| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kampf gegen Trojaner - Bin ich ihn los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2011, 19:06
| #1 |
 |  Kampf gegen Trojaner - Bin ich ihn los? Hallo ihr Lieben, habe vor einigen Tagen schonmal gepostet, dass ich mir dieses fiese "System Repair" -Teil eingefangen habe. Dachte ich hätte es im Griff, aber anscheinend hab ich mich zu früh gefreut. Nachdem ich System Repair "erfolgreich" entfernt habe, habe ich mir Windows 7 auf CD gebrannt, um es mit dem Key vom Laptop zu aktivieren. So weit so gut, das ging auch alles super und ich war (scheinbar) virenfrei. Nun war ich wieder auf einer der Seiten des Programmierers unterwegs, bei der ich mir schon das erste Ding eingefangen hab. Und schwupps- schmierte mir gleichzeitig mit meiner Kollegin (die sich auch gerade auf der Seite befand) der Rechner ab. Das kann doch kein Zufall sein!? Nach dem Neustart brachte mir Security Essentials den Trojaner Alureon hervor (DOS/Alureon.E). Also WIEDER System neu. Diesmal über die Reparaturkonsole fixmbr + fixboot ausgeführt, sowie c komplett formatiert (hat diesmal 3h gedauert). Danach Windows 7 neu installiert. Wieder Security Essentials drüber laufen lassen (das hat als einziges Prog angeschlagen) und Alureon wieder gefunden  . Diesmal konnte es den Bösewicht aber angeblich erfolgreich entfernen. Seit dem schlägt auch nichts mehr an. Der Rechner ist nach wie vor langsam. Fenster bewegen sich teilweise sehr träge, Rechner brauch ewig bis er hochfährt. Ich wette da schlummert noch was.System also nochmal neu? Kann es sein, dass sich das Ding mit der gebrannten Windows CD neu einnistet? Wofür brauche ich die Recovery CD's (die ich natürlich nicht habe.....)? Der im Saturn meinte nämlich heute, es würde nicht reichen, dass man Windows "nur" neu macht, da Systemdaten erhalten bleiben und damit auch der Virus. Ich bräuchte UNBEDINGT die Recoverys... Was mach ich denn nun mit meinem scheinbar cleanen aber verdammt langsamen Rechner  ? Malwarebytes, Gmer, etc. sagen es ist alles sauber.Tausend Dank für eure Hilfe! |
|
13.11.2011, 09:13
| #2 | |||
| /// Helfer-Team    |  Kampf gegen Trojaner - Bin ich ihn los? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 3. Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter Zitat:
TDSSKiller von Kaspersky
Zitat:
kira
__________________ |
|
13.11.2011, 19:40
| #3 |
| | Kampf gegen Trojaner - Bin ich ihn los? Hallo, vielen Dank für deine Hilfe. Ich fang mal an mit OTL damits übersichtlich bleibt:
__________________OTL-Logfile OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.11.2011 19:27:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zündi\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 67,74% Memory free 7,73 Gb Paging File | 6,38 Gb Available in Paging File | 82,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 584,35 Gb Total Space | 561,65 Gb Free Space | 96,12% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,36 Mb Free Space | 70,36% Space Free | Partition Type: NTFS Computer Name: ZÜNDI-PC | User Name: Zündi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zündi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (k57nd) -- C:\Windows\SysNative\drivers\k57amd64.sys (Broadcom Corporation) DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys () DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 BB 7C 35 DC A0 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zündi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zündi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DA2FE7-0F6F-4BE9-A1CB-F3B12EAB4C08}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E775D0D-35E9-4BBE-B52F-9E48DEB144DB}: DhcpNameServer = 217.68.161.141 217.68.161.171 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.12 22:57:48 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.11.12 22:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.11.12 22:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011.11.12 22:54:59 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Local\Google [2011.11.12 22:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Local\Apps [2011.11.12 22:53:53 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Local\Deployment [2011.11.12 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Roaming\Skype [2011.11.12 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.12 21:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.11.12 21:21:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011.11.12 21:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.11.12 14:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.11.12 13:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2011.11.12 13:25:12 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2011.11.12 13:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011.11.12 13:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.12 13:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.12 13:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.11.12 13:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.11.12 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Roaming\TestApp [2011.11.12 05:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.11.12 04:35:08 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2011.11.12 04:35:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2011.11.12 04:35:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2011.11.12 04:35:08 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2011.11.12 04:35:07 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2011.11.12 04:35:07 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2011.11.12 04:35:07 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2011.11.12 04:35:07 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2011.11.12 04:34:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2011.11.12 04:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.11.12 04:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.11.12 04:18:24 | 019,901,952 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2011.11.12 04:18:24 | 015,180,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2011.11.12 04:18:24 | 006,856,192 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2011.11.12 04:18:24 | 004,917,248 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2011.11.12 04:18:24 | 003,798,528 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2011.11.12 04:18:24 | 003,025,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2011.11.12 04:18:24 | 002,752,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2011.11.12 04:18:24 | 000,458,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.11.12 04:18:24 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll [2011.11.12 04:18:24 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll [2011.11.12 04:18:24 | 000,264,192 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2011.11.12 04:18:24 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.11.12 04:18:24 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.11.12 04:18:24 | 000,116,240 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtihdW76.sys [2011.11.12 04:18:24 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2011.11.12 04:18:24 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.11.12 04:18:24 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2011.11.12 04:18:24 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2011.11.12 04:18:24 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2011.11.12 04:18:24 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2011.11.12 04:18:24 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2011.11.12 04:18:24 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2011.11.12 04:18:24 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2011.11.12 04:18:24 | 000,022,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2011.11.12 04:18:24 | 000,018,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2011.11.12 04:18:24 | 000,016,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2011.11.12 04:18:24 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2011.11.12 04:18:24 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2011.11.12 04:18:24 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.11.12 04:18:23 | 005,265,408 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2011.11.12 04:18:23 | 004,294,656 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2011.11.12 04:18:23 | 004,096,000 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2011.11.12 04:18:23 | 003,668,480 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2011.11.12 04:18:23 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2011.11.12 04:18:23 | 000,335,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2011.11.12 04:18:23 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2011.11.12 04:18:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2011.11.12 04:18:23 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe [2011.11.12 04:18:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2011.11.12 04:18:23 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2011.11.12 04:18:23 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2011.11.12 04:18:23 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2011.11.12 04:18:23 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2011.11.12 04:18:23 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2011.11.12 04:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011.11.12 04:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011.11.12 03:55:17 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011.11.12 03:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2011.11.12 03:54:46 | 000,000,000 | ---D | C] -- C:\Intel [2011.11.12 03:46:31 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Roaming\Malwarebytes [2011.11.12 03:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.12 03:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.12 03:46:22 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.12 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.12 03:28:33 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.11.12 03:28:32 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.11.12 03:28:32 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.11.12 03:28:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.11.12 03:28:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.11.12 03:28:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.11.12 