Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2012, 19:49   #1
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



Hallo Zusammen,

Ich habe mir irgendwie etwas komisches eingefangen. Der Liebe Security Essentials von MS hat nie etwas gemeldet. Als ich die Internetsecurity Demo von G-Data installierte.. meldet der beim starten eine Infektion. Mit einem Fingerprint. Den Fingerprint habe ich an den GData Support gesendet. Diese sagen es sei den Sinowal. Um das ding zu entfernen, soll ich mit Windows CD booten, und mit fixmbr den mbr reparieren. Das hab ich gemacht, anschliessend mit der Gdata Boot CD gebootet aber die Meldung beim starten des IE kommt immer noch. Kann es sein, dass ich da noch was anderes drauf hab?
Welche Tools empfehlt ihr mir für ein Log Posting?

Alt 11.04.2012, 16:37   #2
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



hi
1. meldung(en) von gdata posten.
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 11.04.2012, 18:40   #3
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



Die Gdata Meldung als Attachment -gdata.jpg
Die Extras hatte keinen Platz mehr.. deshalb auch als Attach Extras.Txt

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.04.2012 
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\benutzername\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.55% Memory free
8.93 Gb Paging File | 6.37 Gb Available in Paging File | 71.35% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 10.55 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive Y: | 1832.31 Gb Total Space | 188.61 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive Z: | 1832.31 Gb Total Space | 188.61 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
 
Computer Name: hostname | User Name: benutzername | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.11 17:10:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\benutzername\Desktop\OTL.exe
PRC - [2012.03.18 22:25:08 | 001,178,112 | ---- | M] (Secomba GmbH) -- C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe
PRC - [2012.03.11 22:12:32 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.02.22 07:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.02.02 12:21:36 | 001,524,728 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.01.27 15:01:06 | 000,471,048 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:18:28 | 000,985,080 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.10.06 13:29:40 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.09.22 22:20:44 | 005,587,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.06.15 14:59:00 | 006,814,720 | ---- | M] (cv cryptovision GmbH) -- C:\Program Files (x86)\Post SuisseID\cv act sc interface\RegisterTool.exe
PRC - [2011.05.24 23:18:08 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.02.22 10:01:58 | 000,175,488 | ---- | M] (Synchro Arts Ltd) -- C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.11 22:12:39 | 000,115,137 | ---- | M] () -- C:\Users\benutzername\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
MOD - [2012.03.11 22:12:32 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.02.28 21:22:52 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012.02.28 19:02:19 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012.02.28 19:02:04 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012.02.28 07:01:11 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\54713c242f2029a417259a10b673873f\PresentationFramework.ni.dll
MOD - [2012.02.28 07:00:53 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b761a3b6e5c751993ff65aafd7fe42b8\PresentationCore.ni.dll
MOD - [2012.02.28 07:00:50 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f7283ec1c4b47c6b21777626a76d6611\System.Windows.Forms.ni.dll
MOD - [2012.02.28 07:00:45 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012.02.28 07:00:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012.02.28 07:00:41 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3ed9c2f173958ae6663134d302cc4f62\WindowsBase.ni.dll
MOD - [2012.02.28 07:00:39 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b798dff0ec58f4c76d96bb656d8d04bd\System.Drawing.ni.dll
MOD - [2012.02.28 07:00:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012.02.28 07:00:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7bbdea460b86c08496e471d808bd386\System.Configuration.ni.dll
MOD - [2012.02.28 07:00:37 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5b85b2146a0a9d5893314740d59d1dd3\System.Security.ni.dll
