Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Facebook-Wurm winsvc.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.10.2011, 17:18   #1
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Hallo,
nun hats mich leider auch erwischt. Hab nen Wurm abbekommen. Eine Bekannte hat mir einen infizierten USB Stick gegeben und dann hat sich das Ding auch in meinem System eingenistet.

Zuerst zu meiner Bekannten. Sie hat ein "Bild" mit der Endung .JPG.src über Facebook bekommen und natürlich ausgeführt. Dieses Ding verschickt automatisch Nachrichten im Chat von Facebook mit einem Link zu eben diesem "Bild".

Gut ich hab den USB Stick eingesteckt und hab dann gemerkt, dass alle Ordner am Stick als Verknüpfungen angezeigt wurden. Sobald ein Ordner auf den Stick kopiert wird, erscheint eine Verknüpfung mit dem Namen dieses Ordners und der Ordner selbst wird versteckt. Hab dann gemerkt, dass eine Datei im Verzeichnis "C:\User\Name\M-55-23...\winsvc.exe", versuchte nach außen zu kommunizieren. Habs aber mit ESET geblockt. Der Prozess winsvc.exe lies sich nicht stoppen, hab die Datei dann aber im abgesicherten Modus löschen können.
Außerdem wurde noch ein Prozess ausgeführt mit einer Zahlenkombination als Namen: 73899.exe wars glaub ich. Das Ding hab ich auch gelöscht.
Dann hab ich noch die winsvc.exe Datei aus dem Run und dem Autostart Ordner gelöscht.

Bin ich das Mistding nun los? Ein Prozess läuft noch der mir nicht ganz geheuer ist. Und zwar "srvany.exe" aus dem Verzeichnis "C:\Windows\SysWOW64\".
Hab mir die Datei aber mal angesehen, diese wurde aber in letzter Zeit weder erstellt, noch geändert.

Zu meinem System:
Windows 7 64bit
ESET SmartSecurity 64bit mit neuester Signatur

Was wurde gemacht:
-->73899.exe wurde manuell gelöscht

-->ESET Vollständiger Scan:
Prüfung: Prüfung der Systemstartdateien
Datei: Variante von Win32/AutoRun.IRCBot.HO Wurm
Name: Arbeitsspeicher
Aktion: Säubern nicht möglich


-->winsvc.exe wurde manuell gelöscht
-->Autorun Einträge wurden manuell gelöscht

-->Malwarebytes durchlaufen lassen:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7974

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18.10.2011 22:07:28
mbam-log-2011-10-18 (22-07-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 907712
Laufzeit: 2 Stunde(n), 22 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\$Recycle.Bin\s-1-5-21-3670495240-2986446667-994052142-1000\$R7B5XPF.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
         
-->Online ESET Virenscan durchlaufen lassen:
Der hat nix gefunden.

-->Temp Dateien gelöscht

-->Wiederherstellungsdateien und Schattenkopien gelöscht

Kann sich das Ding noch irgendwo verstecken? Schließlich hat der Virenscan die winsvc.exe Datei auch nicht erkannt.
Wie soll ich weiter vorgehen?

Was mir noch aufgefallen ist, es werden anscheinend irgendwelche Systemanwendungen hergenommen und verändert. Bei mir wars winsvc.exe und bei meiner Bekannten taskmgr.exe. Die waren in untypischen Verzeichnissen, liesen sich nicht stoppen und wollten nach außen kommunizieren.

Alt 19.10.2011, 20:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 19.10.2011, 20:29   #3
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Ich hab 2 log Dateien.
1.) ist die oben gepostete Datei vom Prüfvorgang
2.) ist ein protection log von gestern, wo ein paar Webseiten die ich besuchen wollte blockiert wurden.

Das ist alles.

Das System ist übrigens Up to date.
__________________

Alt 19.10.2011, 20:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.10.2011, 21:13   #5
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Danke für die schnelle Antwort:

Code:
ATTFilter
OTL logfile created on: 19.10.2011 20:36:07 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.96% Memory free
8.00 Gb Paging File | 6.32 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 11.80 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Drive D: | 407.17 Gb Total Space | 151.86 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
MOD - [2007.10.12 16:21:34 | 000,114,784 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileSDK.dll
MOD - [2007.10.12 16:20:10 | 000,098,403 | ---- | M] () -- C:\Windows\SysWOW64\Bs2Res.dll
MOD - [2007.07.30 10:32:16 | 016,326,769 | ---- | M] () -- C:\Windows\SysWOW64\BsLangInDepRes.dll
MOD - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe
MOD - [2006.12.11 18:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\AudioControlDLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.04.21 13:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2007.11.08 01:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007.04.19 14:42:34 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011.10.12 16:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.20 17:41:26 | 000,103,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.08.20 17:41:04 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.06.26 20:25:41 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.12.07 12:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- D:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- D:\Programme\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2010.03.22 10:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.18 16:12:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.11.06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- D:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009.10.20 23:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009.10.20 15:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009.10.20 15:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.10.20 15:21:20 | 000,322,096 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009.10.20 15:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.12 16:24:40 | 000,113,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2007.02.21 17:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2007.02.14 22:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007.02.14 22:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2007.02.14 22:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2007.01.29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2007.01.22 11:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.26 20:06:54 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.22 21:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 23:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.28 15:10:40 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009.12.08 18:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009.11.16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009.11.16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009.11.16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.11.16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009.10.26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009.10.20 15:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009.10.20 15:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009.10.20 15:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009.10.20 15:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009.10.20 15:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009.10.20 15:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009.10.20 15:21:04 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009.09.24 14:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.09.24 06:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009.09.15 15:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009.08.26 12:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.07.26 23:34:58 | 000,744,072 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009.06.15 11:47:00 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.15 11:47:00 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 12:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.01.08 12:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.01.19 07:36:14 | 000,036,352 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nscirda.sys -- (NSCIRDA)
DRV:64bit: - [2008.01.02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007.07.04 08:30:10 | 000,091,136 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMS7SK.sys -- (EMSCR)
DRV:64bit: - [2007.07.04 08:30:08 | 000,060,416 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESD7SK.sys -- (ESDCR)
DRV:64bit: - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007.06.20 14:49:34 | 000,053,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2007.04.19 18:50:46 | 001,494,912 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2007.03.05 21:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2007.03.05 21:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV:64bit: - [2007.03.05 21:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum)
DRV:64bit: - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV - [2011.10.12 16:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2010.01.29 12:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programme\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006.05.05 20:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\nvport.sys -- (nvport)
DRV - [2006.03.29 09:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 03 CE 7E 02 B0 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6241.3.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..network.proxy.http: "fe80::f91b:74b0:8320:8ca%11"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: D:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.01 15:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 14:47:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.07.22 17:35:17 | 000,000,000 | ---D | M]
 