03:28:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.11.12 03:28:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.11.12 03:28:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.11.12 03:28:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.11.12 03:28:28 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.11.12 03:28:28 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.11.12 03:28:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.11.12 03:28:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.11.12 03:28:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.11.12 03:26:08 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.11.12 03:26:07 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.11.12 03:26:07 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.11.12 03:26:07 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.11.12 03:26:06 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.11.12 03:26:05 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.11.12 03:26:04 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.11.12 03:26:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.11.12 03:26:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.11.12 03:26:02 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.11.12 03:26:02 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.11.12 03:26:02 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.11.12 03:26:02 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.11.12 03:26:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.11.12 03:26:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.11.12 03:26:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.11.12 03:24:29 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.11.12 03:24:29 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.11.12 03:24:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.11.12 03:24:24 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.11.12 03:24:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.11.12 03:24:23 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.11.12 03:24:21 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.11.12 03:24:21 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.11.12 03:24:20 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.11.12 03:24:20 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.11.12 03:24:20 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.11.12 03:24:19 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.11.12 03:24:19 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.11.12 03:24:19 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.11.12 03:24:19 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.11.12 03:24:19 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.11.12 03:24:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.11.12 03:24:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.11.12 03:24:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.11.12 03:24:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.11.12 03:24:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.11.12 03:23:51 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2011.11.12 03:23:50 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2011.11.12 03:23:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.11.12 03:23:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.11.12 03:23:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.11.12 03:23:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.11.12 03:23:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.11.12 03:23:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.11.12 03:23:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.11.12 03:23:02 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2011.11.12 03:22:36 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2011.11.12 03:22:36 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2011.11.12 03:22:36 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2011.11.12 03:22:35 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2011.11.12 03:22:35 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2011.11.12 03:22:35 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2011.11.12 03:22:35 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2011.11.12 03:22:35 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2011.11.12 03:22:33 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.11.12 03:22:30 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2011.11.12 03:22:29 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011.11.12 03:22:29 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.11.12 03:22:28 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011.11.12 03:22:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.11.12 03:22:27 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.11.12 03:22:27 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.11.12 03:22:27 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.11.12 03:22:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.11.12 03:22:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2011.11.12 03:22:06 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2011.11.12 03:22:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2011.11.12 03:22:05 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2011.11.12 03:22:05 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2011.11.12 03:22:04 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2011.11.12 03:22:04 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2011.11.12 03:22:04 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2011.11.12 03:22:03 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2011.11.12 03:22:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2011.11.12 03:22:03 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2011.11.12 03:22:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2011.11.12 03:22:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2011.11.12 03:22:02 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2011.11.12 03:22:02 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2011.11.12 03:22:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2011.11.12 03:22:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2011.11.12 03:21:40 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.11.12 03:21:39 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.11.12 03:21:38 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2011.11.12 03:21:35 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.11.12 03:21:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.11.12 03:21:35 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.11.12 03:21:22 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.11.12 03:21:22 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.11.12 03:21:22 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2011.11.12 03:21:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2011.11.12 03:21:22 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.11.12 03:21:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.11.12 03:21:21 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.11.12 03:21:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.11.12 03:21:21 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.11.12 03:21:21 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.11.12 03:21:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.11.12 03:21:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.11.12 03:21:20 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.11.12 03:21:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.11.12 03:21:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.11.12 03:21:14 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.11.12 03:21:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.11.12 03:21:11 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2011.11.12 03:21:11 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2011.11.12 03:21:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2011.11.12 03:21:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2011.11.12 03:21:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011.11.12 03:20:58 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2011.11.12 03:20:57 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2011.11.12 03:20:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2011.11.12 03:20:56 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2011.11.12 03:14:57 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.11.12 03:14:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.11.12 03:14:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.11.12 03:14:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.11.12 03:14:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.11.12 03:14:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.11.12 03:14:26 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.11.12 03:14:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.11.12 03:14:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.11.12 03:14:26 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.11.12 03:14:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.11.12 03:14:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.11.12 03:14:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.11.12 03:14:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.11.12 03:14:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.11.12 03:14:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.11.12 03:14:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.11.12 03:14:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.11.12 03:14:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.11.12 03:14:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.11.12 03:14:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.11.12 03:14:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.11.12 03:14:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.11.12 03:14:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.11.12 03:14:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.11.12 03:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.11.12 03:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.11.12 03:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.11.12 03:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.11.12 03:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.11.12 03:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.11.12 03:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.11.12 03:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.11.12 03:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.11.12 03:14:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.11.12 03:14:05 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2011.11.12 03:13:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.11.12 03:13:49 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.11.12 03:13:49 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.11.12 03:09:20 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.11.12 03:09:20 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.11.12 03:09:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.11.12 03:09:20 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.11.12 03:09:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.11.12 03:09:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.11.12 03:09:19 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.11.12 03:09:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.11.12 03:09:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.11.12 03:09:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.11.12 03:08:24 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2011.11.12 03:08:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2011.11.12 03:08:24 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2011.11.12 03:08:23 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2011.11.12 03:08:21 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.11.12 03:08:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.11.12 03:08:19 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2011.11.12 03:08:18 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2011.11.12 03:08:15 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.11.12 03:08:15 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.11.12 03:08:15 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.11.12 03:08:15 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.11.12 03:08:14 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.11.12 03:08:14 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.11.12 03:08:14 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.11.12 03:07:53 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2011.11.12 03:07:51 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2011.11.12 03:07:50 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2011.11.12 03:07:50 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2011.11.12 03:07:48 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2011.11.12 03:07:48 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2011.11.12 03:07:47 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.11.12 03:07:47 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.11.12 03:07:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2011.11.12 03:07:41 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.11.12 03:07:41 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.11.12 03:07:41 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.11.12 03:07:40 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.11.12 03:07:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.11.12 03:07:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.11.12 03:07:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.11.12 03:07:33 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.11.12 03:07:33 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.11.12 03:07:32 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2011.11.12 03:07:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2011.11.12 02:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.11.12 02:45:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.11.12 02:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011.11.12 02:45:18 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2011.11.12 02:43:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2011.11.12 02:43:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2011.11.12 02:43:32 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2011.11.12 02:40:38 | 000,000,000 | R--D | C] -- C:\Users\Zündi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.11.12 02:40:38 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Searches [2011.11.12 02:40:38 | 000,000,000 | R--D | C] -- C:\Users\Zündi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.11.12 02:40:28 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Roaming\Identities [2011.11.12 02:40:26 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Contacts [2011.11.12 02:40:24 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Local\VirtualStore [2011.11.12 02:40:15 | 000,000,000 | --SD | C] -- C:\Users\Zündi\AppData\Roaming\Microsoft [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Videos [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Saved Games [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Pictures [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Music [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Links [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Favorites [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Downloads [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Documents [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\Desktop [2011.11.12 02:40:15 | 000,000,000 | R--D | C] -- C:\Users\Zündi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Vorlagen [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\AppData\Local\Verlauf [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\AppData\Local\Temporary Internet Files [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Startmenü [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\SendTo [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Recent [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Netzwerkumgebung [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Lokale Einstellungen [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Documents\Eigene Videos [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Documents\Eigene Musik [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Eigene Dateien [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Documents\Eigene Bilder [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Druckumgebung [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Cookies [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\AppData\Local\Anwendungsdaten [2011.11.12 02:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Zündi\Anwendungsdaten [2011.11.12 02:40:15 | 000,000,000 | -H-D | C] -- C:\Users\Zündi\AppData [2011.11.12 02:40:15 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Local\Temp [2011.11.12 02:40:15 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Local\Microsoft [2011.11.12 02:40:15 | 000,000,000 | ---D | C] -- C:\Users\Zündi\AppData\Roaming\Media Center Programs [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Programme [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.11.12 02:40:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.11.12 02:33:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.11.12 02:33:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2011.11.12 02:31:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.11.12 02:30:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.11.12 02:30:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.11.12 02:30:04 | 000,000,000 | -HSD | C] -- C:\Boot ========== Files - Modified Within 30 Days ========== [2011.11.13 19:24:21 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.13 19:24:21 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.13 19:24:21 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.13 19:24:21 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.13 19:24:21 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.13 19:19:23 | 000,021,784 | ---- | M] () -- C:\Users\Zündi\Documents\cc_20111113_191918.reg [2011.11.13 19:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.13 19:17:15 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2011.11.12 23:47:52 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.12 23:47:52 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.12 23:39:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.11.12 23:03:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318831458-1486538062-3479482895-1000UA.job [2011.11.12 23:03:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318831458-1486538062-3479482895-1000Core.job [2011.11.12 22:57:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.11.12 21:21:56 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.12 19:13:47 | 000,333,864 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57amd64.sys [2011.11.12 14:16:22 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.11.12 14:12:49 | 000,000,355 | ---- | M] () -- C:\Users\Zündi\Desktop\Computer - Verknüpfung.lnk [2011.11.12 14:12:10 | 000,000,234 | ---- | M] () -- C:\Windows\SysNative\.crusader [2011.11.12 13:56:13 | 000,007,611 | ---- | M] () -- C:\Users\Zündi\AppData\Local\Resmon.ResmonCfg [2011.11.12 13:25:36 | 001,327,180 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.11.12 13:22:43 | 000,001,502 | ---- | M] () -- C:\Users\Zündi\Desktop\sdsetup.exe.lnk [2011.11.12 05:14:13 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.11.12 05:12:59 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.12 05:10:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011.11.12 04:17:41 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtihdW76.sys [2011.11.12 04:17:34 | 003,798,528 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2011.11.12 04:17:34 | 003,025,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2011.11.12 04:17:34 | 000,534,960 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2011.11.12 04:17:34 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.11.12 04:17:34 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2011.11.12 04:17:34 | 000,030,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2011.11.12 04:17:33 | 004,917,248 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2011.11.12 04:17:33 | 002,752,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2011.11.12 04:17:33 | 000,534,960 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2011.11.12 04:17:33 | 000,421,376 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll [2011.11.12 04:17:33 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll [2011.11.12 04:17:33 