MOD - [2012.02.28 07:00:36 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012.02.28 07:00:31 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.22 22:20:28 | 011,233,136 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.05.04 15:11:46 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010.05.04 15:11:44 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010.04.23 17:55:56 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.03.09 02:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010.01.18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009.12.29 14:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.04.01 18:34:52 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Users\benutzername\Downloads\SkypePortable\App\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.02 12:21:36 | 001,524,728 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.01.27 15:01:06 | 000,471,048 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 05:07:28 | 001,765,352 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.01.27 05:01:08 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.10.06 13:29:40 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.06.21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.05.24 23:19:48 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.08.31 20:36:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.04 15:11:46 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe -- (STacSV)
SRV - [2010.05.04 15:11:44 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.22 10:01:58 | 000,175,488 | ---- | M] (Synchro Arts Ltd) [Auto | Running] -- C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe -- (Synchro Arts License Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.06 19:42:17 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.04.04 18:12:09 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.04.04 18:11:58 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.04.04 18:11:58 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.04.04 18:11:58 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.04.04 18:11:58 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.03.05 20:48:26 | 000,351,632 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 06:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.06 13:29:42 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.10.06 13:29:38 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011.10.06 13:29:37 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.09.28 18:03:12 | 000,071,168 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.02.16 19:05:55 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010.10.25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010.10.25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010.10.22 17:37:54 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010.09.13 18:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.08.28 18:37:15 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.07.15 08:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.06.25 20:01:04 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.06.08 21:29:46 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010.05.04 15:11:46 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.05.04 11:51:58 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.01.07 10:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.07 10:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.07 10:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.07 10:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.12.16 07:38:56 | 000,045,824 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a38ccid.sys -- (A38CCID)
DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009.10.07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nzz.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 49 5B A8 81 2A CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {526D086B-4164-4FB2-8FC1-D293E9AF4FD6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{526D086B-4164-4FB2-8FC1-D293E9AF4FD6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{7ED96FC0-13FC-4F46-8745-55B30B003E38}: "URL" = hxxp://www.google.ch/#hl=de&source=hp&q={searchTerms}&meta=&aq=f&oq={searchTerms}&fp=fccf8b492508f57d
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.11.03 23:48:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.11.03 23:48:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 20:49:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.03.23 22:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benutzername\AppData\Roaming\mozilla\Extensions
[2012.01.08 22:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benutzername\AppData\Roaming\mozilla\Firefox\Profiles\j7jaaoi7.default\extensions
[2012.04.04 18:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.04 18:12:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
() (No name found) -- C:\USERS\benutzername\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7JAAOI7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\benutzername\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7JAAOI7.DEFAULT\EXTENSIONS\{F5DDF39C-9293-4D5E-9AA8-E04E6DD5E9B4}.XPI
() (No name found) -- C:\USERS\benutzername\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7JAAOI7.DEFAULT\EXTENSIONS\MOZREPL@HYPERSTRUCT.NET.XPI
[2012.03.18 20:49:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.26 16:00:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.26 16:00:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.26 16:00:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 16:00:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 16:00:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 16:00:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.11 17:05:46 | 000,003,033 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.1.29 TEST