[2011.03.05 19:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.02.18 01:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions
[2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\passwordbank@upek.com
[2011.10.16 11:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions
[2011.05.28 23:48:05 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011.09.08 20:48:18 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\passwordbank@upek.com
[2011.06.17 23:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.30 11:35:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.19 12:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.09 18:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 18:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.17 23:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.10.01 15:07:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.03 16:10:26 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2011.10.01 15:07:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 15:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.01 15:07:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 15:07:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 15:07:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 15:07:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.20 22:39:45 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://kfzpeissl.ath.cx/DVRemoteAx.cab (DVRemoteControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0722FEF4-EAE6-4234-BF07-756EEC7C083C}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D2AB92-139A-45DE-A3FF-767482710982}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A12DDF5-95BE-4C3C-A310-2517957949E6}: NameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell - "" = AutoRun
O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell - "" = AutoRun
O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell - "" = AutoRun
O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell - "" = AutoRun
O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: BtTray - hkey= - key= - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: Update Service - hkey= - key= - C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2B1CBF38-887E-BDC9-304A-FA3B52781B9C} - Browser Customizations
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44618CF4-17A7-34C6-372E-3707DC2BDE8C} - Themes Setup
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5479B944-5F40-6B43-80EC-8A42F7C170D9} - Internet Explorer
ActiveX:64bit: {58E0EE38-5ED9-95C1-3A99-3B2A75E10BE9} - DirectX
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {76702958-0B2F-BFF7-18BB-FC5386D670CE} - Browser Customizations
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8DB3E8F4-8D2E-921D-9445-FE2D9FBA8B73} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37646EEE-DBA0-96B3-FB70-3CDB9FDA12AC} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A5BBC7CA-1CC1-DD1B-323C-A2CD39400104} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 -  File not found
Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation)
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.19 18:33:17 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011.10.19 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011.10.19 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\SandboxieInstall
[2011.10.19 14:51:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.10.19 00:27:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe
[2011.10.18 19:26:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.10.18 19:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.18 19:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.18 19:26:33 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.18 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.18 19:25:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.17 22:46:49 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe
[2011.10.17 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.17 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.17 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD
[2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyCAD
[2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MoTeC
[2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
[2011.10.14 20:15:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations
[2011.10.13 13:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70
[2011.10.13 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sPlan 7.0
[2011.10.13 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70(Demo)
[2011.10.01 01:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera
[2011.10.01 01:04:22 | 000,249,856 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe
[2011.10.01 01:04:22 | 000,106,496 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe
[2011.10.01 01:04:22 | 000,069,632 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCWIA.dll
[2011.10.01 01:04:22 | 000,049,152 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkSSrv.dll
[2011.10.01 01:04:22 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCSrv.exe
[2011.10.01 01:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoView
[2011.10.01 01:04:20 | 006,927,744 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\drivers\StkCPipe.sys
[2011.10.01 01:04:19 | 001,494,912 | ---- | C] (Syntek) -- C:\Windows\SysNative\drivers\StkCMini.sys
[2011.10.01 00:39:45 | 000,081,920 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysWow64\StkCProp.ax
[2011.10.01 00:33:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\D-max2.0M
[2011.09.26 22:39:25 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\National Instruments
[2011.09.26 22:39:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\National Instruments
[2011.09.26 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2011.09.26 22:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2011.09.26 22:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte
[2011.09.21 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Bizarre Creations
[2008.08.14 09:21:12 | 000,086,920 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp00014172
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.19 20:35:19 | 000,001,820 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.10.19 20:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.19 19:01:46 | 000,000,664 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.19 19:01:29 | 000,000,664 | RHS- | M] () -- C:\Users\****\ntuser.pol
[2011.10.19 18:30:53 | 000,000,858 | ---- | M] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk
[2011.10.19 17:28:47 | 002,034,741 | ---- | M] () -- C:\Users\****\Desktop\SandboxieInstall.zip
[2011.10.19 16:07:16 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.19 16:07:16 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.19 16:01:05 | 000,001,038 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011.10.19 15:58:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.10.19 15:58:16 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.10.19 00:27:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe
[2011.10.18 19:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.18 19:26:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.18 19:05:25 | 000,000,374 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011.10.18 19:02:31 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2011.10.18 19:02:31 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2011.10.18 16:17:14 | 009,311,393 | ---- | M] () -- C:\Users\****\AppData\Local\census.cache
[2011.10.18 16:07:38 | 000,155,090 | ---- | M] () -- C:\Users\****\AppData\Local\ars.cache
[2011.10.17 22:46:59 | 000,000,036 | ---- | M] () -- C:\Users\****\AppData\Local\housecall.guid.cache
[2011.10.17 22:46:51 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe
[2011.10.17 21:56:43 | 002,086,240 | ---- | M] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2011.10.17 21:41:29 | 002,100,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.17 21:41:29 | 000,876,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.17 21:41:29 | 000,819,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.17 21:41:29 | 000,218,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.17 21:41:29 | 000,185,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.16 22:13:07 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn.autosave
[2011.10.16 16:49:06 | 000,009,514 | ---- | M] () -- C:\Users\****\Desktop\Modul.gif
[2011.10.15 13:09:25 | 000,000,654 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD.lnk
[2011.10.15 13:09:10 | 004,357,917 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe
[2011.10.15 12:57:50 | 000,079,872 | ---- | M] () -- C:\Users\****\Desktop\edge.TCLib
[2011.10.14 21:50:08 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn
[2011.10.14 20:16:38 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk
[2011.10.13 13:41:37 | 000,000,612 | ---- | M] () -- C:\Users\****\Desktop\sPlan 7.0.lnk
[2011.10.12 02:47:39 | 003,151,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.09 17:44:29 | 000,001,745 | ---- | M] () -- C:\Users\****\Desktop\TU-Racing.lnk
[2011.10.09 15:44:41 | 000,603,430 | ---- | M] () -- C:\Users\****\Desktop\09102011188.jpg
[2011.10.09 15:38:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011.10.09 15:37:05 | 000,000,341 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011.10.09 15:32:40 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011.10.01 01:10:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\VideoView.lnk
[2011.09.26 22:30:30 | 000,000,444 | ---- | M] () -- C:\Users\****\Desktop\multisimLicense.lic
[2011.09.26 22:28:05 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.09.26 15:00:17 | 003,414,749 | ---- | M] () -- C:\Users\****\Desktop\Hirschmann.pdf
 
========== Files Created - No Company Name ==========
 
[2011.10.19 19:01:11 | 000,000,664 | RHS- | C] () -- C:\Users\****\ntuser.pol
[2011.10.19 19:00:08 | 000,000,664 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.19 18:31:18 | 000,000,858 | ---- | C] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk
[2011.10.19 18:31:16 | 000,001,820 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.10.19 17:28:42 | 002,034,741 | ---- | C] () -- C:\Users\****\Desktop\SandboxieInstall.zip
[2011.10.18 19:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.18 19:05:25 | 000,000,374 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011.10.18 19:02:31 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011.10.18 19:02:31 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011.10.18 16:17:14 | 009,311,393 | ---- | C] () -- C:\Users\****\AppData\Local\census.cache
[2011.10.18 16:07:38 | 000,155,090 | ---- | C] () -- C:\Users\****\AppData\Local\ars.cache
[2011.10.17 22:46:59 | 000,000,036 | ---- | C] () -- C:\Users\****\AppData\Local\housecall.guid.cache
[2011.10.17 21:56:37 | 002,086,240 | ---- | C] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2011.10.16 22:03:07 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn.autosave
[2011.10.16 16:47:12 | 000,009,514 | ---- | C] () -- C:\Users\****\Desktop\Modul.gif
[2011.10.15 13:10:38 | 000,079,872 | ---- | C] () -- C:\Users\****\Desktop\edge.TCLib
[2011.10.15 13:10:38 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn
[2011.10.15 13:09:25 | 000,000,654 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD.lnk
[2011.10.15 13:09:02 | 004,357,917 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe
[2011.10.14 20:16:38 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk
[2011.10.13 13:41:37 | 000,000,612 | ---- | C] () -- C:\Users\****\Desktop\sPlan 7.0.lnk
[2011.10.13 13:40:36 | 011,173,171 | ---- | C] () -- C:\Users\****\Desktop\Abacom.Splan.v7.0.build.09.05.2011.7z
[2011.10.09 15:43:03 | 000,603,430 | ---- | C] () -- C:\Users\****\Desktop\09102011188.jpg
[2011.10.01 01:07:11 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\VideoView.lnk
[2011.10.01 01:07:10 | 000,000,093 | ---- | C] () -- C:\Windows\OEM.ini
[2011.09.26 22:30:30 | 000,000,444 | ---- | C] () -- C:\Users\****\Desktop\multisimLicense.lic
[2011.09.26 15:00:17 | 003,414,749 | ---- | C] () -- C:\Users\****\Desktop\Hirschmann.pdf
[2011.09.23 01:00:50 | 002,717,416 | ---- | C] () -- C:\Users\****\Desktop\User’s Guide DS1000E.pdf
[2011.08.20 17:41:18 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.20 17:41:04 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.15 20:24:27 | 000,000,322 | ---- | C] () -- C:\Windows\game.ini
[2011.07.22 13:44:14 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011.07.22 13:17:04 | 001,153,006 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.06.10 18:26:01 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.06.04 17:21:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.05.17 00:04:55 | 000,000,063 | ---- | C] () -- C:\Windows\SubCreator.INI
[2011.04.08 12:06:00 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.03.30 12:18:46 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.01.29 14:36:18 | 000,016,629 | ---- | C] () -- C:\Windows\LxFrame.ini
[2011.01.29 14:33:59 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2011.01.29 01:47:38 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011.01.29 01:36:35 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011.01.29 01:35:41 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.01.20 12:54:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.31 01:04:16 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.09.28 11:08:32 | 000,266,165 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.08.07 13:08:56 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt.INI
[2010.08.07 12:16:47 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt_x64.INI
[2010.08.07 10:10:37 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.07.11 19:24:46 | 000,007,607 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.07.03 17:37:25 | 000,012,800 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.21 15:59:54 | 000,000,036 | ---- | C] () -- C:\Windows\TSNPL.dat
[2010.05.21 15:59:53 | 000,001,636 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2010.05.20 11:25:46 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.06 16:47:45 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.04.20 10:00:41 | 002,082,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.18 21:23:18 | 000,537,892 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2010.02.18 21:23:18 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2010.02.18 21:17:41 | 000,186,949 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010.02.18 16:08:32 | 000,004,839 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2010.02.18 16:08:23 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010.02.18 00:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.18 00:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010.02.18 00:37:51 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010.02.18 00:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2009.11.06 11:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.11.05 11:16:36 | 000,083,525 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.06 21:40:56 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys
[2008.11.26 22:20:02 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll
[2008.11.25 18:46:38 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2008.11.25 18:43:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2008.11.25 18:42:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2008.11.15 20:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2008.04.05 19:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2008.02.13 11:15:09 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007.10.12 16:24:06 | 000,401,493 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll
[2007.10.12 16:23:46 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll
[2007.10.12 16:23:24 | 000,569,445 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll
[2007.10.12 16:23:16 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll
[2007.10.12 16:21:34 | 000,114,784 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll
[2007.10.12 16:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2007.10.12 16:20:10 | 000,098,403 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll
[2007.10.11 18:08:22 | 000,001,038 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2007.07.30 10:32:16 | 016,326,769 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll
[2007.03.19 11:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2005.09.13 05:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2004.02.13 07:49:44 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll
[2004.01.24 04:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2002.07.13 12:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\tsseCryp.dll
[2001.12.12 14:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll
[2001.12.12 14:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll
         

Mir fällt da nichts auf


Alt 19.10.2011, 21:15   #6
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Der ganze log passt leider nicht in einen Post.
Hier der Rest:
Code:
ATTFilter
========== LOP Check ==========
 