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.11.12 04:17:33 | 000,030,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2011.11.12 04:17:33 | 000,022,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2011.11.12 04:17:33 | 000,002,189 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.12 04:17:33 | 000,002,189 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat [2011.11.12 04:17:32 | 015,180,800 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2011.11.12 04:17:31 | 019,901,952 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2011.11.12 04:17:31 | 000,021,360 | ---- | M] () -- C:\Windows\atiogl.xml [2011.11.12 04:17:29 | 006,856,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2011.11.12 04:17:29 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2011.11.12 04:17:29 | 000,054,272 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2011.11.12 04:17:29 | 000,054,272 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2011.11.12 04:17:29 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2011.11.12 04:17:29 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2011.11.12 04:17:29 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.11.12 04:17:28 | 004,294,656 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2011.11.12 04:17:28 | 003,668,480 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2011.11.12 04:17:28 | 000,458,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.11.12 04:17:28 | 000,203,336 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat [2011.11.12 04:17:28 | 000,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.11.12 04:17:28 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2011.11.12 04:17:28 | 000,018,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2011.11.12 04:17:28 | 000,016,896 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2011.11.12 04:17:28 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2011.11.12 04:17:28 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2011.11.12 04:17:27 | 005,265,408 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2011.11.12 04:17:27 | 004,096,000 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2011.11.12 04:17:27 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2011.11.12 04:17:27 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2011.11.12 04:17:27 | 000,043,008 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2011.11.12 04:17:26 | 000,335,872 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2011.11.12 04:17:26 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2011.11.12 04:17:26 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2011.11.12 04:17:26 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe [2011.11.12 04:17:26 | 000,057,816 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2011.11.12 04:17:26 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2011.11.12 04:17:26 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2011.11.12 04:17:26 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2011.11.12 04:17:26 | 000,039,936 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2011.11.12 03:54:24 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011.11.12 03:46:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.12 02:45:49 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.12 02:40:43 | 000,000,856 | ---- | M] () -- C:\Users\Zündi\Desktop\Downloads.lnk [2011.11.12 02:34:31 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.11.12 02:34:31 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.11.12 02:30:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011.10.28 11:03:00 | 000,230,952 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys ========== Files Created - No Company Name ========== [2011.11.13 19:19:21 | 000,021,784 | ---- | C] () -- C:\Users\Zündi\Documents\cc_20111113_191918.reg [2011.11.12 23:39:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.11.12 22:57:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011.11.12 22:55:01 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318831458-1486538062-3479482895-1000UA.job [2011.11.12 22:55:00 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318831458-1486538062-3479482895-1000Core.job [2011.11.12 21:21:56 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.12 14:12:49 | 000,000,355 | ---- | C] () -- C:\Users\Zündi\Desktop\Computer - Verknüpfung.lnk [2011.11.12 14:12:10 | 000,000,234 | ---- | C] () -- C:\Windows\SysNative\.crusader [2011.11.12 14:05:08 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.11.12 13:53:24 | 000,007,611 | ---- | C] () -- C:\Users\Zündi\AppData\Local\Resmon.ResmonCfg [2011.11.12 13:25:20 | 001,327,180 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.11.12 13:22:43 | 000,001,502 | ---- | C] () -- C:\Users\Zündi\Desktop\sdsetup.exe.lnk [2011.11.12 05:14:13 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.11.12 05:10:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.12 04:19:30 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.11.12 04:19:30 | 000,002,189 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2011.11.12 04:18:24 | 000,534,960 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2011.11.12 04:18:24 | 000,534,960 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2011.11.12 04:18:24 | 000,203,336 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2011.11.12 04:18:24 | 000,021,360 | ---- | C] () -- C:\Windows\atiogl.xml [2011.11.12 04:18:24 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.12 04:18:24 | 000,002,189 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2011.11.12 04:18:23 | 000,057,816 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2011.11.12 03:46:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.12 02:45:49 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.12 02:45:34 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.11.12 02:40:43 | 000,001,409 | ---- | C] () -- C:\Users\Zündi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.11.12 02:40:39 | 000,001,443 | ---- | C] () -- C:\Users\Zündi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.11.12 02:40:38 | 000,000,856 | ---- | C] () -- C:\Users\Zündi\Desktop\Downloads.lnk [2011.11.12 02:34:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.11.12 02:34:19 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.11.12 02:30:46 | 3111,518,208 | -HS- | C] () -- C:\hiberfil.sys [2011.11.12 02:30:05 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011.11.12 02:30:04 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > OTL-Logfile Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.11.2011 19:27:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zündi\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 67,74% Memory free
7,73 Gb Paging File | 6,38 Gb Available in Paging File | 82,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,35 Gb Total Space | 561,65 Gb Free Space | 96,12% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,36 Mb Free Space | 70,36% Space Free | Partition Type: NTFS
Computer Name: ZÜNDI-PC | User Name: Zündi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64726C2C-0B39-5D87-3117-E11F59C9460D}" = ccc-utility64
"{75FDB05A-C1C2-CD17-35CE-3C1A454CC79F}" = ATI Catalyst Install Manager
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{098426AB-AF12-F225-15E1-0A6B5CB44625}" = CCC Help Spanish
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1DE498F3-1516-20E5-97A6-825B1B4C550A}" = CCC Help Korean
"{1DE4A2D1-BB3B-8AAB-85FA-950C2CC43D04}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{244E0BD1-F718-CAE3-CF72-AC80E14D0F00}" = CCC Help Japanese
"{305D864B-2F21-63F0-19DC-407FCA0D57EC}" = PX Profile Update
"{39C14B42-C152-8714-2AD5-181AB0552B94}" = CCC Help Finnish
"{43002AB2-B693-6BE0-C503-F4A65663D4DE}" = Catalyst Control Center Graphics Previews Vista
"{571B550F-C377-7C28-14C2-F53E0559C9F9}" = Catalyst Control Center InstallProxy
"{5E43F665-AA84-A378-2F47-CA68AAE8816C}" = CCC Help Czech
"{63F043DB-8643-AA02-7A4E-D319AC0B7EDE}" = CCC Help Swedish
"{68B3611D-CBF5-19E0-038F-C2B9CA8E741C}" = CCC Help Chinese Traditional
"{811E44BF-DD4F-859E-1ACA-CC5C8B2D1A4D}" = CCC Help Danish
"{8861494F-7030-9F2E-6E4D-DD04F5D5589A}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7BC15A6-FD50-5B42-6DDC-1E8FCEF4D5EF}" = CCC Help Norwegian
"{A8B92DB3-B481-35C2-2A38-D2EF946DCE6B}" = Catalyst Control Center Localization All
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{ACA4DE44-9531-EF98-A1DB-9B81C0C5552C}" = CCC Help Greek
"{B29F0C92-D258-60E1-CDCD-98B2426A849F}" = CCC Help German
"{C010177E-FBE7-8F26-73CA-9AB66F53D521}" = CCC Help Chinese Standard
"{C44AA0C1-3D87-F8A5-D779-40925F7CF38B}" = CCC Help Italian
"{C6C7C290-9E0A-377B-BEBA-0BB556D5B6AD}" = CCC Help Turkish
"{CE68968C-6298-6DDA-7298-3439457A9AA2}" = CCC Help Polish
"{DA236B20-EE6D-015F-1DB7-4885F558C859}" = ccc-core-static
"{DB85A80F-3A68-8C88-93E3-A3EDEE8F065E}" = CCC Help Thai
"{DC4E398E-6994-5657-E02E-88DDBE49FDD9}" = CCC Help French
"{DDD2A0FD-BBB4-F996-CE0D-800859DDEE23}" = CCC Help English
"{DE42DFC0-1297-41D8-CFDC-A1779D400CF1}" = CCC Help Hungarian
"{ECEDCC15-9E49-8B32-CF40-3592FDF8F68C}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.11.2011 09:16:54 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 12.11.2011 09:16:54 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 12.11.2011 09:16:54 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 12.11.2011 09:16:55 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 12.11.2011 09:16:55 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 12.11.2011 09:16:55 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 12.11.2011 09:16:55 | Computer Name = Zündi-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 12.11.2011 18:32:11 | Computer Name = Zündi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 15.0.874.120,
Zeitstempel: 0x4eb86cd8 Name des fehlerhaften Moduls: chrome.dll, Version: 15.0.874.120,
Zeitstempel: 0x4eb86c77 Ausnahmecode: 0x80000003 Fehleroffset: 0x0021a087 ID des fehlerhaften
Prozesses: 0x588 Startzeit der fehlerhaften Anwendung: 0x01cca18ae1ce0a35 Pfad der
fehlerhaften Anwendung: C:\Users\Zündi\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Users\Zündi\AppData\Local\Google\Chrome\Application\15.0.874.120\chrome.dll
Berichtskennung:
28e5e70b-0d7e-11e1-89ba-d9ba636bf3f5
Error - 13.11.2011 14:29:35 | Computer Name = Zündi-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
Avira Planer since QueryServiceConfig API failed System Error: Das System kann die
angegebene Datei nicht finden. .