O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\benutzername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk = C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
O4 - Startup: C:\Users\benutzername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\benutzername\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Über QGet herunterladen - C:\Program Files (x86)\QNAP\QGet\QGetCatch.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Über QGet herunterladen - C:\Program Files (x86)\QNAP\QGet\QGetCatch.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hostpoint.ch ([admin] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([file] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1314452778296 (MUCatalogWebControl Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://www.opentopia.com/support/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.18.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{702488C5-C66F-4A92-A6F6-6EEA29E57706}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C6E1C4E-6E7A-46E3-9C6C-B8992C6196D9}: DhcpNameServer = 192.168.18.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67043e59-b2bb-11df-96c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67043e59-b2bb-11df-96c6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{c87a511c-b52c-11df-ba85-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c87a511c-b52c-11df-ba85-806e6f6e6963}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: AmIcoSinglun64 - hkey= - key= - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: boincmgr - hkey= - key= - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
MsConfig:64bit - StartUpReg: boinctray - hkey= - key= - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
MsConfig:64bit - StartUpReg: HKCU - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.11 17:10:41 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\benutzername\Desktop\OTL.exe
[2012.04.11 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{6AA96B47-837D-4254-8A97-44D5169D3E87}
[2012.04.11 17:01:15 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{DCE5F473-D1A4-4276-9103-3D5635DA0FAD}
[2012.04.10 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\TouchStoneSoftware
[2012.04.10 18:02:14 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{A4CB44AF-D42F-4B8E-B402-CC920059B70D}
[2012.04.10 18:02:04 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{4546EF7F-DEB6-4035-AAB9-AFB88E15DF6D}
[2012.04.09 14:56:20 | 000,000,000 | ---D | C] -- C:\Users\benutzername\DoctorWeb
[2012.04.09 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\benutzername\Desktop\Corsair_Force_FW 2.4
[2012.04.09 12:38:48 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{542596F3-5DE0-47F1-9151-550F6665B8F7}
[2012.04.09 12:38:37 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{78E5CD0A-5CA6-49C1-9DCA-C5F71B148166}
[2012.04.09 00:38:11 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{B6DD32B4-8EC4-4C8A-961E-14CB929B6BB5}
[2012.04.09 00:37:59 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{1EEE0503-45EB-4D86-B3CD-0CD605684212}
[2012.04.08 12:10:20 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{9EC34EA0-0632-4864-AF95-D94DFF9F2951}
[2012.04.08 12:10:09 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{7B0B83F5-7F9E-4DA7-B146-0859E53E0EB9}
[2012.04.08 00:09:42 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{1A4D165F-0749-451A-AD07-048F90670013}
[2012.04.08 00:09:31 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{C3DE682F-970A-46CF-9340-F33E679F0F1E}
[2012.04.07 12:06:12 | 000,000,000 | ---D | C] -- C:\GDSupport
[2012.04.07 12:00:47 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{9C896E11-074C-4248-9E6B-479271D639C2}
[2012.04.07 12:00:35 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{B8A334C4-77F4-4D50-96A5-6E8444F7E8C3}
[2012.04.06 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{13CE67AD-74E1-4CC5-B93D-6A8BA1E27D16}
[2012.04.06 21:06:42 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\{63E2E9B5-D8DE-4158-9415-9A1CC5EFB69C}
[2012.04.06 20:22:10 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.04.06 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.04.06 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.04.06 20:17:24 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\Windows Live
[2012.04.06 19:56:40 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.04.06 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.04.04 18:25:57 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\G DATA
[2012.04.04 18:21:51 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.04.04 18:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013
[2012.04.04 18:12:09 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.04.04 18:11:58 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.04.04 18:11:58 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.04.04 18:11:58 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.04.04 18:11:58 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.04.04 18:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.04.04 18:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.04.04 18:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.04.04 17:54:30 | 000,000,000 | ---D | C] -- C:\Users\benutzername\Documents\usr
[2012.03.31 16:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012.03.31 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Roaming\Saaksy
[2012.03.31 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Roaming\Osqupo
[2012.03.31 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Roaming\Erekpo
[2012.03.30 20:23:33 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Local\Secomba_GmbH
[2012.03.30 20:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxCryptor
[2012.03.30 20:23:15 | 000,190,480 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll
[2012.03.30 20:23:14 | 000,351,632 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2012.03.30 20:23:14 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2012.03.30 20:23:14 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2012.03.30 20:23:14 | 000,141,328 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2012.03.30 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoxCryptor
[2012.03.29 20:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.29 20:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.29 20:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.29 20:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.23 20:39:07 | 000,000,000 | ---D | C] -- C:\pidgin
[2011.04.26 19:45:56 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\benutzername\AppData\Local\lxf.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.11 17:56:49 | 104,899,584 | ---- | M] () -- C:\Users\benutzername\Documents\OutlookArchiv2011.pst
[2012.04.11 17:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.11 17:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.11 17:10:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\benutzername\Desktop\OTL.exe
[2012.04.11 17:04:35 | 000,018,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 17:04:35 | 000,018,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 17:03:11 | 001,515,620 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.11 17:03:11 | 000,660,632 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.11 17:03:11 | 000,621,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.11 17:03:11 | 000,132,498 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.11 17:03:11 | 000,108,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.11 17:02:14 | 000,054,611 | ---- | M] () -- C:\Users\benutzername\Desktop\gdata.jpg
[2012.04.11 17:01:57 | 000,605,413 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.04.11 17:01:57 | 000,038,664 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.04.11 17:00:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.11 16:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.09 20:12:28 | 000,000,461 | ---- | M] () -- C:\Users\benutzername\Documents\DrWeb.csv
[2012.04.09 12:41:06 | 000,005,966 | ---- | M] () -- C:\Users\benutzername\Documents\Passwoerter.kdbx
[2012.04.06 20:11:53 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.04.06 19:42:17 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.04.04 18:12:09 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.04.04 18:11:58 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.04.04 18:11:58 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.04.04 18:11:58 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.04.04 18:11:58 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.04.04 18:10:18 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.01 07:00:10 | 007,584,799 | ---- | M] () -- C:\Users\benutzername\AppData\Local\census.cache
[2012.04.01 06:51:56 | 000,137,752 | ---- | M] () -- C:\Users\benutzername\AppData\Local\ars.cache
[2012.03.30 20:23:16 | 000,001,101 | ---- | M] () -- C:\Users\benutzername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk
[2012.03.29 20:26:02 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.15 06:53:19 | 004,959,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.11 17:02:14 | 000,054,611 | ---- | C] () -- C:\Users\benutzername\Desktop\gdata.jpg
[2012.04.09 20:12:28 | 000,000,461 | ---- | C] () -- C:\Users\benutzername\Documents\DrWeb.csv
[2012.04.06 20:21:56 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.04.06 20:21:42 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.04.06 20:21:25 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.04.04 18:18:16 | 000,605,413 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.04.04 18:18:16 | 000,038,664 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.04.01 17:53:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.31 23:24:48 | 007,584,799 | ---- | C] () -- C:\Users\benutzername\AppData\Local\census.cache
[2012.03.31 23:24:29 | 000,137,752 | ---- | C] () -- C:\Users\benutzername\AppData\Local\ars.cache
[2012.03.30 20:23:16 | 000,001,101 | ---- | C] () -- C:\Users\benutzername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk
[2012.03.29 20:26:02 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.03 20:39:36 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI
[2011.09.14 05:15:41 | 000,000,000 | ---- | C] () -- C:\Users\benutzername\AppData\Local\{20DA1C6E-4AFE-4656-9BF4-100B6EAD2C5C}
[2011.09.14 05:13:42 | 000,000,000 | ---- | C] () -- C:\Users\benutzername\AppData\Local\{E32EB327-EB2B-4DC9-AA7C-2B93398A3798}
[2011.06.02 10:55:22 | 000,001,854 | ---- | C] () -- C:\Users\benutzername\AppData\Roaming\GhostObjGAFix.xml
[2011.05.27 18:11:25 | 000,038,435 | ---- | C] () -- C:\Users\benutzername\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.26 20:00:34 | 000,000,036 | ---- | C] () -- C:\Users\benutzername\AppData\Local\housecall.guid.cache
[2011.04.26 19:45:56 | 000,009,784 | -HS- | C] () -- C:\Users\benutzername\AppData\Local\l6ph1ph34eg63568oyhc273060uu18ck6
[2011.04.26 19:45:56 | 000,009,784 | -HS- | C] () -- C:\ProgramData\l6ph1ph34eg63568oyhc273060uu18ck6
[2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.06 13:57:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.24 16:53:46 | 000,003,263 | ---- | C] () -- C:\Windows\SysWow64\cvP11.ini
[2011.02.21 23:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011.02.15 12:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2010.10.04 17:22:17 | 000,007,626 | ---- | C] () -- C:\Users\benutzername\AppData\Local\Resmon.ResmonCfg