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.10.01 19:41:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.05.10 08:04:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AccurateRip
[2011.09.15 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2010.05.14 11:16:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2010.02.21 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ArcSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.10.09 19:19:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\codeblocks
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.01.05 02:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX
[2011.06.03 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Download Manager
[2011.03.06 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dvdcss
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.03.30 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HP
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.02.17 20:19:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.02.17 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2010.02.18 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.10.18 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.10.14 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MathWorks
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2010.02.21 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Player Classic
[2011.09.15 12:12:59 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.07.01 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.12.24 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NVIDIA
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.10.19 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.10.19 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.08.05 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2010.07.12 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VMware
[2010.02.18 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.26 20:21:35 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011.07.22 13:35:56 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011.07.22 13:35:56 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >
         

Alt 20.10.2011, 13:37   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 03 CE 7E 02 B0 CA 01  [binary data]
FF - prefs.js..network.proxy.http: "fe80::f91b:74b0:8320:8ca%11"
FF - prefs.js..network.proxy.http_port: 80
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell - "" = AutoRun
O33 - MountPoints2\{020b7cef-dee0-11df-829d-dc112f932315}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13213bd2-bd90-11e0-9d60-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell - "" = AutoRun
O33 - MountPoints2\{1668ccfa-1850-11e0-97aa-92541727210b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{230fd718-1c9d-11df-8126-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{61d0859e-e465-11e0-a315-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{6669460b-1c9b-11df-806f-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell - "" = AutoRun
O33 - MountPoints2\{6906b56b-e816-11df-8e9a-de4a9e711a15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{69618485-52ef-11df-9e29-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell - "" = AutoRun
O33 - MountPoints2\{98228e59-1283-11e0-b627-c921b954b300}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{9fc97314-ad6b-11e0-8349-001060ebeee1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a643b3c0-a01f-11e0-8c11-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{b36e33b2-1ccf-11df-a636-001060ebeee1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc0156f-46c0-11df-81e1-001060ebeee1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f5b-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f76-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f82-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e70f8e-113b-11e0-9e92-8f77b3da5507}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f302a-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f3048-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6f3094-e286-11df-a2e0-aae5e6cbdd71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2008.08.14 09:21:12 | 000,086,920 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp00014172
[2011.10.18 19:05:25 | 000,000,374 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011.10.18 19:02:31 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2011.10.18 19:02:31 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:FB1B13D8
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.10.2011, 14:30   #8
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Danke hab ich gemacht!

Es kam dann eine Fehlermeldung - Kritischer Fehler - Windows wird in einer Minute neu gestartet...

In der "Custom Scan/Fixes" Box stand nur mehr:
[emptytemp]
[resethosts]

Weiß also nicht ob er das noch ausführen konnte. Die 4 Dateien wurden allerdings gelöscht.
Nach dem Reboot poppte folgendes auf:
Code:
ATTFilter
Files\Folders moved on Reboot...
C:\Users\Name\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Die Datei FXSAPIDebugLogFile.txt ist leer.

Wie soll ich weiter vorgehen?

Könntest du mir bitte noch erklären was genau dein Skript gemacht hat?
Ein paar Dinge kann ich mir glaub ich selbst erklären:
Bei den ersten IE und FF Zeilen werden einfach nur die Standardeinstellungen der Browser wiederhergestellt um sicherzugehen, dass keine manipulierten html Seiten als Startseite und eventuelle Proxies eingestellt wurden um meinen Traffic mitzuloggen?
FF - prefs.js..network.proxy.http: wird hier die Localhost IPv6 Adresse eingestellt?

O4: es wird ein Autoruneintrag gelöscht bei dem das zugehörige File nicht mehr gefunden wird?

O32: Die Autorunfunktion des Laufwerks wird deaktiviert?

O33: Was machen die?

Nächsten 4 Zeilen: Es werden die infizierten Dateien gelöscht?

@Alternate Data Stream...
Wird eine LogDatei geschrieben?

emptytemp: Tempdateien werden gelöscht?

resethosts: hostdatei wird zurückgesetzt?

Wäre echt super wennst mir das beantworten könntest .

mfg

Alt 20.10.2011, 14:47   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Mach danach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.10.2011, 14:54   #10
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Habs hochgeladen, werde nun OTL durchlaufen lassen.

Alt 20.10.2011, 15:21   #11
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



So hab jetzt OTL durchlaufen lassen:

Code:
ATTFilter
OTL logfile created on: 20.10.2011 14:55:14 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.50% Memory free
8.00 Gb Paging File | 6.54 Gb Available in Paging File | 81.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 12.32 Gb Free Space | 21.07% Space Free | Partition Type: NTFS
Drive D: | 407.17 Gb Total Space | 150.08 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.10.12 16:23:36 | 000,282,710 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
MOD - [2007.10.12 16:21:34 | 000,114,784 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileSDK.dll
MOD - [2007.10.12 16:20:10 | 000,098,403 | ---- | M] () -- C:\Windows\SysWOW64\Bs2Res.dll
MOD - [2007.07.30 10:32:16 | 016,326,769 | ---- | M] () -- C:\Windows\SysWOW64\BsLangInDepRes.dll
MOD - [2007.04.03 16:08:20 | 004,558,848 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\HotKeyDriver.exe
MOD - [2006.12.11 18:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey_Driver\AudioControlDLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.04.21 13:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2007.11.08 01:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007.04.19 14:42:34 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011.10.12 16:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.20 17:41:26 | 000,103,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.08.20 17:41:04 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.26 13:04:01 | 000,008,192 | -HS- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.06.26 20:25:41 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.12.07 12:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- D:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- D:\Programme\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2010.03.22 10:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.18 16:12:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.11.06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- D:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009.10.20 23:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009.10.20 15:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009.10.20 15:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.10.20 15:21:20 | 000,322,096 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009.10.20 15:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\Programme\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.12 16:24:40 | 000,113,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2007.10.12 16:22:26 | 001,187,948 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2007.02.21 17:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2007.02.14 22:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007.02.14 22:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2007.02.14 22:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2007.01.29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- D:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2007.01.22 11:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.26 20:06:54 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.22 21:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 23:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.28 15:10:40 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009.12.08 18:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009.11.16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009.11.16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009.11.16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.11.16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009.10.26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009.10.20 15:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009.10.20 15:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009.10.20 15:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009.10.20 15:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009.10.20 15:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009.10.20 15:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009.10.20 15:21:04 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009.09.24 14:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.09.24 06:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009.09.15 15:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009.08.26 12:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.07.26 23:34:58 | 000,744,072 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009.06.15 11:47:00 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.15 11:47:00 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 12:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.01.08 12:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.01.19 07:36:14 | 000,036,352 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nscirda.sys -- (NSCIRDA)
DRV:64bit: - [2008.01.02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007.07.04 08:30:10 | 000,091,136 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMS7SK.sys -- (EMSCR)
DRV:64bit: - [2007.07.04 08:30:08 | 000,060,416 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESD7SK.sys -- (ESDCR)
DRV:64bit: - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007.06.20 14:49:34 | 000,053,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2007.04.19 18:50:46 | 001,494,912 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2007.03.05 21:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2007.03.05 21:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV:64bit: - [2007.03.05 21:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum)
DRV:64bit: - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV - [2011.10.12 16:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.02.22 22:09:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2010.01.29 12:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programme\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 21:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 21:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006.05.05 20:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\nvport.sys -- (nvport)
DRV - [2006.03.29 09:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6241.3.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: D:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.01 15:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 14:47:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.19 15:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.07.22 17:35:17 | 000,000,000 | ---D | M]
 
