasas - ok
19:44:08.0862 3440 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:44:08.0893 3440 MegaSR - ok
19:44:08.0909 3440 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:44:08.0956 3440 MMCSS - ok
19:44:08.0956 3440 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:44:09.0002 3440 Modem - ok
19:44:09.0018 3440 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:44:09.0049 3440 monitor - ok
19:44:09.0049 3440 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:44:09.0065 3440 mouclass - ok
19:44:09.0081 3440 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:44:09.0112 3440 mouhid - ok
19:44:09.0127 3440 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:44:09.0143 3440 mountmgr - ok
19:44:09.0143 3440 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:44:09.0159 3440 mpio - ok
19:44:09.0174 3440 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:44:09.0206 3440 mpsdrv - ok
19:44:09.0237 3440 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:44:09.0268 3440 MpsSvc - ok
19:44:09.0299 3440 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:44:09.0315 3440 MRxDAV - ok
19:44:09.0346 3440 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:09.0377 3440 mrxsmb - ok
19:44:09.0393 3440 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:09.0409 3440 mrxsmb10 - ok
19:44:09.0424 3440 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:09.0440 3440 mrxsmb20 - ok
19:44:09.0440 3440 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:44:09.0456 3440 msahci - ok
19:44:09.0471 3440 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:44:09.0487 3440 msdsm - ok
19:44:09.0502 3440 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:44:09.0518 3440 MSDTC - ok
19:44:09.0534 3440 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:44:09.0581 3440 Msfs - ok
19:44:09.0581 3440 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:44:09.0627 3440 mshidkmdf - ok
19:44:09.0627 3440 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:44:09.0643 3440 msisadrv - ok
19:44:09.0659 3440 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:44:09.0706 3440 MSiSCSI - ok
19:44:09.0706 3440 msiserver - ok
19:44:09.0721 3440 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:44:09.0784 3440 MSKSSRV - ok
19:44:09.0784 3440 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:09.0815 3440 MSPCLOCK - ok
19:44:09.0831 3440 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:44:09.0862 3440 MSPQM - ok
19:44:09.0877 3440 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:44:09.0893 3440 MsRPC - ok
19:44:09.0909 3440 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:09.0924 3440 mssmbios - ok
19:44:09.0924 3440 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:44:09.0971 3440 MSTEE - ok
19:44:09.0987 3440 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:44:10.0002 3440 MTConfig - ok
19:44:10.0002 3440 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:44:10.0018 3440 Mup - ok
19:44:10.0049 3440 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:44:10.0096 3440 napagent - ok
19:44:10.0127 3440 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:44:10.0159 3440 NativeWifiP - ok
19:44:10.0206 3440 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:44:10.0237 3440 NDIS - ok
19:44:10.0252 3440 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:10.0284 3440 NdisCap - ok
19:44:10.0315 3440 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:10.0346 3440 NdisTapi - ok
19:44:10.0346 3440 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:10.0393 3440 Ndisuio - ok
19:44:10.0393 3440 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:10.0440 3440 NdisWan - ok
19:44:10.0440 3440 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:44:10.0471 3440 NDProxy - ok
19:44:10.0471 3440 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:44:10.0518 3440 NetBIOS - ok
19:44:10.0534 3440 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:44:10.0565 3440 NetBT - ok
19:44:10.0581 3440 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:44:10.0596 3440 Netlogon - ok
19:44:10.0627 3440 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:44:10.0674 3440 Netman - ok
19:44:10.0722 3440 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:44:10.0800 3440 netprofm - ok
19:44:10.0847 3440 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:10.0863 3440 NetTcpPortSharing - ok
19:44:10.0894 3440 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:44:10.0910 3440 nfrd960 - ok
19:44:10.0925 3440 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:44:10.0957 3440 NlaSvc - ok
19:44:11.0019 3440 [ D36107465E716CF2335A25C54B6D11C2 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
19:44:11.0050 3440 NMIndexingService - ok
19:44:11.0066 3440 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:44:11.0113 3440 Npfs - ok
19:44:11.0128 3440 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:44:11.0175 3440 nsi - ok
19:44:11.0191 3440 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:44:11.0238 3440 nsiproxy - ok
19:44:11.0285 3440 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:44:11.0316 3440 Ntfs - ok
19:44:11.0332 3440 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:44:11.0363 3440 Null - ok
19:44:11.0582 3440 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:11.0753 3440 nvlddmkm - ok
19:44:11.0785 3440 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:44:11.0800 3440 nvraid - ok
19:44:11.0832 3440 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:44:11.0847 3440 nvstor - ok
19:44:11.0894 3440 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:44:11.0925 3440 nvsvc - ok
19:44:11.0957 3440 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:12.0003 3440 nvUpdatusService - ok
19:44:12.0003 3440 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:44:12.0019 3440 nv_agp - ok
19:44:12.0050 3440 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:44:12.0066 3440 ohci1394 - ok
19:44:12.0097 3440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:44:12.0128 3440 p2pimsvc - ok
19:44:12.0144 3440 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:44:12.0175 3440 p2psvc - ok
19:44:12.0191 3440 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:44:12.0207 3440 Parport - ok
19:44:12.0222 3440 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:44:12.0238 3440 partmgr - ok
19:44:12.0253 3440 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:44:12.0300 3440 PcaSvc - ok
19:44:12.0300 3440 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:44:12.0316 3440 pci - ok
19:44:12.0332 3440 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:44:12.0332 3440 pciide - ok
19:44:12.0347 3440 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:44:12.0378 3440 pcmcia - ok
19:44:12.0378 3440 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:44:12.0394 3440 pcw - ok
19:44:12.0410 3440 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:44:12.0472 3440 PEAUTH - ok
19:44:12.0519 3440 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:44:12.0550 3440 PerfHost - ok
19:44:12.0597 3440 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:44:12.0644 3440 pla - ok
19:44:12.0691 3440 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:44:12.0738 3440 PlugPlay - ok
19:44:12.0753 3440 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:44:12.0785 3440 PNRPAutoReg - ok
19:44:12.0800 3440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:44:12.0816 3440 PNRPsvc - ok
19:44:12.0832 3440 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:44:12.0878 3440 PolicyAgent - ok
19:44:12.0910 3440 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:44:12.0957 3440 Power - ok
19:44:13.0003 3440 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:44:13.0050 3440 PptpMiniport - ok
19:44:13.0066 3440 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:44:13.0097 3440 Processor - ok
19:44:13.0128 3440 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:44:13.0160 3440 ProfSvc - ok
19:44:13.0160 3440 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:13.0175 3440 ProtectedStorage - ok
19:44:13.0222 3440 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:44:13.0269 3440 Psched - ok
19:44:13.0300 3440 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:44:13.0332 3440 ql2300 - ok
19:44:13.0347 3440 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:44:13.0363 3440 ql40xx - ok
19:44:13.0394 3440 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:44:13.0410 3440 QWAVE - ok
19:44:13.0425 3440 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:44:13.0441 3440 QWAVEdrv - ok
19:44:13.0457 3440 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:44:13.0488 3440 RasAcd - ok
19:44:13.0519 3440 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:13.0550 3440 RasAgileVpn - ok
19:44:13.0566 3440 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:44:13.0628 3440 RasAuto - ok
19:44:13.0660 3440 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:13.0707 3440 Rasl2tp - ok
19:44:13.0722 3440 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:44:13.0769 3440 RasMan - ok
19:44:13.0769 3440 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:13.0832 3440 RasPppoe - ok
19:44:13.0832 3440 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:44:13.0863 3440 RasSstp - ok
19:44:13.0878 3440 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:44:13.0925 3440 rdbss - ok
19:44:13.0925 3440 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:44:13.0957 3440 rdpbus - ok
19:44:13.0957 3440 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:13.0988 3440 RDPCDD - ok
19:44:14.0003 3440 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:44:14.0035 3440 RDPENCDD - ok
19:44:14.0050 3440 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:44:14.0082 3440 RDPREFMP - ok
19:44:14.0113 3440 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:44:14.0128 3440 RdpVideoMiniport - ok
19:44:14.0160 3440 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:44:14.0191 3440 RDPWD - ok
19:44:14.0207 3440 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:44:14.0222 3440 rdyboost - ok
19:44:14.0238 3440 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:44:14.0285 3440 RemoteAccess - ok
19:44:14.0316 3440 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:44:14.0363 3440 RemoteRegistry - ok