Error - 13.11.2011 14:29:35 | Computer Name = Zündi-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
Avira Echtzeit Scanner since QueryServiceConfig API failed System Error: Das System
kann die angegebene Datei nicht finden. .
[ System Events ]
Error - 12.11.2011 18:44:21 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.11.2011 18:44:32 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.11.2011 18:44:33 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12.11.2011 18:44:35 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr
Error - 12.11.2011 18:44:47 | Computer Name = Zündi-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 13.11.2011 14:17:21 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 13.11.2011 14:17:33 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 13.11.2011 14:17:33 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.11.2011 14:17:36 | Computer Name = Zündi-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr
Error - 13.11.2011 14:17:46 | Computer Name = Zündi-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
|
|
13.11.2011, 19:45
| #4 |
| | Kampf gegen Trojaner - Bin ich ihn los? Weiter gehts mit CCCleaner: Code:
ATTFilter ATI Catalyst Install Manager ATI Technologies, Inc. 11.11.2011 22,3MB 3.0.778.0
CCleaner Piriform 11.11.2011 3.12
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 11.11.2011 13,8MB 1.51.2.1300
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.11.2011 38,8MB 4.0.30319
Microsoft Security Essentials Microsoft Corporation 11.11.2011 2.1.1116.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.11.2011 0,77MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.11.2011 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.11.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.11.2011 11,1MB 10.0.40219
Skype™ 5.6 Skype Technologies S.A. 11.11.2011 19,5MB 5.6.110
|
|
13.11.2011, 19:55
| #5 |
| | Kampf gegen Trojaner - Bin ich ihn los? Hijack brachte mir am Anfang folgende Fehlermeldung und ließ sich nicht als Administrator ausführen (!). Ist das normal? "For some reason your system denied writes access to the Hosts file. If any hijacked files are in this domain Hijack This may not be able to fix this. If this happens you need to edit the file yourself. To do this click Start Run and type: Notepad C:\Windows\System 32\drivers\etc\hosts and press Enter. Find the line(S) Hijack this reports and delete them. Save the file as Hosts and reboot For Vista simply exit Hijack This right click on the Hijack this icon and choose run as administrator." Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:50:25, on 13.11.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16869) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 4567 bytes |
|
13.11.2011, 19:59
| #6 |
| | Kampf gegen Trojaner - Bin ich ihn los? Und zu guter letzt TDSS: Code:
ATTFilter 19:57:20.0667 1560 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
19:57:20.0932 1560 ============================================================
19:57:20.0932 1560 Current date / time: 2011/11/13 19:57:20.0932
19:57:20.0932 1560 SystemInfo:
19:57:20.0932 1560
19:57:20.0932 1560 OS Version: 6.1.7600 ServicePack: 0.0
19:57:20.0932 1560 Product type: Workstation
19:57:20.0932 1560 ComputerName: ZÜNDI-PC
19:57:20.0932 1560 UserName: Zündi
19:57:20.0948 1560 Windows directory: C:\Windows
19:57:20.0948 1560 System windows directory: C:\Windows
19:57:20.0948 1560 Running under WOW64
19:57:20.0948 1560 Processor architecture: Intel x64
19:57:20.0948 1560 Number of processors: 4
19:57:20.0948 1560 Page size: 0x1000
19:57:20.0948 1560 Boot type: Normal boot
19:57:20.0948 1560 ============================================================
19:57:22.0258 1560 Initialize success
19:57:24.0520 3780 ============================================================
19:57:24.0520 3780 Scan started
19:57:24.0520 3780 Mode: Manual;
19:57:24.0520 3780 ============================================================
19:57:26.0439 3780 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:57:26.0439 3780 1394ohci - ok
19:57:26.0720 3780 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:57:26.0720 3780 ACPI - ok
19:57:26.0985 3780 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:57:26.0985 3780 AcpiPmi - ok
19:57:27.0593 3780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:27.0609 3780 adp94xx - ok
19:57:27.0874 3780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:57:27.0890 3780 adpahci - ok
19:57:28.0186 3780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:57:28.0186 3780 adpu320 - ok
19:57:28.0498 3780 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:57:28.0498 3780 AFD - ok
19:57:28.0779 3780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:57:28.0795 3780 agp440 - ok
19:57:29.0060 3780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:57:29.0060 3780 aliide - ok
19:57:29.0403 3780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:57:29.0403 3780 amdide - ok
19:57:29.0684 3780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:57:29.0684 3780 AmdK8 - ok
19:57:30.0105 3780 amdkmdag (ef2b99dcee397b45f50594696d7b5339) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:30.0308 3780 amdkmdag - ok
19:57:30.0620 3780 amdkmdap (239dce60bee6e1576c803948ab4d54c5) C:\Windows\system32\DRIVERS\atikmpag.sys
19:57:30.0620 3780 amdkmdap - ok
19:57:30.0901 3780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:57:30.0901 3780 AmdPPM - ok
19:57:31.0181 3780 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
19:57:31.0181 3780 amdsata - ok
19:57:31.0462 3780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:31.0462 3780 amdsbs - ok
19:57:31.0727 3780 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
19:57:31.0727 3780 amdxata - ok
19:57:32.0008 3780 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:57:32.0008 3780 AppID - ok
19:57:32.0273 3780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:57:32.0273 3780 arc - ok
19:57:32.0617 3780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:57:32.0617 3780 arcsas - ok
19:57:32.0882 3780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:32.0882 3780 AsyncMac - ok
19:57:33.0147 3780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:57:33.0147 3780 atapi - ok
19:57:33.0443 3780 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
19:57:33.0490 3780 athr - ok
19:57:33.0865 3780 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
19:57:33.0865 3780 AtiHDAudioService - ok
19:57:34.0145 3780 avgntflt - ok
19:57:34.0411 3780 avipbb - ok
19:57:34.0660 3780 avkmgr - ok
19:57:34.0957 3780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:57:34.0957 3780 b06bdrv - ok
19:57:35.0269 3780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:57:35.0269 3780 b57nd60a - ok
19:57:35.0549 3780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:57:35.0549 3780 Beep - ok
19:57:35.0830 3780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:35.0830 3780 blbdrive - ok
19:57:36.0127 3780 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:57:36.0127 3780 bowser - ok
19:57:36.0392 3780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:36.0392 3780 BrFiltLo - ok
19:57:36.0641 3780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:36.0641 3780 BrFiltUp - ok
19:57:36.0922 3780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:57:36.0922 3780 Brserid - ok
19:57:37.0203 3780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:37.0203 3780 BrSerWdm - ok
19:57:37.0811 3780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:37.0811 3780 BrUsbMdm - ok
19:57:38.0077 3780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:38.0077 3780 BrUsbSer - ok