[2010.09.25 15:56:17 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.09.25 15:55:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.09.25 15:55:56 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.09.10 17:26:39 | 001,542,446 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.31 20:48:58 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010.08.28 19:27:48 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.08.28 16:54:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.07.07 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\1E757FA2-1ACB-40D5-925F-53E27837A631
[2010.10.16 15:33:20 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Ableton
[2011.08.15 12:06:26 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Acronis
[2011.02.17 21:50:11 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Anthropics
[2011.03.10 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Audacity
[2011.10.06 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\C64574DF-AE30-4DC5-9102-775DAF791399
[2011.10.28 20:53:09 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Canon
[2011.07.08 12:29:02 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.26 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\com.flashgallerycom.photoGalleryBuilder.BE456FDD426FDC61C9F8B47A33E5FBCFF9D5695C.1
[2012.04.11 17:01:15 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Dropbox
[2012.02.27 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\EasyTax
[2012.04.02 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Erekpo
[2011.06.03 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\F7FFDF86-5456-4DE4-85F2-A240EB302454
[2012.04.10 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\FileZilla
[2011.04.17 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\hss
[2012.04.08 16:56:23 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\ICQ
[2011.05.14 19:49:56 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\JAM Software
[2012.04.09 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\KeePass
[2010.10.18 19:31:33 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Leadertech
[2011.11.03 23:34:39 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\MagicMaps
[2011.06.15 21:42:44 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\MAGIX
[2011.10.12 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Mobile Atlas Creator
[2010.09.10 18:04:55 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Mp3tag
[2012.03.31 17:08:51 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Osqupo
[2011.05.27 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Outlook
[2011.02.07 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Roni Music
[2012.03.31 16:46:40 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Saaksy
[2011.05.21 20:08:43 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Samsung
[2011.07.22 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.09.29 20:54:54 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Steinberg
[2011.11.13 21:30:40 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Temp
[2011.02.19 10:48:36 | 000,000,000 | ---D | M] -- C:\Users\benutzername\AppData\Roaming\Transcend
[2012.03.10 00:17:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.11.20 00:37:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.22 19:49:07 | 000,000,000 | ---D | M] -- C:\AMD
[2011.07.22 19:51:10 | 000,000,000 | ---D | M] -- C:\ATI
[2010.09.04 12:19:01 | 000,000,000 | ---D | M] -- C:\Corsair Force Series Update Tool
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.08.28 15:45:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.04.07 12:10:44 | 000,000,000 | ---D | M] -- C:\GDSupport
[2010.08.28 17:05:48 | 000,000,000 | ---D | M] -- C:\HP
[2010.08.28 16:55:25 | 000,000,000 | ---D | M] -- C:\Intel
[2010.08.28 20:36:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.01.18 22:58:25 | 000,000,000 | ---D | M] -- C:\My Music
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.23 20:39:17 | 000,000,000 | ---D | M] -- C:\pidgin
[2012.04.04 18:10:16 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.04.06 20:22:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.04 18:11:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.28 15:45:08 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.28 15:45:08 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.03 20:36:25 | 000,000,000 | ---D | M] -- C:\SiLabs
[2012.04.04 18:49:43 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.04.11 17:59:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.28 18:39:49 | 000,000,000 | ---D | M] -- C:\system.sav
[2012.02.15 20:01:49 | 000,000,000 | ---D | M] -- C:\Temp
[2010.08.28 15:45:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.10 20:08:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2011.04.26 19:45:56 | 000,586,752 | -HS- | M] (Microsoft Corporation) -- C:\Users\benutzername\AppData\Local\lxf.exe
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.08.22 15:09:43 | 000,000,077 | ---- | M] () -- C:\Users\benutzername\bestellung.txt
[2012.04.11 17:58:43 | 007,602,176 | -HS- | M] () -- C:\Users\benutzername\NTUSER.DAT
[2012.04.11 17:58:43 | 000,262,144 | -HS- | M] () -- C:\Users\benutzername\ntuser.dat.LOG1
[2010.08.28 15:45:12 | 000,000,000 | -HS- | M] () -- C:\Users\benutzername\ntuser.dat.LOG2
[2010.08.28 16:23:46 | 000,065,536 | -HS- | M] () -- C:\Users\benutzername\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.08.28 16:23:46 | 000,524,288 | -HS- | M] () -- C:\Users\benutzername\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.08.28 16:23:46 | 000,524,288 | -HS- | M] () -- C:\Users\benutzername\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.08.28 15:45:12 | 000,000,020 | -HS- | M] () -- C:\Users\benutzername\ntuser.ini
[2010.12.28 14:01:31 | 000,000,025 | ---- | M] () -- C:\Users\benutzername\s.txt
[2011.02.13 18:15:59 | 000,000,167 | ---- | M] () -- C:\Users\benutzername\load.dat
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