19:44:14.0394 3440 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:44:14.0425 3440 RpcEptMapper - ok
19:44:14.0441 3440 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:44:14.0457 3440 RpcLocator - ok
19:44:14.0488 3440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:44:14.0519 3440 RpcSs - ok
19:44:14.0550 3440 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:44:14.0582 3440 rspndr - ok
19:44:14.0628 3440 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:44:14.0644 3440 RTL8167 - ok
19:44:14.0660 3440 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:44:14.0660 3440 SamSs - ok
19:44:14.0675 3440 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:44:14.0691 3440 sbp2port - ok
19:44:14.0707 3440 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:44:14.0753 3440 SCardSvr - ok
19:44:14.0753 3440 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:44:14.0785 3440 scfilter - ok
19:44:14.0816 3440 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:44:14.0894 3440 Schedule - ok
19:44:14.0910 3440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:44:14.0941 3440 SCPolicySvc - ok
19:44:14.0957 3440 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:44:14.0972 3440 SDRSVC - ok
19:44:14.0988 3440 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:44:15.0019 3440 secdrv - ok
19:44:15.0035 3440 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:44:15.0066 3440 seclogon - ok
19:44:15.0082 3440 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:44:15.0128 3440 SENS - ok
19:44:15.0144 3440 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:44:15.0160 3440 SensrSvc - ok
19:44:15.0175 3440 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:44:15.0207 3440 Serenum - ok
19:44:15.0238 3440 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:44:15.0253 3440 Serial - ok
19:44:15.0269 3440 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:44:15.0300 3440 sermouse - ok
19:44:15.0332 3440 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:44:15.0378 3440 SessionEnv - ok
19:44:15.0378 3440 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:44:15.0410 3440 sffdisk - ok
19:44:15.0410 3440 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:44:15.0425 3440 sffp_mmc - ok
19:44:15.0425 3440 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:44:15.0457 3440 sffp_sd - ok
19:44:15.0457 3440 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:44:15.0488 3440 sfloppy - ok
19:44:15.0503 3440 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:44:15.0550 3440 SharedAccess - ok
19:44:15.0597 3440 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:15.0644 3440 ShellHWDetection - ok
19:44:15.0660 3440 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:44:15.0675 3440 SiSRaid2 - ok
19:44:15.0691 3440 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:44:15.0707 3440 SiSRaid4 - ok
19:44:15.0722 3440 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:15.0785 3440 SkypeUpdate - ok
19:44:15.0800 3440 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:44:15.0847 3440 Smb - ok
19:44:15.0863 3440 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:44:15.0894 3440 SNMPTRAP - ok
19:44:15.0894 3440 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:44:15.0910 3440 spldr - ok
19:44:15.0925 3440 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:44:15.0957 3440 Spooler - ok
19:44:16.0019 3440 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:44:16.0113 3440 sppsvc - ok
19:44:16.0113 3440 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:44:16.0160 3440 sppuinotify - ok
19:44:16.0175 3440 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:44:16.0207 3440 srv - ok
19:44:16.0222 3440 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:44:16.0253 3440 srv2 - ok
19:44:16.0269 3440 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:44:16.0285 3440 srvnet - ok
19:44:16.0300 3440 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:44:16.0332 3440 SSDPSRV - ok
19:44:16.0347 3440 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:44:16.0394 3440 SstpSvc - ok
19:44:16.0425 3440 [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:44:16.0457 3440 Stereo Service - ok
19:44:16.0472 3440 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:44:16.0488 3440 stexstor - ok
19:44:16.0519 3440 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:44:16.0566 3440 stisvc - ok
19:44:16.0582 3440 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:44:16.0597 3440 swenum - ok
19:44:16.0613 3440 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:44:16.0644 3440 swprv - ok
19:44:16.0691 3440 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:44:16.0738 3440 SysMain - ok
19:44:16.0753 3440 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:16.0785 3440 TabletInputService - ok
19:44:16.0800 3440 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:44:16.0863 3440 TapiSrv - ok
19:44:16.0863 3440 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:44:16.0910 3440 TBS - ok
19:44:16.0957 3440 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:44:17.0003 3440 Tcpip - ok
19:44:17.0066 3440 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:44:17.0097 3440 TCPIP6 - ok
19:44:17.0128 3440 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:44:17.0128 3440 tcpipreg - ok
19:44:17.0160 3440 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:44:17.0175 3440 TDPIPE - ok
19:44:17.0191 3440 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:44:17.0222 3440 TDTCP - ok
19:44:17.0253 3440 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:44:17.0300 3440 tdx - ok
19:44:17.0300 3440 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:44:17.0316 3440 TermDD - ok
19:44:17.0363 3440 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:44:17.0394 3440 TermService - ok
19:44:17.0410 3440 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:44:17.0441 3440 Themes - ok
19:44:17.0457 3440 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:44:17.0488 3440 THREADORDER - ok
19:44:17.0503 3440 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:44:17.0550 3440 TrkWks - ok
19:44:17.0582 3440 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:17.0613 3440 TrustedInstaller - ok
19:44:17.0628 3440 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:17.0660 3440 tssecsrv - ok
19:44:17.0707 3440 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:44:17.0722 3440 TsUsbFlt - ok
19:44:17.0753 3440 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:44:17.0769 3440 TsUsbGD - ok
19:44:17.0816 3440 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:44:17.0863 3440 tunnel - ok
19:44:17.0863 3440 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:44:17.0878 3440 uagp35 - ok
19:44:17.0894 3440 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:44:17.0941 3440 udfs - ok
19:44:17.0957 3440 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:44:17.0988 3440 UI0Detect - ok
19:44:18.0003 3440 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:44:18.0019 3440 uliagpkx - ok
19:44:18.0035 3440 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:44:18.0066 3440 umbus - ok
19:44:18.0066 3440 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:44:18.0082 3440 UmPass - ok
19:44:18.0097 3440 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:44:18.0160 3440 upnphost - ok
19:44:18.0175 3440 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:44:18.0191 3440 USBAAPL64 - ok
19:44:18.0207 3440 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:18.0222 3440 usbccgp - ok
19:44:18.0238 3440 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:44:18.0269 3440 usbcir - ok
19:44:18.0269 3440 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:44:18.0300 3440 usbehci - ok
19:44:18.0332 3440 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:44:18.0347 3440 usbhub - ok
19:44:18.0378 3440 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:44:18.0410 3440 usbohci - ok
19:44:18.0441 3440 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:44:18.0472 3440 usbprint - ok
19:44:18.0488 3440 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:18.0519 3440 USBSTOR - ok
19:44:18.0535 3440 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:44:18.0566 3440 usbuhci - ok
19:44:18.0597 3440 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:44:18.0644 3440 UxSms - ok
19:44:18.0691 3440 [ 5581BB749DDE273F92A1E4A4D6CDF15A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
19:44:18.0707 3440 UxTuneUp - ok
19:44:18.0722 3440 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:44:18.0739 3440 VaultSvc - ok
19:44:18.0754 3440 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:44:18.0770 3440 vdrvroot - ok
19:44:18.0801 3440 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:44:18.0848 3440 vds - ok
19:44:18.0864 3440 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:18.0879 3440 vga - ok
19:44:18.0879 3440 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:44:18.0926 3440 VgaSave - ok
19:44:18.0926 3440 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:44:18.0942 3440 vhdmp - ok
19:44:19.0020 3440 [ D928C90CC759499E916B8FB5B8F32DDC ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:44:19.0067 3440 VIAHdAudAddService - ok
19:44:19.0067 3440 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:44:19.0083 3440 viaide - ok
19:44:19.0114 3440 [ 224153C26FABE55CD6D751BFDF94FD3B ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:44:19.0129 3440 VIAKaraokeService - ok
19:44:19.0129 3440 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:44:19.0145 3440 volmgr - ok
19:44:19.0161 3440 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:44:19.0176 3440 volmgrx - ok
19:44:19.0192 3440 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:44:19.0223 3440 volsnap - ok
19:44:19.0223 3440 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:44:19.0239 3440 vsmraid - ok
19:44:19.0301 3440 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:44:19.0348 3440 VSS - ok
19:44:19.0364 3440 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:44:19.0379 3440 vwifibus - ok
19:44:19.0395 3440 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:44:19.0426 3440 W32Time - ok
19:44:19.0442 3440 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:44:19.0458 3440 WacomPen - ok
19:44:19.0489 3440 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:44:19.0520 3440 WANARP - ok