[2011.03.05 19:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.02.18 01:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions
[2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.05 19:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bm0rpp5w.default\extensions\passwordbank@upek.com
[2011.10.16 11:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions
[2011.05.28 23:48:05 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011.09.08 20:48:18 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\om8g6vll.default\extensions\passwordbank@upek.com
[2011.06.17 23:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.30 11:35:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.19 12:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.09 18:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 18:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.17 23:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM8G6VLL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.10.01 15:07:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.03 16:10:26 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2011.10.01 15:07:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 15:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.01 15:07:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 15:07:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 15:07:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 15:07:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.20 22:39:45 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - D:\Programme\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Programme\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://kfzpeissl.ath.cx/DVRemoteAx.cab (DVRemoteControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0722FEF4-EAE6-4234-BF07-756EEC7C083C}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D2AB92-139A-45DE-A3FF-767482710982}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A12DDF5-95BE-4C3C-A310-2517957949E6}: NameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: BtTray - hkey= - key= - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: Update Service - hkey= - key= - C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2B1CBF38-887E-BDC9-304A-FA3B52781B9C} - Browser Customizations
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44618CF4-17A7-34C6-372E-3707DC2BDE8C} - Themes Setup
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5479B944-5F40-6B43-80EC-8A42F7C170D9} - Internet Explorer
ActiveX:64bit: {58E0EE38-5ED9-95C1-3A99-3B2A75E10BE9} - DirectX
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {76702958-0B2F-BFF7-18BB-FC5386D670CE} - Browser Customizations
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8DB3E8F4-8D2E-921D-9445-FE2D9FBA8B73} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37646EEE-DBA0-96B3-FB70-3CDB9FDA12AC} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A5BBC7CA-1CC1-DD1B-323C-A2CD39400104} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 -  File not found
Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation)
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.20 14:37:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.20 14:10:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.10.19 18:33:17 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011.10.19 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011.10.19 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\SandboxieInstall
[2011.10.19 14:51:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.10.19 00:27:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe
[2011.10.18 19:26:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.10.18 19:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.18 19:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.18 19:26:33 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.18 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.18 19:25:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.17 22:46:49 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe
[2011.10.17 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.17 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.17 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD
[2011.10.15 13:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyCAD
[2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MoTeC
[2011.10.14 20:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
[2011.10.14 20:15:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations
[2011.10.13 13:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70
[2011.10.13 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sPlan 7.0
[2011.10.13 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70(Demo)
[2011.10.01 01:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera
[2011.10.01 01:04:22 | 000,249,856 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe
[2011.10.01 01:04:22 | 000,106,496 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe
[2011.10.01 01:04:22 | 000,069,632 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCWIA.dll
[2011.10.01 01:04:22 | 000,049,152 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkSSrv.dll
[2011.10.01 01:04:22 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\StkCSrv.exe
[2011.10.01 01:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoView
[2011.10.01 01:04:20 | 006,927,744 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysNative\drivers\StkCPipe.sys
[2011.10.01 01:04:19 | 001,494,912 | ---- | C] (Syntek) -- C:\Windows\SysNative\drivers\StkCMini.sys
[2011.10.01 00:39:45 | 000,081,920 | ---- | C] (Syntek America Inc.) -- C:\Windows\SysWow64\StkCProp.ax
[2011.10.01 00:33:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\D-max2.0M
[2011.09.26 22:39:25 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\National Instruments
[2011.09.26 22:39:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\National Instruments
[2011.09.26 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2011.09.26 22:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2011.09.26 22:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2011.09.26 22:30:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte
[2011.09.21 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Bizarre Creations
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.20 14:20:11 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 14:20:11 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 14:14:53 | 000,001,038 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011.10.20 14:12:39 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.10.20 14:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.20 14:12:22 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.20 00:38:13 | 000,001,820 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.10.19 19:01:46 | 000,000,664 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.19 19:01:29 | 000,000,664 | RHS- | M] () -- C:\Users\****\ntuser.pol
[2011.10.19 18:30:53 | 000,000,858 | ---- | M] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk
[2011.10.19 17:28:47 | 002,034,741 | ---- | M] () -- C:\Users\****\Desktop\SandboxieInstall.zip
[2011.10.19 14:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.10.19 00:27:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe
[2011.10.18 19:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.18 19:26:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.18 16:17:14 | 009,311,393 | ---- | M] () -- C:\Users\****\AppData\Local\census.cache
[2011.10.18 16:07:38 | 000,155,090 | ---- | M] () -- C:\Users\****\AppData\Local\ars.cache
[2011.10.17 22:46:59 | 000,000,036 | ---- | M] () -- C:\Users\****\AppData\Local\housecall.guid.cache
[2011.10.17 22:46:51 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\****\Desktop\HousecallLauncher64.exe
[2011.10.17 21:56:43 | 002,086,240 | ---- | M] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2011.10.17 21:41:29 | 002,100,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.17 21:41:29 | 000,876,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.17 21:41:29 | 000,819,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.17 21:41:29 | 000,218,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.17 21:41:29 | 000,185,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.16 22:13:07 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn.autosave
[2011.10.16 16:49:06 | 000,009,514 | ---- | M] () -- C:\Users\****\Desktop\Modul.gif
[2011.10.15 13:09:25 | 000,000,654 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD.lnk
[2011.10.15 13:09:10 | 004,357,917 | ---- | M] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe
[2011.10.15 12:57:50 | 000,079,872 | ---- | M] () -- C:\Users\****\Desktop\edge.TCLib
[2011.10.14 21:50:08 | 000,022,511 | ---- | M] () -- C:\Users\****\Desktop\Schematic.dsn
[2011.10.14 20:16:38 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk
[2011.10.13 13:41:37 | 000,000,612 | ---- | M] () -- C:\Users\****\Desktop\sPlan 7.0.lnk
[2011.10.12 02:47:39 | 003,151,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.09 15:44:41 | 000,603,430 | ---- | M] () -- C:\Users\****\Desktop\09102011188.jpg
[2011.10.09 15:38:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011.10.09 15:37:05 | 000,000,341 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011.10.09 15:32:40 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011.10.01 01:10:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\VideoView.lnk
[2011.09.26 22:28:05 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.09.26 15:00:17 | 003,414,749 | ---- | M] () -- C:\Users\****\Desktop\Hirschmann.pdf
 
========== Files Created - No Company Name ==========
 
[2011.10.19 19:01:11 | 000,000,664 | RHS- | C] () -- C:\Users\****\ntuser.pol
[2011.10.19 19:00:08 | 000,000,664 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.19 18:31:18 | 000,000,858 | ---- | C] () -- C:\Users\****\Desktop\Sandboxed Web Browser.lnk
[2011.10.19 18:31:16 | 000,001,820 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.10.19 17:28:42 | 002,034,741 | ---- | C] () -- C:\Users\****\Desktop\SandboxieInstall.zip
[2011.10.18 19:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.18 16:17:14 | 009,311,393 | ---- | C] () -- C:\Users\****\AppData\Local\census.cache
[2011.10.18 16:07:38 | 000,155,090 | ---- | C] () -- C:\Users\****\AppData\Local\ars.cache
[2011.10.17 22:46:59 | 000,000,036 | ---- | C] () -- C:\Users\****\AppData\Local\housecall.guid.cache
[2011.10.17 21:56:37 | 002,086,240 | ---- | C] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2011.10.16 22:03:07 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn.autosave
[2011.10.16 16:47:12 | 000,009,514 | ---- | C] () -- C:\Users\****\Desktop\Modul.gif
[2011.10.15 13:10:38 | 000,079,872 | ---- | C] () -- C:\Users\****\Desktop\edge.TCLib
[2011.10.15 13:10:38 | 000,022,511 | ---- | C] () -- C:\Users\****\Desktop\Schematic.dsn
[2011.10.15 13:09:25 | 000,000,654 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD.lnk
[2011.10.15 13:09:02 | 004,357,917 | ---- | C] () -- C:\Users\****\Desktop\TinyCAD_2.80.03.514_Production_Setup.exe
[2011.10.14 20:16:38 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\MoTeC PDM Manager.lnk
[2011.10.13 13:41:37 | 000,000,612 | ---- | C] () -- C:\Users\****\Desktop\sPlan 7.0.lnk
[2011.10.13 13:40:36 | 011,173,171 | ---- | C] () -- C:\Users\****\Desktop\Abacom.Splan.v7.0.build.09.05.2011.7z
[2011.10.09 15:43:03 | 000,603,430 | ---- | C] () -- C:\Users\****\Desktop\09102011188.jpg
[2011.10.01 01:07:11 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\VideoView.lnk
[2011.10.01 01:07:10 | 000,000,093 | ---- | C] () -- C:\Windows\OEM.ini
[2011.09.26 15:00:17 | 003,414,749 | ---- | C] () -- C:\Users\****\Desktop\Hirschmann.pdf
[2011.09.23 01:00:50 | 002,717,416 | ---- | C] () -- C:\Users\****\Desktop\User’s Guide DS1000E.pdf
[2011.08.20 17:41:18 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.20 17:41:04 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.15 20:24:27 | 000,000,322 | ---- | C] () -- C:\Windows\game.ini
[2011.07.22 13:44:14 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011.07.22 13:17:04 | 001,153,006 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.06.10 18:26:01 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.06.04 17:21:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.05.17 00:04:55 | 000,000,063 | ---- | C] () -- C:\Windows\SubCreator.INI
[2011.04.08 12:06:00 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.03.30 12:18:46 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.01.29 14:36:18 | 000,016,629 | ---- | C] () -- C:\Windows\LxFrame.ini
[2011.01.29 14:33:59 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2011.01.29 01:47:38 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011.01.29 01:36:35 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011.01.29 01:35:41 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.01.20 12:54:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.31 01:04:16 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.09.28 11:08:32 | 000,266,165 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.08.07 13:08:56 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt.INI
[2010.08.07 12:16:47 | 000,000,086 | ---- | C] () -- C:\Windows\graphedt_x64.INI
[2010.08.07 10:10:37 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.07.11 19:24:46 | 000,007,607 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.07.03 17:37:25 | 000,012,800 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.21 15:59:54 | 000,000,036 | ---- | C] () -- C:\Windows\TSNPL.dat
[2010.05.21 15:59:53 | 000,001,636 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2010.05.20 11:25:46 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.06 16:47:45 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.04.20 10:00:41 | 002,082,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.18 21:23:18 | 000,537,892 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2010.02.18 21:23:18 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2010.02.18 21:17:41 | 000,186,949 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010.02.18 16:08:32 | 000,004,839 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2010.02.18 16:08:23 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010.02.18 00:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.18 00:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010.02.18 00:37:51 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010.02.18 00:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2009.11.06 11:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.11.05 11:16:36 | 000,083,525 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.06 21:40:56 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys
[2008.11.26 22:20:02 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll
[2008.11.25 18:46:38 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2008.11.25 18:43:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2008.11.25 18:42:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2008.11.15 20:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2008.04.05 19:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2008.02.13 11:15:09 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007.10.12 16:24:06 | 000,401,493 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll
[2007.10.12 16:23:46 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll
[2007.10.12 16:23:24 | 000,569,445 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll
[2007.10.12 16:23:16 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll
[2007.10.12 16:21:34 | 000,114,784 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll
[2007.10.12 16:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2007.10.12 16:20:10 | 000,098,403 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll
[2007.10.11 18:08:22 | 000,001,038 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2007.07.30 10:32:16 | 016,326,769 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll
[2007.03.19 11:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2005.09.13 05:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2004.02.13 07:49:44 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll
[2004.01.24 04:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2002.07.13 12:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\tsseCryp.dll
[2001.12.12 14:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll
[2001.12.12 14:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll
         