19:57:38.0326 3780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:38.0326 3780 BTHMODEM - ok
19:57:38.0607 3780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:38.0607 3780 cdfs - ok
19:57:38.0888 3780 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:38.0888 3780 cdrom - ok
19:57:39.0184 3780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:57:39.0184 3780 circlass - ok
19:57:39.0387 3780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:57:39.0403 3780 CLFS - ok
19:57:39.0746 3780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:39.0746 3780 CmBatt - ok
19:57:40.0011 3780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:57:40.0011 3780 cmdide - ok
19:57:40.0292 3780 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:57:40.0292 3780 CNG - ok
19:57:40.0541 3780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:40.0541 3780 Compbatt - ok
19:57:40.0807 3780 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:57:40.0807 3780 CompositeBus - ok
19:57:41.0056 3780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:57:41.0056 3780 crcdisk - ok
19:57:41.0353 3780 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:57:41.0353 3780 DfsC - ok
19:57:41.0633 3780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:57:41.0633 3780 discache - ok
19:57:41.0899 3780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:57:41.0899 3780 Disk - ok
19:57:42.0195 3780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:57:42.0195 3780 drmkaud - ok
19:57:42.0491 3780 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:42.0491 3780 DXGKrnl - ok
19:57:42.0928 3780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:57:42.0975 3780 ebdrv - ok
19:57:43.0287 3780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:57:43.0303 3780 elxstor - ok
19:57:43.0568 3780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:57:43.0568 3780 ErrDev - ok
19:57:43.0864 3780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:57:43.0864 3780 exfat - ok
19:57:44.0145 3780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:57:44.0145 3780 fastfat - ok
19:57:44.0426 3780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:57:44.0426 3780 fdc - ok
19:57:44.0707 3780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:57:44.0707 3780 FileInfo - ok
19:57:44.0972 3780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:57:44.0972 3780 Filetrace - ok
19:57:45.0253 3780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:45.0253 3780 flpydisk - ok
19:57:45.0596 3780 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:57:45.0596 3780 FltMgr - ok
19:57:45.0923 3780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:57:45.0923 3780 FsDepends - ok
19:57:46.0360 3780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:46.0360 3780 Fs_Rec - ok
19:57:46.0657 3780 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:57:46.0657 3780 fvevol - ok
19:57:46.0937 3780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:57:46.0937 3780 gagp30kx - ok
19:57:47.0203 3780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:57:47.0203 3780 hcw85cir - ok
19:57:47.0499 3780 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:57:47.0499 3780 HdAudAddService - ok
19:57:47.0780 3780 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:57:47.0780 3780 HDAudBus - ok
19:57:48.0061 3780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:57:48.0061 3780 HidBatt - ok
19:57:48.0326 3780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:57:48.0326 3780 HidBth - ok
19:57:48.0591 3780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:57:48.0607 3780 HidIr - ok
19:57:48.0887 3780 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:48.0887 3780 HidUsb - ok
19:57:49.0199 3780 hitmanpro35 (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\Windows\system32\drivers\hitmanpro35.sys
19:57:49.0199 3780 hitmanpro35 - ok
19:57:49.0496 3780 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:57:49.0496 3780 HpSAMD - ok
19:57:49.0777 3780 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:57:49.0777 3780 HTTP - ok
19:57:50.0057 3780 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:57:50.0057 3780 hwpolicy - ok
19:57:50.0323 3780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:50.0323 3780 i8042prt - ok
19:57:50.0619 3780 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
19:57:50.0619 3780 iaStorV - ok
19:57:50.0962 3780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:57:50.0962 3780 iirsp - ok
19:57:51.0243 3780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:57:51.0243 3780 intelide - ok
19:57:51.0508 3780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:51.0524 3780 intelppm - ok
19:57:51.0820 3780 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:51.0820 3780 IpFilterDriver - ok
19:57:52.0101 3780 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:57:52.0101 3780 IPMIDRV - ok
19:57:52.0382 3780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:57:52.0382 3780 IPNAT - ok
19:57:52.0663 3780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:57:52.0663 3780 IRENUM - ok
19:57:52.0928 3780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:57:52.0928 3780 isapnp - ok
19:57:53.0193 3780 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:57:53.0209 3780 iScsiPrt - ok
19:57:53.0489 3780 k57nd (d51decfee26eeb855d065a2b87713bc6) C:\Windows\system32\DRIVERS\k57amd64.sys
19:57:53.0489 3780 k57nd - ok
19:57:53.0817 3780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:53.0817 3780 kbdclass - ok
19:57:54.0082 3780 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:54.0082 3780 kbdhid - ok
19:57:54.0363 3780 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:57:54.0363 3780 KSecDD - ok
19:57:54.0644 3780 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:57:54.0644 3780 KSecPkg - ok
19:57:54.0909 3780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:57:54.0909 3780 ksthunk - ok
19:57:55.0190 3780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:55.0190 3780 lltdio - ok
19:57:55.0486 3780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:57:55.0486 3780 LSI_FC - ok
19:57:55.0767 3780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:57:55.0767 3780 LSI_SAS - ok
19:57:56.0032 3780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:57:56.0032 3780 LSI_SAS2 - ok
19:57:56.0297 3780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:57:56.0297 3780 LSI_SCSI - ok
19:57:56.0578 3780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:57:56.0578 3780 luafv - ok
19:57:56.0859 3780 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
19:57:56.0859 3780 MBAMProtector - ok
19:57:57.0140 3780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:57:57.0140 3780 megasas - ok
19:57:57.0421 3780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:57:57.0421 3780 MegaSR - ok
19:57:57.0686 3780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:57:57.0686 3780 Modem - ok
19:57:57.0951 3780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:57:57.0967 3780 monitor - ok
19:57:58.0232 3780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:58.0232 3780 mouclass - ok
19:57:58.0513 3780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:58.0513 3780 mouhid - ok
19:57:58.0778 3780 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:57:58.0778 3780 mountmgr - ok
19:57:59.0059 3780 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:57:59.0059 3780 MpFilter - ok
19:57:59.0324 3780 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:57:59.0324 3780 mpio - ok
19:57:59.0589 3780 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:57:59.0589 3780 MpNWMon - ok
19:57:59.0839 3780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:57:59.0854 3780 mpsdrv - ok