19:44:19.0536 3440 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:44:19.0567 3440 Wanarpv6 - ok
19:44:19.0598 3440 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:44:19.0645 3440 wbengine - ok
19:44:19.0645 3440 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:44:19.0676 3440 WbioSrvc - ok
19:44:19.0676 3440 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:44:19.0708 3440 wcncsvc - ok
19:44:19.0723 3440 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:19.0754 3440 WcsPlugInService - ok
19:44:19.0786 3440 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:44:19.0801 3440 Wd - ok
19:44:19.0833 3440 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:44:19.0864 3440 Wdf01000 - ok
19:44:19.0879 3440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:44:19.0911 3440 WdiServiceHost - ok
19:44:19.0926 3440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:44:19.0942 3440 WdiSystemHost - ok
19:44:19.0958 3440 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:44:19.0989 3440 WebClient - ok
19:44:20.0004 3440 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:44:20.0051 3440 Wecsvc - ok
19:44:20.0067 3440 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:44:20.0098 3440 wercplsupport - ok
19:44:20.0114 3440 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:44:20.0145 3440 WerSvc - ok
19:44:20.0176 3440 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:20.0208 3440 WfpLwf - ok
19:44:20.0223 3440 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:44:20.0239 3440 WIMMount - ok
19:44:20.0254 3440 WinDefend - ok
19:44:20.0254 3440 WinHttpAutoProxySvc - ok
19:44:20.0286 3440 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:44:20.0333 3440 Winmgmt - ok
19:44:20.0364 3440 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:44:20.0426 3440 WinRM - ok
19:44:20.0458 3440 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:44:20.0489 3440 WinUsb - ok
19:44:20.0520 3440 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:44:20.0567 3440 Wlansvc - ok
19:44:20.0583 3440 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:44:20.0598 3440 WmiAcpi - ok
19:44:20.0614 3440 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:44:20.0645 3440 wmiApSrv - ok
19:44:20.0676 3440 WMPNetworkSvc - ok
19:44:20.0692 3440 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:44:20.0708 3440 WPCSvc - ok
19:44:20.0723 3440 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:44:20.0754 3440 WPDBusEnum - ok
19:44:20.0754 3440 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:44:20.0786 3440 ws2ifsl - ok
19:44:20.0801 3440 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:44:20.0833 3440 wscsvc - ok
19:44:20.0833 3440 WSearch - ok
19:44:21.0051 3440 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:44:21.0098 3440 wuauserv - ok
19:44:21.0129 3440 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:44:21.0161 3440 WudfPf - ok
19:44:21.0176 3440 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:21.0192 3440 WUDFRd - ok
19:44:21.0223 3440 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:44:21.0254 3440 wudfsvc - ok
19:44:21.0286 3440 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:44:21.0301 3440 WwanSvc - ok
19:44:21.0317 3440 ================ Scan global ===============================
19:44:21.0348 3440 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:44:21.0379 3440 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:44:21.0395 3440 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:44:21.0426 3440 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:44:21.0458 3440 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:44:21.0473 3440 [Global] - ok
19:44:21.0473 3440 ================ Scan MBR ==================================
19:44:21.0473 3440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:21.0692 3440 \Device\Harddisk0\DR0 - ok
19:44:21.0692 3440 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
19:44:22.0162 3440 \Device\Harddisk1\DR1 - ok
19:44:22.0162 3440 ================ Scan VBR ==================================
19:44:22.0177 3440 [ A15F5002CA054FDC255985D86943CF91 ] \Device\Harddisk0\DR0\Partition1
19:44:22.0177 3440 \Device\Harddisk0\DR0\Partition1 - ok
19:44:22.0193 3440 [ 578B41B9C84F60E4868653FBC053BC3D ] \Device\Harddisk0\DR0\Partition2
19:44:22.0193 3440 \Device\Harddisk0\DR0\Partition2 - ok
19:44:22.0208 3440 [ 78B84C45337F783090936E8DBFB7123B ] \Device\Harddisk0\DR0\Partition3
19:44:22.0224 3440 \Device\Harddisk0\DR0\Partition3 - ok
19:44:22.0240 3440 [ F5B413385A59F7FBD6E903DE45EDD3D3 ] \Device\Harddisk1\DR1\Partition1
19:44:22.0240 3440 \Device\Harddisk1\DR1\Partition1 - ok
19:44:22.0240 3440 ============================================================
19:44:22.0240 3440 Scan finished
19:44:22.0240 3440 ============================================================
19:44:22.0255 3808 Detected object count: 0
19:44:22.0255 3808 Actual detected object count: 0
19:44:42.0781 3428 Deinitialize success
|
|
08.03.2013, 19:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen7 Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 20:11
| #9 |
| | TR/Crypt.XPACK.Gen7 AntiVir hat beim Start des Scans gemeckert, dass es irgendwas mit der Registry blockiert hat. Hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 13-03-07.03 - Admin 08.03.2013 20:02:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6330 [GMT 1:00]
ausgeführt von:: d:\users\Julian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-08 bis 2013-03-08 ))))))))))))))))))))))))))))))
.
.
2013-03-08 19:06 . 2013-03-08 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 09:37 . 2013-03-08 09:37 -------- d-----w- c:\programdata\boost_interprocess
2013-03-05 07:48 . 2013-03-05 07:48 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-05 07:48 . 2013-03-05 07:48 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-05 07:48 . 2013-03-05 07:48 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-05 07:48 . 2013-03-05 07:48 188320 ----a-w- c:\windows\system32\java.exe
2013-03-05 07:48 . 2013-03-05 07:48 -------- d-----w- c:\program files\Java
2013-03-02 21:31 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-03-02 21:31 . 2013-03-02 21:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-03-01 13:28 . 2013-03-01 13:28 -------- d-----w- c:\programdata\Malwarebytes
2013-02-27 09:25 . 2013-02-27 09:54 -------- d-----w- c:\users\Julian
2013-02-25 19:23 . 2013-02-25 19:23 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-25 15:52 . 2013-02-25 15:53 -------- d-----w- c:\program files (x86)\Common Files\Nero
2013-02-25 15:52 . 2013-02-25 15:52 -------- d-----w- c:\programdata\Nero
2013-02-25 15:52 . 2013-02-25 15:52 -------- d-----w- c:\program files (x86)\Nero
2013-02-24 20:15 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-24 20:15 . 2013-02-24 20:15 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 20:15 . 2013-02-24 20:15 -------- d-----w- c:\program files\iTunes
2013-02-24 20:15 . 2013-02-24 20:15 -------- d-----w- c:\program files (x86)\iTunes
2013-02-24 20:15 . 2013-02-24 20:15 -------- d-----w- c:\program files\iPod
2013-02-24 20:14 . 2013-02-24 20:14 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-02-24 20:14 . 2013-02-24 20:14 -------- d-----w- c:\program files\Common Files\Apple
2013-02-24 20:13 . 2013-02-24 20:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-02-24 18:45 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 18:45 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 18:17 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-02-24 18:11 . 2013-02-24 18:11 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-02-24 18:01 . 2013-02-24 18:01 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-02-24 18:01 . 2013-02-24 18:01 -------- d-----w- c:\windows\system32\wbem\en-US
2013-02-24 17:43 . 2013-02-04 21:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-24 17:38 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-02-24 17:38 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-24 17:38 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-24 17:38 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-24 17:28 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-02-24 17:13 . 2007-04-26 14:57 19976 ----a-w- c:\windows\system32\authuitu.dll
2013-02-24 17:13 . 2007-04-26 14:57 16904 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-02-24 17:13 . 2007-03-28 18:42 29704 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-02-24 17:13 . 2007-03-28 18:42 36360 ----a-w- c:\windows\system32\uxtuneup.dll
2013-02-24 17:13 . 2013-02-24 17:13 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2007
2013-02-24 17:12 . 2013-02-24 17:12 -------- d-----w- c:\programdata\TuneUp Software
2013-02-24 17:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-24 17:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-24 17:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-24 17:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-02-24 17:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-02-24 16:56 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-02-24 16:55 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2013-02-24 16:53 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-02-24 16:51 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-02-24 16:46 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-02-24 16:46 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-02-24 16:46 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-02-24 16:46 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-02-24 16:46 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-02-24 16:46 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-02-24 16:46 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2013-02-24 16:46 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-02-24 16:45 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-02-24 16:45 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-02-24 16:45 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-02-24 16:45 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-02-24 16:12 . 2013-03-02 18:18 -------- d-----w- c:\program files (x86)\Google
2013-02-24 16:10 . 2013-02-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-24 16:10 . 2013-02-24 16:10 -------- d-----r- c:\program files (x86)\Skype