Alt 20.10.2011, 15:23   #12
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Und Teil 2:

Code:
ATTFilter
========== LOP Check ==========
 
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.10.01 19:41:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.25 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\3DataManager
[2010.05.10 08:04:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AccurateRip
[2011.09.15 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2010.06.09 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aerix
[2011.08.09 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AnvSoft
[2010.05.14 11:16:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2010.02.21 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ArcSoft
[2011.01.04 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2011.06.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2011.08.02 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2011.02.08 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BITS
[2011.10.09 19:19:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\codeblocks
[2011.06.26 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.01.05 02:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX
[2011.06.03 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Download Manager
[2011.03.06 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dvdcss
[2010.08.20 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVRemote
[2011.06.03 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EBookSys
[2010.02.17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2011.08.07 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fingerfox (SE)
[2011.07.21 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeFLVConverter
[2011.06.03 18:50:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.18 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2010.09.05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDRsoft
[2011.03.30 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HP
[2011.10.17 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.02.17 20:19:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2010.06.03 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imagenomic
[2010.02.17 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2010.02.18 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.10.18 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.10.14 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MathWorks
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2010.02.21 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Player Classic
[2011.09.15 12:12:59 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2010.08.07 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mkvtoolnix
[2010.07.01 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2010.09.22 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MySQL
[2011.09.26 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\National Instruments
[2010.06.03 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NeatImage SL
[2010.06.10 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nik Software
[2010.07.03 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2010.07.03 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite
[2010.12.24 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NVIDIA
[2010.03.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.10.01 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.08.01 17:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Programme
[2011.02.26 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Protector Suite
[2011.07.22 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2010.07.03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SatChannelListEditor
[2011.10.19 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.10.19 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2011.04.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synaptics
[2010.02.18 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.03.05 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.08.05 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2010.07.12 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VMware
[2010.02.18 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.26 20:21:35 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011.07.22 13:35:56 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011.07.22 13:35:56 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