19:58:00.0119 3780 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:58:00.0119 3780 MRxDAV - ok
19:58:00.0400 3780 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:00.0400 3780 mrxsmb - ok
19:58:00.0697 3780 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:00.0697 3780 mrxsmb10 - ok
19:58:00.0993 3780 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:00.0993 3780 mrxsmb20 - ok
19:58:01.0274 3780 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:58:01.0274 3780 msahci - ok
19:58:01.0539 3780 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:58:01.0539 3780 msdsm - ok
19:58:01.0991 3780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:58:01.0991 3780 Msfs - ok
19:58:02.0257 3780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:58:02.0257 3780 mshidkmdf - ok
19:58:02.0522 3780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:58:02.0522 3780 msisadrv - ok
19:58:02.0818 3780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:02.0818 3780 MSKSSRV - ok
19:58:03.0083 3780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:03.0083 3780 MSPCLOCK - ok
19:58:03.0349 3780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:58:03.0364 3780 MSPQM - ok
19:58:03.0629 3780 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:58:03.0645 3780 MsRPC - ok
19:58:03.0910 3780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:03.0910 3780 mssmbios - ok
19:58:04.0175 3780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:58:04.0175 3780 MSTEE - ok
19:58:04.0441 3780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:58:04.0441 3780 MTConfig - ok
19:58:04.0706 3780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:58:04.0721 3780 Mup - ok
19:58:04.0987 3780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:05.0002 3780 NativeWifiP - ok
19:58:05.0283 3780 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:58:05.0314 3780 NDIS - ok
19:58:05.0579 3780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:05.0579 3780 NdisCap - ok
19:58:05.0845 3780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:05.0845 3780 NdisTapi - ok
19:58:06.0110 3780 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:06.0110 3780 Ndisuio - ok
19:58:06.0531 3780 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:06.0531 3780 NdisWan - ok
19:58:06.0812 3780 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:58:06.0812 3780 NDProxy - ok
19:58:07.0093 3780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:58:07.0093 3780 NetBIOS - ok
19:58:07.0389 3780 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:58:07.0405 3780 NetBT - ok
19:58:07.0701 3780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:58:07.0701 3780 nfrd960 - ok
19:58:07.0997 3780 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:58:07.0997 3780 NisDrv - ok
19:58:08.0294 3780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:58:08.0294 3780 Npfs - ok
19:58:08.0575 3780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:58:08.0575 3780 nsiproxy - ok
19:58:08.0887 3780 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
19:58:08.0934 3780 Ntfs - ok
19:58:09.0230 3780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:58:09.0230 3780 Null - ok
19:58:09.0495 3780 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
19:58:09.0511 3780 nvraid - ok
19:58:09.0823 3780 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
19:58:09.0838 3780 nvstor - ok
19:58:10.0104 3780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:58:10.0119 3780 nv_agp - ok
19:58:10.0384 3780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:58:10.0384 3780 ohci1394 - ok
19:58:10.0665 3780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:58:10.0665 3780 Parport - ok
19:58:10.0946 3780 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:58:10.0946 3780 partmgr - ok
19:58:11.0227 3780 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:58:11.0227 3780 pci - ok
19:58:11.0804 3780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:58:11.0804 3780 pciide - ok
19:58:12.0069 3780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:58:12.0085 3780 pcmcia - ok
19:58:12.0350 3780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:58:12.0350 3780 pcw - ok
19:58:12.0646 3780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:58:12.0646 3780 PEAUTH - ok
19:58:12.0958 3780 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:12.0958 3780 PptpMiniport - ok
19:58:13.0239 3780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:58:13.0239 3780 Processor - ok
19:58:13.0520 3780 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:58:13.0520 3780 Psched - ok
19:58:13.0832 3780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:58:13.0879 3780 ql2300 - ok
19:58:14.0144 3780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:58:14.0144 3780 ql40xx - ok
19:58:14.0425 3780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:58:14.0425 3780 QWAVEdrv - ok
19:58:14.0721 3780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:14.0721 3780 RasAcd - ok
19:58:14.0986 3780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:14.0986 3780 RasAgileVpn - ok
19:58:15.0283 3780 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:15.0283 3780 Rasl2tp - ok
19:58:15.0564 3780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:15.0564 3780 RasPppoe - ok
19:58:15.0829 3780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:15.0829 3780 RasSstp - ok
19:58:16.0110 3780 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:16.0110 3780 rdbss - ok
19:58:16.0406 3780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:16.0406 3780 rdpbus - ok
19:58:16.0656 3780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:16.0656 3780 RDPCDD - ok
19:58:17.0092 3780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:58:17.0092 3780 RDPENCDD - ok
19:58:17.0358 3780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:58:17.0358 3780 RDPREFMP - ok
19:58:17.0623 3780 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:58:17.0623 3780 RDPWD - ok
19:58:17.0997 3780 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:58:17.0997 3780 rdyboost - ok
19:58:18.0325 3780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:18.0325 3780 rspndr - ok
19:58:18.0590 3780 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:58:18.0590 3780 sbp2port - ok
19:58:18.0855 3780 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:58:18.0855 3780 scfilter - ok
19:58:19.0136 3780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:58:19.0136 3780 secdrv - ok
19:58:19.0417 3780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:58:19.0417 3780 Serenum - ok
19:58:19.0682 3780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:58:19.0682 3780 Serial - ok
19:58:19.0963 3780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:58:19.0963 3780 sermouse - ok
19:58:20.0259 3780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:58:20.0259 3780 sffdisk - ok
19:58:20.0524 3780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:58:20.0524 3780 sffp_mmc - ok
19:58:20.0821 3780 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:58:20.0821 3780 sffp_sd - ok
19:58:21.0102 3780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:58:21.0102 3780 sfloppy - ok
19:58:21.0382 3780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:58:21.0382 3780 SiSRaid2 - ok
19:58:21.0663 3780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:58:21.0663 3780 SiSRaid4 - ok
19:58:22.0038 3780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:58:22.0038 3780 Smb - ok
19:58:22.0318 3780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:58:22.0334 3780 spldr - ok
19:58:22.0630 3780 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:58:22.0646 3780 srv - ok