2013-02-24 16:03 . 2013-02-24 20:15 -------- dc----w- c:\windows\system32\DRVSTORE
2013-02-24 16:03 . 2013-02-24 20:15 -------- d-----w- c:\programdata\Apple Computer
2013-02-24 16:00 . 2013-02-24 16:29 -------- d-----w- c:\programdata\Apple
2013-02-24 15:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-02-24 15:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-02-24 15:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-02-24 15:49 . 2013-02-24 15:48 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-24 15:49 . 2013-02-24 15:48 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-24 15:49 . 2013-02-24 15:48 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-24 15:49 . 2013-02-24 15:49 -------- d-----w- c:\programdata\Avira
2013-02-24 15:49 . 2013-02-24 15:49 -------- d-----w- c:\program files (x86)\Avira
2013-02-24 15:45 . 2013-03-05 07:48 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-24 15:45 . 2013-03-05 07:48 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-24 15:44 . 2013-02-27 11:07 -------- d-----w- c:\programdata\Skype
2013-02-24 15:43 . 2013-02-24 15:43 -------- d-----w- c:\program files (x86)\WinSCP
2013-02-24 15:42 . 2013-02-24 15:42 -------- d-----w- c:\program files (x86)\Notepad++
2013-02-24 15:41 . 2013-03-04 18:06 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-02-24 15:39 . 2013-02-24 15:39 -------- d-----w- c:\programdata\LogiShrd
2013-02-24 15:39 . 2013-02-24 15:39 -------- d-----w- c:\program files\Logitech Gaming Software
2013-02-24 15:32 . 2013-02-24 15:32 -------- d-----w- c:\program files\ASRock Utility
2013-02-24 15:32 . 2010-06-11 13:37 15368 ----a-w- c:\windows\system32\drivers\AsrAppCharger.sys
2013-02-24 15:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-02-24 15:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-02-24 15:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-02-24 15:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-02-24 15:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-02-24 15:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-02-24 15:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-02-24 15:31 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-02-24 15:31 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-02-24 15:30 . 2013-02-24 15:30 -------- d-----w- c:\program files (x86)\Intel
2013-02-24 15:30 . 2009-08-26 14:04 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-02-24 15:28 . 2013-02-24 15:28 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2013-02-24 15:27 . 2013-02-24 15:28 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-02-24 15:26 . 2013-02-24 15:27 -------- d-----w- c:\program files (x86)\VIA
2013-02-24 15:26 . 2007-04-11 14:35 414632 ------w- c:\windows\difxapi.dll
2013-02-24 15:26 . 2013-02-24 15:26 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-02-24 15:26 . 2013-02-24 15:26 -------- d-----w- C:\Intel
2013-02-24 15:23 . 2013-02-24 15:23 -------- d-----w- C:\NVIDIA
2013-02-24 15:11 . 2013-02-24 15:20 -------- d-----w- c:\windows\Panther
2013-02-24 14:26 . 2010-08-24 16:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2013-02-09 17:43 . 2013-02-09 17:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 04:43 . 2013-02-24 16:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-13 12:50 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 3019376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-24 385248]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="d:\users\Julian\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-24 86752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-02-17 27760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-02-17 2153072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 07:50 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:08]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 16:12]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 16:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{448EAC2C-0FC3-449F-8DC5-6D3597F2E9D6}: NameServer = 192.168.2.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-08 20:07:47
ComboFix-quarantined-files.txt 2013-03-08 19:07
.
Vor Suchlauf: 8 Verzeichnis(se), 470.243.913.728 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 470.698.422.272 Bytes frei
.
- - End Of File - - 6801FD27F99864D7EBDEF010D19FE690
|
|
08.03.2013, 20:51
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen7 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 21:29
| #11 |
| | TR/Crypt.XPACK.Gen7 Bei der Software Junkware Removal Tool gab es ein Bug, dass ich entweder nach dem Scan den Desktop vom Benutzerkonto "Admin" hatte, oder ich ganz als Benutzer "Admin" eingeloggt war. Daraufhin habe ich den Computer neu gestartet und ich hatte meinen Desktop wieder, das Log fehlt allerdings. Hier noch die Logs von adwCleaner und OTL: adwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 08/03/2013 um 21:07:52 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - JULIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Julian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [833 octets] - [08/03/2013 21:07:52]
########## EOF - \AdwCleaner[S1].txt - [892 octets] ##########
OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.03.2013 21:13:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,48% Memory free 16,00 Gb Paging File | 14,55 Gb Available in Paging File | 90,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470,81 Gb Total Space | 438,40 Gb Free Space | 93,12% Space Free | Partition Type: NTFS Drive D: | 460,60 Gb Total Space | 450,22 Gb Free Space | 97,75% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\Julian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\..\SearchScopes\{14B63DCC-8949-4A54-B7D8-298BC8B8BD5D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 60 6B 57 CF 14 CE 01 [binary data] IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: NotScripts = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000..\RunOnce: [Report] \AdwCleaner[S1].txt File not found O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448EAC2C-0FC3-449F-8DC5-6D3597F2E9D6}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 20:56:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.08 20:56:19 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.08 20:13:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.08 20:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.08 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp [2013.03.08 20:00:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.08 20:00:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.08 20:00:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.08 20:00:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.08 20:00:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.05 08:48:29 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.05 08:48:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.05 08:48:23 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.05 08:48:23 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.05 08:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.02 22:31:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.03.02 19:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.01 14:28:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.03.01 14:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.02.27 10:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.27 10:29:34 | 000,000,000 | ---D | C] -- D:\Users\Admin\Desktop\Meine Dateien [2013.02.27 10:21:41 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 10:21:41 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 10:21:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 10:21:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 10:21:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 10:21:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 10:21:37 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 10:21:37 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 10:21:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 10:21:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 10:21:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 10:21:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 10:21:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 10:21:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 10:21:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 10:21:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 10:21:36 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 10:21:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 10:21:36 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 10:21:36 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 10:21:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 10:21:36 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 10:21:36 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 10:21:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 10:21:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 10:21:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 10:21:35 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 10:21:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 10:21:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 10:21:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 10:21:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 10:21:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 10:21:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.25 20:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\logs [2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.techniclauncher [2013.02.25 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nero [2013.02.25 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Ahead [2013.02.25 16:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.02.25 16:50:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.02.25 16:50:55 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2013.02.24 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games [2013.02.24 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps [2013.02.24 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla [2013.02.24 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.24 21:15:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.24 21:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.24 21:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.24 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.24 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer [2013.02.24 19:31:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.24 19:31:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.24 19:31:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.24 19:31:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.24 19:31:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.24 19:31:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.24 19:31:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.24 19:31:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.24 19:31:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.24 19:31:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.24 19:31:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.24 19:31:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.24 19:31:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.24 19:31:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.24 19:31:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.24 19:17:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013.02.24 19:17:12 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013.02.24 19:17:08 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013.02.24 19:17:08 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013.02.24 19:17:08 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.02.24 19:17:08 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2013.02.24 19:17:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2013.02.24 19:17:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2013.02.24 19:17:08 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2013.02.24 19:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.24 18:38:53 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.02.24 18:38:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.02.24 18:34:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.02.24 18:34:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.02.24 18:34:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.02.24 18:34:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.02.24 18:34:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.02.24 18:34:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.02.24 18:34:43 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.02.24 18:34:43 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.02.24 18:34:43 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.02.24 18:34:43 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.02.24 18:34:43 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.02.24 18:34:43 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.02.24 18:34:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.02.24 18:34:43 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.02.24 18:34:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.02.24 18:34:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.02.24 18:34:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.02.24 18:34:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.02.24 18:34:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.02.24 18:34:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.02.24 18:34:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.02.24 18:34:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.02.24 18:34:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.02.24 18:34:42 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.02.24 18:34:42 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.02.24 18:28:07 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2013.02.24 18:26:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.02.24 18:26:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.02.24 18:26:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.02.24 18:26:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.02.24 18:26:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.02.24 18:26:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.02.24 18:26:22 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013.02.24 18:26:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.02.24 18:26:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.02.24 18:26:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.02.24 18:26:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.02.24 18:26:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.02.24 18:26:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.02.24 18:26:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.02.24 18:26:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013.02.24 18:26:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.02.24 18:26:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.02.24 18:26:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.02.24 18:26:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.02.24 18:26:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.02.24 18:26:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.02.24 18:26:21 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.02.24 18:26:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.02.24 18:26:21 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.02.24 18:26:21 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.02.24 18:26:21 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.02.24 18:26:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013.02.24 18:26:21 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013.02.24 18:26:21 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.02.24 18:26:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.02.24 18:26:21 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.02.24 18:26:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013.02.24 18:26:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013.02.24 18:26:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.02.24 18:26:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013.02.24 18:26:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.02.24 18:26:21 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.02.24 18:26:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.02.24 18:26:21 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.02.24 18:26:21 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013.02.24 18:26:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.02.24 18:26:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.02.24 18:26:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013.02.24 18:26:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.02.24 18:26:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.02.24 18:26:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.02.24 18:26:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.02.24 18:26:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.02.24 18:26:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.02.24 18:26:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.02.24 18:26:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.02.24 18:26:21 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.02.24 18:26:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.02.24 18:26:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.02.24 18:26:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.02.24 18:26:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.02.24 18:26:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.02.24 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft [2013.02.24 18:13:10 | 000,019,976 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\authuitu.dll [2013.02.24 18:13:10 | 000,016,904 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\authuitu.dll [2013.02.24 18:13:09 | 000,029,704 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll [2013.02.24 18:13:08 | 000,036,360 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll [2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007 [2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2007 [2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2013.02.24 18:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.02.24 18:01:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.02.24 18:01:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.02.24 18:01:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013.02.24 18:01:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013.02.24 18:01:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.02.24 18:01:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.02.24 18:01:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.02.24 18:01:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.02.24 18:01:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.02.24 18:01:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.02.24 18:00:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.02.24 18:00:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2013.02.24 17:57:21 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.02.24 17:57:21 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.02.24 17:57:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.02.24 17:57:10 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.02.24 17:57:08 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.02.24 17:57:08 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2013.02.24 17:57:03 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.24 17:57:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.24 17:57:02 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.24 17:56:59 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2013.02.24 17:56:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2013.02.24 17:56:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2013.02.24 17:56:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2013.02.24 17:56:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2013.02.24 17:56:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2013.02.24 17:56:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2013.02.24 17:56:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2013.02.24 17:56:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2013.02.24 17:56:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2013.02.24 