< End of report >
         

Alt 20.10.2011, 15:47   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.10.2011, 16:01   #14
hatch
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Hier der Log:
Code:
ATTFilter
15:51:27.0510 2772	TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
15:51:29.0511 2772	============================================================
15:51:29.0511 2772	Current date / time: 2011/10/20 15:51:29.0511
15:51:29.0512 2772	SystemInfo:
15:51:29.0512 2772	
15:51:29.0512 2772	OS Version: 6.1.7601 ServicePack: 1.0
15:51:29.0512 2772	Product type: Workstation
15:51:29.0512 2772	ComputerName: ****-PC
15:51:29.0512 2772	UserName: ****
15:51:29.0512 2772	Windows directory: C:\Windows
15:51:29.0512 2772	System windows directory: C:\Windows
15:51:29.0512 2772	Running under WOW64
15:51:29.0512 2772	Processor architecture: Intel x64
15:51:29.0512 2772	Number of processors: 2
15:51:29.0512 2772	Page size: 0x1000
15:51:29.0512 2772	Boot type: Normal boot
15:51:29.0512 2772	============================================================
15:51:30.0813 2772	Initialize success
15:52:23.0385 1212	============================================================
15:52:23.0385 1212	Scan started
15:52:23.0385 1212	Mode: Manual; SigCheck; TDLFS; 
15:52:23.0385 1212	============================================================
15:52:24.0508 1212	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:52:24.0633 1212	1394ohci - ok
15:52:24.0664 1212	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:52:24.0680 1212	ACPI - ok
15:52:24.0727 1212	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:52:24.0820 1212	AcpiPmi - ok
15:52:24.0930 1212	adfs            (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
15:52:24.0976 1212	adfs - ok
15:52:25.0039 1212	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:25.0086 1212	adp94xx - ok
15:52:25.0304 1212	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:52:25.0351 1212	adpahci - ok
15:52:25.0366 1212	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:52:25.0398 1212	adpu320 - ok
15:52:25.0444 1212	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:52:25.0522 1212	AFD - ok
15:52:25.0632 1212	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:52:25.0663 1212	agp440 - ok
15:52:25.0710 1212	aksdf           (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys
15:52:25.0772 1212	aksdf - ok
15:52:25.0803 1212	aksfridge       (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\drivers\aksfridge.sys
15:52:25.0850 1212	aksfridge - ok
15:52:25.0959 1212	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:52:25.0990 1212	aliide - ok
15:52:26.0006 1212	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:52:26.0022 1212	amdide - ok
15:52:26.0053 1212	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:52:26.0115 1212	AmdK8 - ok
15:52:26.0131 1212	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:52:26.0162 1212	AmdPPM - ok
15:52:26.0209 1212	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:52:26.0209 1212	amdsata - ok
15:52:26.0287 1212	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:26.0318 1212	amdsbs - ok
15:52:26.0349 1212	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:52:26.0365 1212	amdxata - ok
15:52:26.0427 1212	AnyDVD          (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
15:52:26.0443 1212	AnyDVD - ok
15:52:26.0552 1212	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:52:26.0614 1212	AppID - ok
15:52:26.0677 1212	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:52:26.0692 1212	arc - ok
15:52:26.0708 1212	archlp - ok
15:52:26.0724 1212	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:52:26.0739 1212	arcsas - ok
15:52:26.0817 1212	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:26.0989 1212	AsyncMac - ok
15:52:27.0082 1212	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:52:27.0114 1212	atapi - ok
15:52:27.0207 1212	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:27.0270 1212	b06bdrv - ok
15:52:27.0348 1212	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:27.0410 1212	b57nd60a - ok
15:52:27.0457 1212	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:52:27.0504 1212	Beep - ok
15:52:27.0550 1212	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:27.0597 1212	blbdrive - ok
15:52:27.0722 1212	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:52:27.0784 1212	bowser - ok
15:52:27.0800 1212	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:27.0862 1212	BrFiltLo - ok
15:52:27.0878 1212	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:27.0894 1212	BrFiltUp - ok
15:52:27.0972 1212	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:52:28.0034 1212	Brserid - ok
15:52:28.0081 1212	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:28.0128 1212	BrSerWdm - ok
15:52:28.0143 1212	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:28.0190 1212	BrUsbMdm - ok
15:52:28.0221 1212	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:28.0237 1212	BrUsbSer - ok
15:52:28.0346 1212	BT              (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys
15:52:28.0377 1212	BT - ok
15:52:28.0408 1212	Btcsrusb        (7c5893ea5aa483e051b8311bdb36e19a) C:\Windows\system32\Drivers\btcusb.sys
15:52:28.0408 1212	Btcsrusb - ok
15:52:28.0471 1212	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:52:28.0518 1212	BthEnum - ok
15:52:28.0611 1212	BtHidBus        (88b11d73cc023274e590fbc3565ae519) C:\Windows\system32\Drivers\BtHidBus.sys
15:52:28.0627 1212	BtHidBus - ok
15:52:28.0658 1212	BTHidEnum       (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys
15:52:28.0674 1212	BTHidEnum - ok
15:52:28.0689 1212	BTHidMgr        (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys
15:52:28.0705 1212	BTHidMgr - ok
15:52:28.0736 1212	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:28.0767 1212	BTHMODEM - ok
15:52:28.0861 1212	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:52:28.0923 1212	BthPan - ok
15:52:28.0986 1212	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:52:29.0032 1212	BTHPORT - ok
15:52:29.0142 1212	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:52:29.0188 1212	BTHUSB - ok
15:52:29.0235 1212	btnetBUs        (23ef863df7e0b3185b60ec71c2b291a7) C:\Windows\system32\Drivers\btnetBus.sys
15:52:29.0282 1212	btnetBUs - ok
15:52:29.0313 1212	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:29.0360 1212	cdfs - ok
15:52:29.0469 1212	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:29.0516 1212	cdrom - ok
15:52:29.0578 1212	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:52:29.0625 1212	circlass - ok
15:52:29.0656 1212	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:52:29.0688 1212	CLFS - ok
15:52:29.0766 1212	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:29.0828 1212	CmBatt - ok
15:52:29.0844 1212	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:52:29.0859 1212	cmdide - ok
15:52:29.0906 1212	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:52:29.0937 1212	CNG - ok
15:52:30.0015 1212	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:30.0046 1212	Compbatt - ok
15:52:30.0093 1212	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:52:30.0124 1212	CompositeBus - ok
15:52:30.0156 1212	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:30.0171 1212	crcdisk - ok
15:52:30.0234 1212	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:52:30.0312 1212	CSC - ok
15:52:30.0421 1212	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:52:30.0499 1212	DfsC - ok
15:52:30.0546 1212	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:52:30.0624 1212	discache - ok
15:52:30.0655 1212	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:52:30.0655 1212	Disk - ok
15:52:30.0780 1212	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:52:30.0826 1212	Dot4 - ok
15:52:30.0858 1212	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:52:30.0904 1212	Dot4Print - ok
15:52:30.0920 1212	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:52:30.0951 1212	dot4usb - ok
15:52:30.0982 1212	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:52:31.0045 1212	drmkaud - ok
15:52:31.0154 1212	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:31.0201 1212	DXGKrnl - ok
15:52:31.0232 1212	eamon           (85e3ed13ec107a20d9b018328e0c9737) C:\Windows\system32\DRIVERS\eamon.sys
15:52:31.0248 1212	eamon - ok
15:52:31.0357 1212	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:31.0419 1212	ebdrv - ok
15:52:31.0528 1212	ehdrv           (518fb66d5e21b2c246f96c1d9153cadc) C:\Windows\system32\DRIVERS\ehdrv.sys
15:52:31.0544 1212	ehdrv - ok
15:52:31.0638 1212	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:52:31.0669 1212	ElbyCDIO - ok
15:52:31.0700 1212	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:31.0716 1212	elxstor - ok
15:52:31.0794 1212	EMSCR           (2327e9bc434279674dfa93977fc5f3b3) C:\Windows\system32\DRIVERS\EMS7SK.sys
15:52:31.0856 1212	EMSCR - ok
15:52:31.0887 1212	epfw            (99698ff43533c0fdc75967d48001c25f) C:\Windows\system32\DRIVERS\epfw.sys
15:52:31.0903 1212	epfw - ok
15:52:31.0950 1212	Epfwndis        (be1f150790123e1077cf95990394339d) C:\Windows\system32\DRIVERS\Epfwndis.sys
15:52:31.0965 1212	Epfwndis - ok
15:52:32.0059 1212	epfwwfp         (6eb1d07c86913ad53ec5afa67b9453fd) C:\Windows\system32\DRIVERS\epfwwfp.sys
15:52:32.0074 1212	epfwwfp - ok
15:52:32.0106 1212	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:52:32.0168 1212	ErrDev - ok
15:52:32.0215 1212	ESDCR           (c58d23711057d7e643fcc8428f60f133) C:\Windows\system32\DRIVERS\ESD7SK.sys
15:52:32.0277 1212	ESDCR - ok
15:52:32.0371 1212	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:32.0449 1212	exfat - ok
15:52:32.0527 1212	Ext2Fsd         (77541bb9ea03008ff40035f2d3ef114e) C:\Windows\system32\drivers\Ext2Fsd.sys
15:52:32.0558 1212	Ext2Fsd - ok
15:52:32.0652 1212	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:32.0730 1212	fastfat - ok
15:52:32.0761 1212	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:32.0776 1212	fdc - ok
15:52:32.0808 1212	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:32.0808 1212	FileInfo - ok
15:52:32.0823 1212	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:32.0854 1212	Filetrace - ok
15:52:32.0964 1212	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:33.0010 1212	flpydisk - ok
15:52:33.0042 1212	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:52:33.0057 1212	FltMgr - ok
15:52:33.0073 1212	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:33.0088 1212	FsDepends - ok
15:52:33.0104 1212	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:33.0120 1212	Fs_Rec - ok
15:52:33.0166 1212	FTDIBUS         (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
15:52:33.0182 1212	FTDIBUS - ok
15:52:33.0260 1212	FTSER2K         (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
15:52:33.0276 1212	FTSER2K - ok
15:52:33.0322 1212	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:33.0369 1212	fvevol - ok
15:52:33.0385 1212	FXDrv32 - ok
15:52:33.0400 1212	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:33.0416 1212	gagp30kx - ok
15:52:33.0525 1212	hardlock        (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
15:52:33.0588 1212	hardlock - ok
15:52:33.0634 1212	hcmon           (edb09f2df76c352b7af56d0b473049d6) C:\Windows\system32\drivers\hcmon.sys
15:52:33.0650 1212	hcmon - ok
15:52:33.0666 1212	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:33.0697 1212	hcw85cir - ok
15:52:33.0759 1212	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:52:33.0822 1212	HdAudAddService - ok
15:52:33.0915 1212	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:52:33.0978 1212	HDAudBus - ok
15:52:34.0009 1212	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:34.0040 1212	HidBatt - ok
15:52:34.0056 1212	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:34.0087 1212	HidBth - ok
15:52:34.0118 1212	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:34.0149 1212	HidIr - ok
15:52:34.0258 1212	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:34.0290 1212	HidUsb - ok
15:52:34.0336 1212	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:52:34.0336 1212	HpSAMD - ok
15:52:34.0399 1212	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:52:34.0492 1212	HTTP - ok
15:52:34.0586 1212	hwdatacard      (4b5c07db91a0099272faae732e1152bd) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:52:34.0633 1212	hwdatacard - ok
15:52:34.0664 1212	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:52:34.0680 1212	hwpolicy - ok
15:52:34.0726 1212	hwusbdev        (230c041af8df1d2308c3ac5146e3ff4f) C:\Windows\system32\DRIVERS\ewusbdev.sys
15:52:34.0758 1212	hwusbdev ( UnsignedFile.Multi.Generic ) - warning
15:52:34.0758 1212	hwusbdev - detected UnsignedFile.Multi.Generic (1)
15:52:34.0851 1212	hwusbfake       (1f24cf1f7db6d4461ac65a86db8e4bc2) C:\Windows\system32\DRIVERS\ewusbfake.sys
15:52:34.0898 1212	hwusbfake - ok
15:52:34.0945 1212	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:52:34.0960 1212	i8042prt - ok
15:52:35.0023 1212	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:52:35.0054 1212	iaStorV - ok
15:52:35.0163 1212	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:35.0194 1212	iirsp - ok
15:52:35.0272 1212	IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
15:52:35.0335 1212	IntcAzAudAddService - ok
15:52:35.0428 1212	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:52:35.0460 1212	intelide - ok
15:52:35.0475 1212	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:35.0522 1212	intelppm - ok
15:52:35.0569 1212	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:35.0616 1212	IpFilterDriver - ok
15:52:35.0647 1212	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:52:35.0662 1212	IPMIDRV - ok
15:52:35.0756 1212	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:35.0850 1212	IPNAT - ok
15:52:35.0881 1212	irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
15:52:35.0974 1212	irda - ok
15:52:36.0052 1212	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:36.0099 1212	IRENUM - ok
15:52:36.0177 1212	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:52:36.0208 1212	isapnp - ok
15:52:36.0224 1212	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:52:36.0240 1212	iScsiPrt - ok
15:52:36.0333 1212	ISODrive        (9c6f3f69163133fb8e56ac4a6e163452) D:\Programme\UltraISO\drivers\ISODrv64.sys
15:52:36.0364 1212	ISODrive - ok
15:52:36.0442 1212	itecir          (7fd00dc971ab5f8f878587e90ed111c8) C:\Windows\system32\DRIVERS\itecir.sys
15:52:36.0505 1212	itecir - ok
15:52:36.0536 1212	IvtBtBUs        (70ebda3ed637b0212450c5542edd11a7) C:\Windows\system32\Drivers\IvtBtBus.sys
15:52:36.0552 1212	IvtBtBUs - ok
15:52:36.0598 1212	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:36.0614 1212	kbdclass - ok
15:52:36.0630 1212	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:36.0661 1212	kbdhid - ok
15:52:36.0801 1212	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:52:36.0832 1212	KSecDD - ok
15:52:36.0864 1212	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:36.0910 1212	KSecPkg - ok
15:52:36.0926 1212	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:36.0973 1212	ksthunk - ok
15:52:37.0144 1212	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:37.0207 1212	lltdio - ok
15:52:37.0238 1212	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:37.0254 1212	LSI_FC - ok
15:52:37.0269 1212	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:37.0285 1212	LSI_SAS - ok
15:52:37.0300 1212	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:37.0300 1212	LSI_SAS2 - ok
15:52:37.0316 1212	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:37.0332 1212	LSI_SCSI - ok
15:52:37.0347 1212	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:37.0378 1212	luafv - ok
15:52:37.0503 1212	LUMDriver       (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
15:52:37.0534 1212	LUMDriver - ok
15:52:37.0550 1212	massfilter - ok
15:52:37.0612 1212	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
15:52:37.0644 1212	MBAMProtector - ok
15:52:37.0675 1212	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:37.0690 1212	megasas - ok
15:52:37.0706 1212	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:37.0722 1212	MegaSR - ok
15:52:37.0878 1212	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:37.0940 1212	Modem - ok
15:52:37.0971 1212	MODEMCSA        (e38aef079cd3bcfa19f2072a214f829d) C:\Windows\system32\drivers\MODEMCSA.sys
15:52:38.0002 1212	MODEMCSA - ok
15:52:38.0034 1212	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:38.0049 1212	monitor - ok
15:52:38.0127 1212	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:38.0158 1212	mouclass - ok
15:52:38.0190 1212	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:38.0221 1212	mouhid - ok
15:52:38.0268 1212	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:52:38.0299 1212	mountmgr - ok
15:52:38.0330 1212	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:52:38.0377 1212	mpio - ok
15:52:38.0408 1212	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:52:38.0439 1212	mpsdrv - ok
15:52:38.0533 1212	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:52:38.0595 1212	MRxDAV - ok
15:52:38.0626 1212	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:38.0689 1212	mrxsmb - ok
15:52:38.0720 1212	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:38.0751 1212	mrxsmb10 - ok
15:52:38.0767 1212	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:38.0782 1212	mrxsmb20 - ok
15:52:38.0876 1212	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:52:38.0907 1212	msahci - ok
15:52:38.0938 1212	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:52:38.0954 1212	msdsm - ok
15:52:38.0985 1212	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:52:39.0032 1212	Msfs - ok
15:52:39.0048 1212	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:52:39.0094 1212	mshidkmdf - ok
15:52:39.0126 1212	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:52:39.0141 1212	msisadrv - ok
15:52:39.0219 1212	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:39.0297 1212	MSKSSRV - ok
15:52:39.0313 1212	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:39.0360 1212	MSPCLOCK - ok
15:52:39.0375 1212	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:52:39.0484 1212	MSPQM - ok
15:52:39.0531 1212	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:52:39.0547 1212	MsRPC - ok
15:52:39.0578 1212	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:52:39.0594 1212	mssmbios - ok
15:52:39.0765 1212	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:52:39.0843 1212	MSTEE - ok