19:58:22.0927 3780 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:58:22.0942 3780 srv2 - ok
19:58:23.0239 3780 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:23.0239 3780 srvnet - ok
19:58:23.0520 3780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:58:23.0520 3780 stexstor - ok
19:58:23.0816 3780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:58:23.0816 3780 swenum - ok
19:58:24.0175 3780 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:58:24.0237 3780 Tcpip - ok
19:58:24.0596 3780 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:24.0612 3780 TCPIP6 - ok
19:58:24.0908 3780 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:58:24.0908 3780 tcpipreg - ok
19:58:25.0173 3780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:58:25.0173 3780 TDPIPE - ok
19:58:25.0438 3780 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:58:25.0438 3780 TDTCP - ok
19:58:25.0735 3780 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:58:25.0735 3780 tdx - ok
19:58:26.0078 3780 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:58:26.0078 3780 TermDD - ok
19:58:26.0406 3780 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:26.0406 3780 tssecsrv - ok
19:58:26.0671 3780 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:26.0671 3780 tunnel - ok
19:58:26.0952 3780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:58:26.0952 3780 uagp35 - ok
19:58:27.0232 3780 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:58:27.0232 3780 udfs - ok
19:58:27.0544 3780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:58:27.0560 3780 uliagpkx - ok
19:58:27.0825 3780 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:58:27.0825 3780 umbus - ok
19:58:28.0075 3780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:58:28.0075 3780 UmPass - ok
19:58:28.0340 3780 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:28.0340 3780 usbccgp - ok
19:58:28.0605 3780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:58:28.0605 3780 usbcir - ok
19:58:28.0870 3780 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:28.0870 3780 usbehci - ok
19:58:29.0151 3780 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:29.0151 3780 usbhub - ok
19:58:29.0432 3780 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:58:29.0432 3780 usbohci - ok
19:58:29.0713 3780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:29.0713 3780 usbprint - ok
19:58:29.0994 3780 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:29.0994 3780 USBSTOR - ok
19:58:30.0274 3780 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:58:30.0274 3780 usbuhci - ok
19:58:30.0540 3780 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:58:30.0540 3780 usbvideo - ok
19:58:30.0805 3780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:58:30.0820 3780 vdrvroot - ok
19:58:31.0086 3780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:31.0086 3780 vga - ok
19:58:31.0351 3780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:58:31.0351 3780 VgaSave - ok
19:58:31.0632 3780 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:58:31.0632 3780 vhdmp - ok
19:58:31.0912 3780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:58:31.0912 3780 viaide - ok
19:58:32.0193 3780 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:58:32.0193 3780 volmgr - ok
19:58:32.0458 3780 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:58:32.0474 3780 volmgrx - ok
19:58:32.0755 3780 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:58:32.0770 3780 volsnap - ok
19:58:33.0051 3780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:58:33.0051 3780 vsmraid - ok
19:58:33.0332 3780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:58:33.0332 3780 vwifibus - ok
19:58:33.0613 3780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:58:33.0613 3780 vwififlt - ok
19:58:33.0894 3780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:58:33.0894 3780 WacomPen - ok
19:58:34.0237 3780 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:34.0237 3780 WANARP - ok
19:58:34.0252 3780 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:34.0252 3780 Wanarpv6 - ok
19:58:34.0549 3780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:58:34.0549 3780 Wd - ok
19:58:34.0861 3780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:58:34.0876 3780 Wdf01000 - ok
19:58:35.0157 3780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:35.0157 3780 WfpLwf - ok
19:58:35.0422 3780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:58:35.0438 3780 WIMMount - ok
19:58:35.0750 3780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:58:35.0750 3780 WmiAcpi - ok
19:58:36.0171 3780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:36.0171 3780 ws2ifsl - ok
19:58:36.0468 3780 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:58:36.0468 3780 WudfPf - ok
19:58:36.0764 3780 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:36.0764 3780 WUDFRd - ok
19:58:36.0795 3780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:58:36.0811 3780 \Device\Harddisk0\DR0 - ok
19:58:36.0826 3780 Boot (0x1200) (33ad3d81fc52bbb5ef9a8bafdcc47c71) \Device\Harddisk0\DR0\Partition0
19:58:36.0826 3780 \Device\Harddisk0\DR0\Partition0 - ok
19:58:36.0826 3780 Boot (0x1200) (52a614d0e1b757217d6a4fd5fac0faab) \Device\Harddisk0\DR0\Partition1
19:58:36.0826 3780 \Device\Harddisk0\DR0\Partition1 - ok
19:58:36.0826 3780 ============================================================
19:58:36.0826 3780 Scan finished
19:58:36.0826 3780 ============================================================
19:58:36.0842 1484 Detected object count: 0
19:58:36.0842 1484 Actual detected object count: 0
|
|
14.11.2011, 14:09
| #7 |
| /// Helfer-Team | Kampf gegen Trojaner - Bin ich ihn los? 1. Unverändert (vollständig) gepostet?:-> http://www.trojaner-board.de/105043-...tml#post720488 2. Hitman Pro - nicht (mehr) installiert? 3. Fixen mit OTL
Code:
ATTFilter :OTL
[2011.11.12 14:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.11.12 23:03:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318831458-1486538062-3479482895-1000UA.job
[2011.11.12 23:03:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318831458-1486538062-3479482895-1000Core.job
[2011.11.12 14:16:22 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
:Commands
[purity]
[emptytemp]
3. reinige dein System mit Ccleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.11.2011, 15:39
| #8 |
| | Kampf gegen Trojaner - Bin ich ihn los? Alles klar, ich habe den Rechner heute zu einem Bekannten gegeben, der sich mit sowas auskennt. Haben um sicher zu gehen kurzen Prozess gemacht und das Ding total platt gemacht. Danke trotzdem für deine Hilfe ! |
|
15.11.2011, 06:05
| #9 | |
| /// Helfer-Team | Kampf gegen Trojaner - Bin ich ihn los? Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
15.11.2011, 12:35
| #10 |
| | Kampf gegen Trojaner - Bin ich ihn los? Alles klar, ich nehm es mir zu Herzen. Passwörter sind vorsichtshalber geändert. Kannst du mir noch ein gutes Antivirenprogramm empfehlen? Bisher hatte ich Avira, aber das hat bei Alureon & Co leider versagt  . Darf auch gern was kosten, das ist es ja wert.Viele Grüße und Danke nochmal |
|
16.11.2011, 16:37
| #11 | ||
| /// Helfer-Team | Kampf gegen Trojaner - Bin ich ihn los?Zitat:
Zur Info: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Kampf gegen Trojaner - Bin ich ihn los? |
| alureon, brauch, brauche, bräuchte, entfernt, fiese, gleichzeitig, gmer, hilfe!, laptop, malwarebytes, neustart, nichts, rechner, recovery, recovery cd, schlägt, security, seite, seiten, super, system, trojaner, unbedingt, windows, windows 7 |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