17:56:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2013.02.24 17:56:56 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.02.24 17:56:56 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.02.24 17:56:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2013.02.24 17:56:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.02.24 17:56:52 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.02.24 17:56:51 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.02.24 17:56:51 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.02.24 17:56:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.02.24 17:56:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.02.24 17:56:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.02.24 17:56:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.02.24 17:56:38 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.02.24 17:56:38 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.02.24 17:56:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.02.24 17:56:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.02.24 17:56:38 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.02.24 17:56:38 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.02.24 17:56:38 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.02.24 17:56:38 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.02.24 17:56:38 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.02.24 17:56:38 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.02.24 17:56:38 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.02.24 17:56:37 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.02.24 17:56:37 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.02.24 17:56:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.02.24 17:56:37 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.02.24 17:56:37 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.02.24 17:56:37 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.02.24 17:56:37 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.02.24 17:56:37 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.02.24 17:56:37 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.02.24 17:56:37 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.02.24 17:56:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.02.24 17:56:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.24 17:56:19 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.24 17:56:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.24 17:56:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.24 17:56:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.24 17:56:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.24 17:56:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.24 17:56:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.24 17:56:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.24 17:56:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.24 17:56:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.24 17:56:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.24 17:56:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.24 17:56:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.24 17:56:03 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2013.02.24 17:56:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2013.02.24 17:56:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2013.02.24 17:56:03 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2013.02.24 17:56:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2013.02.24 17:56:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2013.02.24 17:55:57 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2013.02.24 17:55:55 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013.02.24 17:55:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013.02.24 17:55:54 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013.02.24 17:55:54 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013.02.24 17:55:54 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013.02.24 17:55:54 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013.02.24 17:55:54 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013.02.24 17:55:54 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013.02.24 17:55:54 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013.02.24 17:55:54 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013.02.24 17:55:54 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013.02.24 17:55:53 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013.02.24 17:55:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2013.02.24 17:55:53 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013.02.24 17:55:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2013.02.24 17:55:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.02.24 17:55:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.02.24 17:55:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.02.24 17:55:48 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2013.02.24 17:55:48 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2013.02.24 17:55:48 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2013.02.24 17:55:48 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2013.02.24 17:55:46 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013.02.24 17:55:46 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013.02.24 17:55:43 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2013.02.24 17:55:43 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2013.02.24 17:55:40 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2013.02.24 17:55:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2013.02.24 17:55:40 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2013.02.24 17:55:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.02.24 17:55:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.02.24 17:55:28 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.02.24 17:55:28 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.02.24 17:55:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.02.24 17:55:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.02.24 17:55:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.02.24 17:55:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013.02.24 17:55:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013.02.24 17:55:25 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013.02.24 17:55:25 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.24 17:55:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.24 17:55:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.24 17:55:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.24 17:55:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.24 17:55:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.24 17:55:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.24 17:55:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.02.24 17:55:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.02.24 17:55:17 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2013.02.24 17:55:16 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2013.02.24 17:55:15 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2013.02.24 17:55:15 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2013.02.24 17:55:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2013.02.24 17:55:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2013.02.24 17:55:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2013.02.24 17:55:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2013.02.24 17:55:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.02.24 17:55:11 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2013.02.24 17:55:10 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.02.24 17:55:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.02.24 17:55:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.02.24 17:55:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.02.24 17:53:27 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013.02.24 17:53:23 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013.02.24 17:53:23 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013.02.24 17:53:23 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013.02.24 17:53:23 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013.02.24 17:53:23 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2013.02.24 17:53:23 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2013.02.24 17:53:23 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2013.02.24 17:53:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013.02.24 17:53:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013.02.24 17:53:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013.02.24 17:53:21 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013.02.24 17:53:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2013.02.24 17:53:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.02.24 17:53:19 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2013.02.24 17:53:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2013.02.24 17:53:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2013.02.24 17:53:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2013.02.24 17:53:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2013.02.24 17:53:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2013.02.24 17:53:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.02.24 17:51:29 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2013.02.24 17:51:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2013.02.24 17:51:27 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2013.02.24 17:51:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2013.02.24 17:46:13 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.02.24 17:46:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.02.24 17:46:01 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.02.24 17:45:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013.02.24 17:45:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013.02.24 17:45:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013.02.24 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client [2013.02.24 17:29:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2013.02.24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR [2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.24 17:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2013.02.24 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.24 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype [2013.02.24 17:10:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.24 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.02.24 17:05:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Dropbox [2013.02.24 17:03:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.24 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.24 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple [2013.02.24 17:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.24 16:56:45 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013.02.24 16:56:45 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013.02.24 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira [2013.02.24 16:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google [2013.02.24 16:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.24 16:49:06 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.24 16:49:06 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.24 16:49:06 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.24 16:45:54 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.24 16:45:54 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.02.24 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013.02.24 16:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.02.24 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NVIDIA [2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Logitech [2013.02.24 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech [2013.02.24 16:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.02.24 16:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.02.24 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech [2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd [2013.02.24 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.02.24 16:32:08 | 000,015,368 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys [2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.02.24 16:31:30 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.02.24 16:31:30 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.02.24 16:31:30 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013.02.24 16:31:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.02.24 16:31:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.02.24 16:31:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.02.24 16:31:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.02.24 16:31:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.02.24 16:30:33 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.02.24 16:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.02.24 16:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2013.02.24 16:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.24 16:26:59 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll [2013.02.24 16:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2013.02.24 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.24 16:26:27 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.24 16:24:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.24 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.02.24 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.02.24 16:24:42 | 006,393,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.02.24 16:24:42 | 003,472,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.02.24 16:24:42 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.02.24 16:24:42 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.02.24 16:24:42 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.02.24 16:24:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.24 16:24:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.24 16:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.02.24 16:24:05 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.24 16:24:05 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.24 16:24:05 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.24 16:24:05 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.24 16:24:05 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.24 16:24:05 | 015,275,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.02.24 16:24:05 | 015,038,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.24 16:24:05 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.24 16:24:05 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.24 16:24:05 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.24 16:24:05 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.24 16:24:05 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.24 16:24:05 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.24 16:24:05 | 002,854,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.02.24 16:24:05 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.24 16:24:05 | 002,528,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.02.24 16:24:05 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.24 16:24:05 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.24 16:24:05 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll [2013.02.24 16:24:05 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll [2013.02.24 16:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.02.24 16:23:32 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.24 16:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities [2013.02.24 16:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore [2013.02.24 16:20:22 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft [2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten [2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten [2013.02.24 16:20:22 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData [2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft [2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.24 16:20:16 | 000,000,000 | ---D | C] -- C:\Recovery [2013.02.24 16:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.24 16:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.24 16:12:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.24 16:11:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.02.24 15:27:17 | 002,153,072 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys [2013.02.24 15:27:16 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll [2013.02.24 15:27:16 | 000,866,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL [2013.02.24 15:27:16 | 000,202,864 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll [2013.02.24 15:27:16 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll [2013.02.24 15:27:16 | 000,087,152 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll [2013.02.24 15:27:16 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2013.02.24 15:27:16 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2013.02.24 15:27:16 | 000,074,240 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL [2013.02.24 15:27:16 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL [2013.02.24 15:27:16 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL [2013.02.24 15:27:16 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe [2013.02.24 15:27:15 | 000,993,392 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll [2013.02.24 15:27:15 | 000,732,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL [2013.02.24 15:27:15 | 000,553,072 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll [2013.02.24 15:27:15 | 000,248,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2013.02.24 15:27:15 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll [2013.02.24 15:26:02 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2013.02.09 18:43:52 | 000,555,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files - Modified Within 30 Days ========== [2013.03.08 21:16:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.08 21:16:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.08 21:16:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.08 21:16:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.08 21:16:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.08 21:10:52 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 21:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 21:10:35 | 2146,762,751 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 21:10:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 21:10:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 20:57:59 | 000,002,123 | ---- | M] () -- D:\Users\Admin\Desktop\Google Chrome.lnk [2013.03.08 20:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 12:52:13 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.03.05 08:48:20 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.05 08:48:19 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.03.05 08:48:19 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.03.05 08:48:19 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.05 08:48:19 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.05 08:48:19 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.25 18:47:04 | 000,001,430 | ---- | M] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk [2013.02.25 18:36:00 | 000,703,117 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar [2013.02.24 21:37:49 | 000,000,600 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd [2013.02.24 21:10:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.24 19:40:50 | 000,002,222 | ---- | M] () -- D:\Users\Admin\Desktop\Minecraft.lnk [2013.02.24 19:03:31 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.02.24 19:03:18 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.24 18:26:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.02.24 18:26:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.02.24 18:26:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.02.24 18:26:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.02.24 18:26:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.02.24 18:26:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.02.24 18:26:22 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013.02.24 18:26:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.02.24 18:26:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.02.24 18:26:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.02.24 