15:52:39.0874 1212	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:39.0921 1212	MTConfig - ok
15:52:39.0952 1212	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:52:39.0968 1212	Mup - ok
15:52:40.0077 1212	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:40.0124 1212	NativeWifiP - ok
15:52:40.0202 1212	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:52:40.0249 1212	NDIS - ok
15:52:40.0327 1212	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:40.0420 1212	NdisCap - ok
15:52:40.0545 1212	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:40.0639 1212	NdisTapi - ok
15:52:40.0670 1212	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:40.0748 1212	Ndisuio - ok
15:52:40.0795 1212	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:40.0842 1212	NdisWan - ok
15:52:40.0935 1212	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:52:41.0013 1212	NDProxy - ok
15:52:41.0076 1212	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:52:41.0138 1212	NetBIOS - ok
15:52:41.0185 1212	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:52:41.0232 1212	NetBT - ok
15:52:41.0450 1212	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:52:41.0559 1212	netw5v64 - ok
15:52:41.0653 1212	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:41.0684 1212	nfrd960 - ok
15:52:41.0762 1212	nmwcd           (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
15:52:41.0824 1212	nmwcd - ok
15:52:41.0949 1212	nmwcdc          (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
15:52:41.0996 1212	nmwcdc - ok
15:52:42.0058 1212	nmwcdnsucx64    (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:52:42.0121 1212	nmwcdnsucx64 - ok
15:52:42.0152 1212	nmwcdnsux64     (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
15:52:42.0183 1212	nmwcdnsux64 - ok
15:52:42.0214 1212	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:52:42.0292 1212	Npfs - ok
15:52:42.0370 1212	NSCIRDA         (228c7cf50a584dd58e72fcefac7d8914) C:\Windows\system32\DRIVERS\nscirda.sys
15:52:42.0433 1212	NSCIRDA - ok
15:52:42.0464 1212	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:52:42.0526 1212	nsiproxy - ok
15:52:42.0573 1212	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:52:42.0620 1212	Ntfs - ok
15:52:42.0714 1212	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:52:42.0792 1212	Null - ok
15:52:43.0244 1212	nvlddmkm        (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:52:43.0556 1212	nvlddmkm - ok
15:52:43.0696 1212	nvoclk64        (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
15:52:43.0712 1212	nvoclk64 - ok
15:52:43.0728 1212	nvport - ok
15:52:43.0774 1212	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:52:43.0806 1212	nvraid - ok
15:52:43.0837 1212	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:52:43.0837 1212	nvstor - ok
15:52:43.0899 1212	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:52:43.0930 1212	nv_agp - ok
15:52:44.0024 1212	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:52:44.0071 1212	ohci1394 - ok
15:52:44.0164 1212	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:52:44.0196 1212	Parport - ok
15:52:44.0227 1212	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:52:44.0242 1212	partmgr - ok
15:52:44.0320 1212	pccsmcfd - ok
15:52:44.0352 1212	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:52:44.0383 1212	pci - ok
15:52:44.0398 1212	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:52:44.0414 1212	pciide - ok
15:52:44.0445 1212	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:44.0461 1212	pcmcia - ok
15:52:44.0476 1212	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:52:44.0492 1212	pcw - ok
15:52:44.0523 1212	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:52:44.0586 1212	PEAUTH - ok
15:52:44.0664 1212	pfc - ok
15:52:44.0788 1212	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:44.0882 1212	PptpMiniport - ok
15:52:44.0913 1212	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:52:44.0929 1212	Processor - ok
15:52:45.0038 1212	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:52:45.0116 1212	Psched - ok
15:52:45.0163 1212	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:52:45.0210 1212	ql2300 - ok
15:52:45.0241 1212	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:45.0241 1212	ql40xx - ok
15:52:45.0319 1212	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:52:45.0381 1212	QWAVEdrv - ok
15:52:45.0412 1212	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:45.0475 1212	RasAcd - ok
15:52:45.0506 1212	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:45.0537 1212	RasAgileVpn - ok
15:52:45.0584 1212	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:45.0678 1212	Rasl2tp - ok
15:52:45.0740 1212	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:45.0834 1212	RasPppoe - ok
15:52:45.0849 1212	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:45.0927 1212	RasSstp - ok
15:52:45.0958 1212	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:45.0990 1212	rdbss - ok
15:52:46.0021 1212	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:46.0068 1212	rdpbus - ok
15:52:46.0099 1212	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:46.0146 1212	RDPCDD - ok
15:52:46.0239 1212	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:52:46.0317 1212	RDPDR - ok
15:52:46.0333 1212	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:52:46.0364 1212	RDPENCDD - ok
15:52:46.0380 1212	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:52:46.0411 1212	RDPREFMP - ok
15:52:46.0442 1212	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:52:46.0489 1212	RDPWD - ok
15:52:46.0536 1212	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:52:46.0567 1212	rdyboost - ok
15:52:46.0676 1212	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:52:46.0723 1212	RFCOMM - ok
15:52:46.0785 1212	RsFx0150        (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
15:52:46.0816 1212	RsFx0150 - ok
15:52:46.0848 1212	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:46.0910 1212	rspndr - ok
15:52:46.0988 1212	RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:52:47.0050 1212	RTL8167 - ok
15:52:47.0097 1212	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:52:47.0128 1212	s3cap - ok
15:52:47.0222 1212	SbieDrv         (c7e399dbc7b70fda979013389b1a8dab) D:\Programme\Sandboxie\SbieDrv.sys
15:52:47.0253 1212	SbieDrv - ok
15:52:47.0347 1212	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:52:47.0378 1212	sbp2port - ok
15:52:47.0440 1212	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:52:47.0518 1212	scfilter - ok
15:52:47.0550 1212	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:52:47.0581 1212	sdbus - ok
15:52:47.0674 1212	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:47.0752 1212	secdrv - ok
15:52:47.0815 1212	Sentinel64      (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
15:52:47.0830 1212	Sentinel64 - ok
15:52:47.0846 1212	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:52:47.0862 1212	Serenum - ok
15:52:47.0862 1212	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:52:47.0893 1212	Serial - ok
15:52:47.0940 1212	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:52:47.0940 1212	sermouse - ok
15:52:48.0049 1212	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:52:48.0080 1212	sffdisk - ok
15:52:48.0111 1212	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:48.0142 1212	sffp_mmc - ok
15:52:48.0174 1212	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:52:48.0205 1212	sffp_sd - ok
15:52:48.0236 1212	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:48.0283 1212	sfloppy - ok
15:52:48.0392 1212	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:48.0423 1212	SiSRaid2 - ok
15:52:48.0439 1212	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:48.0454 1212	SiSRaid4 - ok
15:52:48.0486 1212	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:52:48.0517 1212	Smb - ok
15:52:48.0564 1212	smserial        (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
15:52:48.0626 1212	smserial - ok
15:52:48.0673 1212	speedfan - ok
15:52:48.0751 1212	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:52:48.0782 1212	spldr - ok
15:52:48.0860 1212	sptd            (4b3f898dc1378ced2f35d04e5b0ce0df) C:\Windows\System32\Drivers\sptd.sys
15:52:48.0860 1212	Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
15:52:48.0860 1212	sptd ( LockedFile.Multi.Generic ) - warning
15:52:48.0860 1212	sptd - detected LockedFile.Multi.Generic (1)
15:52:49.0000 1212	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:52:49.0078 1212	srv - ok
15:52:49.0110 1212	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:52:49.0141 1212	srv2 - ok
15:52:49.0234 1212	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:49.0281 1212	srvnet - ok
15:52:49.0344 1212	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:52:49.0344 1212	stexstor - ok
15:52:49.0390 1212	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:52:49.0390 1212	StillCam - ok
15:52:49.0546 1212	StkCMini        (8c74684d421f18dfa7ac1c0f6018955f) C:\Windows\system32\Drivers\StkCMini.sys
15:52:49.0624 1212	StkCMini - ok
15:52:49.0718 1212	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:52:49.0749 1212	storflt - ok
15:52:49.0765 1212	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:52:49.0780 1212	storvsc - ok
15:52:49.0812 1212	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:52:49.0812 1212	swenum - ok
15:52:49.0905 1212	SynTP           (08425cd92972c6430f350a9697f4a553) C:\Windows\system32\DRIVERS\SynTP.sys
15:52:49.0952 1212	SynTP - ok
15:52:50.0092 1212	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:52:50.0155 1212	Tcpip - ok
15:52:50.0202 1212	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:50.0233 1212	TCPIP6 - ok
15:52:50.0280 1212	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:52:50.0358 1212	tcpipreg - ok
15:52:50.0467 1212	TcUsb           (ccf4225a78d2ca2983c38d60cffbadc8) C:\Windows\system32\Drivers\tcusb.sys
15:52:50.0498 1212	TcUsb - ok
15:52:50.0529 1212	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:52:50.0592 1212	TDPIPE - ok
15:52:50.0607 1212	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:52:50.0638 1212	TDTCP - ok
15:52:50.0685 1212	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:52:50.0779 1212	tdx - ok
15:52:50.0841 1212	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:52:50.0872 1212	TermDD - ok
15:52:50.0982 1212	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:51.0060 1212	tssecsrv - ok
15:52:51.0122 1212	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:52:51.0153 1212	TsUsbFlt - ok
15:52:51.0216 1212	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:51.0294 1212	tunnel - ok
15:52:51.0372 1212	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:52:51.0403 1212	uagp35 - ok
15:52:51.0434 1212	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:52:51.0512 1212	udfs - ok
15:52:51.0559 1212	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:52:51.0590 1212	uliagpkx - ok
15:52:51.0637 1212	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:52:51.0668 1212	umbus - ok
15:52:51.0684 1212	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:52:51.0715 1212	UmPass - ok
15:52:51.0871 1212	upperdev        (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:52:51.0933 1212	upperdev - ok
15:52:51.0964 1212	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:51.0996 1212	usbccgp - ok
15:52:52.0042 1212	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:52:52.0074 1212	usbcir - ok
15:52:52.0152 1212	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:52:52.0198 1212	usbehci - ok
15:52:52.0245 1212	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:52.0292 1212	usbhub - ok
15:52:52.0339 1212	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:52:52.0370 1212	usbohci - ok
15:52:52.0401 1212	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:52.0432 1212	usbprint - ok
15:52:52.0526 1212	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:52.0588 1212	usbscan - ok
15:52:52.0651 1212	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:52:52.0682 1212	usbser - ok
15:52:52.0776 1212	UsbserFilt      (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:52:52.0838 1212	UsbserFilt - ok
15:52:52.0916 1212	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:52.0963 1212	USBSTOR - ok
15:52:52.0994 1212	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:52:53.0041 1212	usbuhci - ok
15:52:53.0088 1212	VComm           (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys
15:52:53.0103 1212	VComm - ok
15:52:53.0150 1212	VcommMgr        (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys
15:52:53.0166 1212	VcommMgr - ok
15:52:53.0244 1212	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:52:53.0275 1212	vdrvroot - ok
15:52:53.0306 1212	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:53.0322 1212	vga - ok
15:52:53.0353 1212	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:52:53.0400 1212	VgaSave - ok
15:52:53.0431 1212	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:52:53.0462 1212	vhdmp - ok
15:52:53.0478 1212	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:52:53.0493 1212	viaide - ok
15:52:53.0556 1212	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:52:53.0587 1212	vmbus - ok
15:52:53.0618 1212	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:52:53.0649 1212	VMBusHID - ok
15:52:53.0696 1212	vmci            (69f38919ff1510560d67f9a0b2375b01) C:\Windows\system32\drivers\vmci.sys
15:52:53.0727 1212	vmci - ok
15:52:53.0774 1212	VMnetAdapter    (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:52:53.0805 1212	VMnetAdapter - ok
15:52:53.0852 1212	VMnetBridge     (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:52:53.0852 1212	VMnetBridge - ok
15:52:53.0930 1212	VMnetuserif     (ea48bef5bc53d6cb5fec8f9be088b337) C:\Windows\system32\drivers\vmnetuserif.sys
15:52:53.0946 1212	VMnetuserif - ok
15:52:54.0008 1212	vmusb           (5d5c96c4ad3cfcffb8d5691dd749322a) C:\Windows\system32\Drivers\vmusb.sys
15:52:54.0024 1212	vmusb - ok
15:52:54.0133 1212	vmx86           (1286147733e31fe4e40237eb289cd7a8) C:\Windows\system32\drivers\vmx86.sys
15:52:54.0148 1212	vmx86 - ok
15:52:54.0211 1212	vncmirror       (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
15:52:54.0273 1212	vncmirror - ok
15:52:54.0320 1212	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:52:54.0336 1212	volmgr - ok
15:52:54.0414 1212	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:52:54.0460 1212	volmgrx - ok
15:52:54.0476 1212	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:52:54.0492 1212	volsnap - ok
15:52:54.0554 1212	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
15:52:54.0585 1212	vpcbus - ok
15:52:54.0616 1212	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:52:54.0648 1212	vpcnfltr - ok
15:52:54.0679 1212	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
15:52:54.0710 1212	vpcusb - ok
15:52:54.0788 1212	vpcuxd          (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
15:52:54.0819 1212	vpcuxd - ok
15:52:54.0928 1212	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
15:52:54.0975 1212	vpcvmm - ok
15:52:55.0006 1212	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:55.0006 1212	vsmraid - ok
15:52:55.0038 1212	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:52:55.0084 1212	vwifibus - ok
15:52:55.0131 1212	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:52:55.0162 1212	WacomPen - ok
15:52:55.0225 1212	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:55.0303 1212	WANARP - ok
15:52:55.0303 1212	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:55.0334 1212	Wanarpv6 - ok
15:52:55.0412 1212	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:52:55.0428 1212	Wd - ok
15:52:55.0459 1212	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:55.0474 1212	Wdf01000 - ok
15:52:55.0552 1212	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:55.0615 1212	WfpLwf - ok
15:52:55.0630 1212	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:52:55.0646 1212	WIMMount - ok
15:52:55.0740 1212	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:55.0786 1212	WinUsb - ok
15:52:55.0864 1212	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
15:52:55.0880 1212	WmBEnum - ok
15:52:55.0942 1212	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
15:52:55.0974 1212	WmFilter - ok
15:52:56.0005 1212	WmHidLo         (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
15:52:56.0020 1212	WmHidLo - ok
15:52:56.0098 1212	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:52:56.0145 1212	WmiAcpi - ok
15:52:56.0192 1212	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
15:52:56.0208 1212	WmVirHid - ok
15:52:56.0270 1212	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
15:52:56.0286 1212	WmXlCore - ok
15:52:56.0332 1212	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:56.0364 1212	ws2ifsl - ok
15:52:56.0442 1212	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:52:56.0504 1212	WSDPrintDevice - ok
15:52:56.0535 1212	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:52:56.0629 1212	WudfPf - ok
15:52:56.0707 1212	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:56.0785 1212	WUDFRd - ok
15:52:56.0832 1212	ZTEusbmdm6k - ok
15:52:56.0863 1212	ZTEusbnmea - ok
15:52:56.0894 1212	ZTEusbser6k - ok
15:52:56.0941 1212	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:52:57.0159 1212	\Device\Harddisk0\DR0 - ok
15:52:57.0175 1212	Boot (0x1200)   (3f3ff1582e573afb1d717a7c20180216) \Device\Harddisk0\DR0\Partition0
15:52:57.0175 1212	\Device\Harddisk0\DR0\Partition0 - ok
15:52:57.0206 1212	Boot (0x1200)   (85f7fc6054658e95b79d0181b21c6015) \Device\Harddisk0\DR0\Partition1
15:52:57.0206 1212	\Device\Harddisk0\DR0\Partition1 - ok
15:52:57.0222 1212	Boot (0x1200)   (1388759a79cd3892c42b86f310b3dff3) \Device\Harddisk0\DR0\Partition2
15:52:57.0222 1212	\Device\Harddisk0\DR0\Partition2 - ok
15:52:57.0237 1212	============================================================
15:52:57.0237 1212	Scan finished
15:52:57.0237 1212	============================================================
15:52:57.0237 4208	Detected object count: 2
15:52:57.0237 4208	Actual detected object count: 2
15:58:43.0060 4208	hwusbdev ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:43.0060 4208	hwusbdev ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:58:43.0060 4208	sptd ( LockedFile.Multi.Generic ) - skipped by user
15:58:43.0060 4208	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 20.10.2011, 16:09   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook-Wurm winsvc.exe - Standard