18:26:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.02.24 18:26:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.02.24 18:26:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.02.24 18:26:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.02.24 18:26:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013.02.24 18:26:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.24 18:26:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.02.24 18:26:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.02.24 18:26:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.02.24 18:26:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.02.24 18:26:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.02.24 18:26:22 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.02.24 18:26:21 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.02.24 18:26:21 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.02.24 18:26:21 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.02.24 18:26:21 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.02.24 18:26:21 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.02.24 18:26:21 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013.02.24 18:26:21 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013.02.24 18:26:21 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.02.24 18:26:21 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.02.24 18:26:21 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.02.24 18:26:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013.02.24 18:26:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013.02.24 18:26:21 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.02.24 18:26:21 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013.02.24 18:26:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.02.24 18:26:21 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.02.24 18:26:21 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.02.24 18:26:21 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.02.24 18:26:21 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013.02.24 18:26:21 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.02.24 18:26:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.02.24 18:26:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013.02.24 18:26:21 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.02.24 18:26:21 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.02.24 18:26:21 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.02.24 18:26:21 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.02.24 18:26:21 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.02.24 18:26:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.02.24 18:26:21 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.24 18:26:21 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.02.24 18:26:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.02.24 18:26:21 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.02.24 18:26:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.02.24 18:26:21 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.02.24 18:26:21 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.02.24 18:26:21 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.02.24 18:26:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.02.24 17:07:19 | 000,001,050 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.24 16:48:22 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.24 16:48:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.24 16:48:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.02.24 16:14:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll [2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll [2013.02.10 04:25:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.10 04:25:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.02.09 18:43:52 | 000,555,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files Created - No Company Name ========== [2013.03.08 20:00:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.08 20:00:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.08 20:00:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.08 20:00:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.08 20:00:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.08 12:52:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.03.05 08:49:02 | 000,002,123 | ---- | C] () -- D:\Users\Admin\Desktop\Google Chrome.lnk [2013.02.27 10:29:47 | 000,002,222 | ---- | C] () -- D:\Users\Admin\Desktop\Minecraft.lnk [2013.02.27 10:29:47 | 000,001,430 | ---- | C] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk [2013.02.25 18:35:57 | 000,703,117 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar [2013.02.24 21:19:23 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd [2013.02.24 21:14:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.24 21:10:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.24 18:38:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.24 18:26:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.24 18:26:21 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.24 18:13:13 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.02.24 18:13:07 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007.lnk [2013.02.24 18:01:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.24 17:12:47 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.24 17:12:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.24 17:07:18 | 000,001,050 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.24 16:27:22 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk [2013.02.24 16:24:05 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.24 16:21:38 | 000,001,405 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.24 16:21:35 | 000,001,439 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.24 16:15:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.24 16:15:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.24 16:14:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.24 16:12:18 | 2146,762,751 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.03.2013 21:13:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,48% Memory free
16,00 Gb Paging File | 14,55 Gb Available in Paging File | 90,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,81 Gb Total Space | 438,40 Gb Free Space | 93,12% Space Free | Partition Type: NTFS
Drive D: | 460,60 Gb Total Space | 450,22 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{252F1E16-E5E6-4971-8A78-46FD091E1A70}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe |
"{58676EDE-E938-4B8B-BEAF-3B306A0C1C2B}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F59F5C6-C673-418E-80AB-8B0FB654A398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FD17122-0BD7-4CC6-A3B7-48101FFD1AC3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63E0170E-ACDF-46DF-976C-E3BEC5061639}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{6CB23481-F30E-4AC1-B4CC-36F091BF9DEB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{82323116-8164-4BE9-88EC-E2602B664BF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0380429-0722-4CE0-8B1E-937917EEB810}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA69FA37-F0AC-4DCD-B34B-D4F60E930A0C}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDDAF99C-CCEF-43E5-99B8-A0D4B623A326}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D57B9187-5522-4BE7-A89A-D0D8B634299D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DC3EABEA-F6B2-4C26-A4C7-7FEB66CB2A10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC615DFD-05CB-484E-BB24-7B36AB9B6691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{78834E93-0C17-412A-90AD-C808C1175487}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{78C70488-7709-4AF4-A2C5-23AC1FB07B92}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{CFB71FED-8FB6-4577-B0D6-52295FB53622}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{F1AF5481-04C9-4A47-AC1B-D624971DFEEC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{10EF208B-3A2D-4990-A4D4-44CA8967A546}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9057E640-6DF9-4ABE-BD3F-27712BA1AC1A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{909726B0-814E-4BFA-8709-86A60BCE11DB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{E1835FB9-3BD8-43F4-AA93-A78293006CE6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 5.1.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4161934161-3653760989-346012480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.03.2013 16:05:29 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.03.2013 16:12:26 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08.03.2013 16:03:44 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 08.03.2013 16:10:45 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
< End of report >
|
|
10.03.2013, 15:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen7 Das Log von JRT ist direkt auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2013, 16:37
| #13 | |
| | TR/Crypt.XPACK.Gen7Zitat:
PS. Ich habe schon vor der Eröffnung des Themas den Fund mit Verdacht auf Fehlalarm bei AntiVir eingeschickt, und es kam eine Mail dass der Fund ein Fehlalarm war und es im Nächten VDF Update gepatscht wird. Geändert von Julian84 (10.03.2013 um 16:40 Uhr) Grund: Ergänzung |
|
10.03.2013, 19:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen7 Was für ein Desktop-Bug? Bei "unseren" Tools ist es völlig normal, dass der Desktop mal verschwindet Führ JRT nochmal aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2013, 20:19
| #15 | |
| | TR/Crypt.XPACK.Gen7Zitat:
Hier das Log: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 10.03.2013 at 20:04:23,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.03.2013 at 20:10:41,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geändert von Julian84 (10.03.2013 um 20:20 Uhr) Grund: Ergänzung |
|
| Themen zu TR/Crypt.XPACK.Gen7 |
| adblock, antivir, autorun, bonjour, desktop, error, fehlalarm, firefox, helper.exe, home, homepage, install.exe, installation, launch, logfile, nvidia update, programm, prozesse, realtek, registry, rundll, scan, security, software, svchost.exe, taskhost.exe, teamspeak, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner-board, vdeck.exe, virus, windows, windows xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