Facebook-Wurm winsvc.exe



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Facebook-Wurm winsvc.exe
anti-malware, automatisch, autostart, backdoor.ircbot, bild, chat, code, datei, explorer, infizierte, link, löschen, malwarebytes, namen, online, ordner, prozess, recycle.bin, scan, schattenkopien, security, stick, system, temp, usb, usb stick, windows, wurm



Ähnliche Themen: Facebook-Wurm winsvc.exe


  1. Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe
    Log-Analyse und Auswertung - 05.09.2012 (23)
  2. Ist winsvc.exe ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (39)
  3. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  4. winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen
    Log-Analyse und Auswertung - 15.11.2011 (28)
  5. Facebook Virus: winsvc.exe
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (11)
  6. Facebook-Wurm Phorpiex, was muss ich tun?
    Log-Analyse und Auswertung - 29.10.2011 (12)
  7. Facebook Wurm winsvc.exe
    Plagegeister aller Art und deren Bekämpfung - 21.10.2011 (1)
  8. winsvc.exe
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (10)
  9. winsvc.exe - Kein Datenträger
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (14)
  10. Antivir meldet einen Wurm den ich wahrscheinlich von einem Facebook Link habe!!!
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  11. Facebook-Virus?, *.JPG.scr geöffnet, Folge: winsvc.exe, csrss.exe, atiedxx.exe, winlogon.exe
    Log-Analyse und Auswertung - 16.08.2011 (2)
  12. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  13. Wurm oder nicht Wurm (Verschickt Spam-Mails)
    Plagegeister aller Art und deren Bekämpfung - 25.10.2010 (1)
  14. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  15. Wurm oder nicht Wurm?
    Mülltonne - 25.11.2008 (0)
  16. Wurm oder nicht Wurm?
    Mülltonne - 25.11.2008 (0)
  17. Facebook
    Mülltonne - 19.08.2008 (0)

Zum Thema Facebook-Wurm winsvc.exe - Hallo, nun hats mich leider auch erwischt. Hab nen Wurm abbekommen. Eine Bekannte hat mir einen infizierten USB Stick gegeben und dann hat sich das Ding auch in meinem System - Facebook-Wurm winsvc.exe...
Archiv
Du betrachtest: Facebook-Wurm winsvc.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.