Vielen Dank für den Support
__________________

Alt 12.04.2012, 11:35   #4
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



die gdata meldung als text posten, müsste eig auch möglich sein
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.04.2012, 21:41   #5
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



anbei der Gdata Text:

Zitat:
In Ihrem Browser wurde ein unbekannter Schädling
(Fingerprint: [47d8de77])
entdeckt.

Die Schadfunktionen wurden deaktiviert.

Trotzdem empfehlen wir Ihnen dringend, bis zur dauerhaften Entfernung des Schädlings keine Passwörter mehr im Browser einzugeben und insbesondere auf empfindliche Vorgänge, wie z.B. Online-Banking, zu verzichten.

Zur vollständigen Behebung des Sicherheits-Problems empfehlen wir, den Schädling mit der "G Data BootCD" zu entfernen. Sollte der Schädling wider Erwarten mit der BootCD nicht entfernt werden können: G Data arbeitet ständig mit Hochdruck an der Erkennung und Entfernung neuester Computer-Schädlinge und wird voraussichtlich innerhalb kürzester Zeit ein entsprechendes Update bereitstellen können.

Für weitere Informationen steht Ihnen der G Data Support zur Verfügung.
gruss


Alt 13.04.2012, 17:54   #6
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9

Alt 14.04.2012, 11:41   #7
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



Hallo,

Anbei das Log:
Zitat:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-13.01 - USER 14.04.2012   1:22.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.8126.6557 [GMT 2:00]
ausgeführt von:: c:\users\USER\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\Windows\drss.dat
c:\programdata\windows\msseedir.dll
c:\programdata\Windows\xessmsxe.dat
c:\users\USER\AppData\Local\assembly\tmp
c:\users\USER\AppData\Local\lxf.exe
c:\users\USER\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
c:\users\USER\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
c:\users\USER\AppData\Roaming\USERlog.dat
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-13 bis 2012-04-13  ))))))))))))))))))))))))))))))
.
.
2012-04-14 04:26 . 2012-04-14 04:26	--------	d-----w-	c:\windows\Microsoft Antimalware
2012-04-13 23:36 . 2012-04-13 23:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-13 22:21 . 2012-03-06 06:53	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-13 22:21 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 22:21 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 22:18 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-13 22:18 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-13 22:18 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-13 22:18 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-13 22:18 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-13 22:18 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-13 22:18 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-10 16:40 . 2012-04-10 16:40	--------	d-----w-	c:\users\USER\AppData\Local\TouchStoneSoftware
2012-04-09 12:56 . 2012-04-09 13:25	--------	d-----w-	c:\users\USER\DoctorWeb
2012-04-07 10:06 . 2012-04-07 10:10	--------	d-----w-	C:\GDSupport
2012-04-06 18:22 . 2012-04-06 18:22	--------	d-----w-	c:\windows\de
2012-04-06 18:19 . 2012-04-07 16:32	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-04-06 18:18 . 2012-04-06 18:18	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ab2f5b651cd14211d\DXSETUP.exe
2012-04-06 18:18 . 2012-04-06 18:18	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ab2f5b651cd14211d\dsetup32.dll
2012-04-06 18:18 . 2012-04-06 18:18	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ab2f5b651cd14211d\DSETUP.dll
2012-04-06 18:18 . 2012-04-06 18:18	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\a936b7ab1cd14211c\DSETUP.dll
2012-04-06 18:18 . 2012-04-06 18:18	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\a936b7ab1cd14211c\DXSETUP.exe
2012-04-06 18:18 . 2012-04-06 18:18	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\a936b7ab1cd14211c\dsetup32.dll
2012-04-06 18:18 . 2012-04-06 18:18	6260088	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\9c831ff51cd142116\Silverlight.4.0.exe
2012-04-06 18:17 . 2012-04-13 22:16	--------	d-----w-	c:\users\USER\AppData\Local\Windows Live
2012-04-06 17:56 . 2012-04-06 18:11	16200	----a-w-	c:\windows\stinger.sys
2012-04-06 17:55 . 2012-04-06 19:04	--------	d-----w-	c:\program files (x86)\stinger
2012-04-04 16:25 . 2012-04-04 16:25	--------	d-----w-	c:\users\USER\AppData\Local\G DATA
2012-04-04 16:21 . 2012-04-06 17:42	106648	----a-w-	c:\windows\system32\drivers\GRD.sys
2012-04-04 16:18 . 2012-04-13 22:19	608317	----a-w-	c:\windows\SysWow64\sig.bin
2012-04-04 16:12 . 2012-04-04 16:12	59768	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-04-04 16:11 . 2012-04-04 16:11	65912	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-04-04 16:11 . 2012-04-04 16:11	54136	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-04-04 16:11 . 2012-04-04 16:11	122744	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-04-04 16:11 . 2012-04-13 23:21	--------	d-----w-	c:\programdata\G DATA
2012-04-04 16:11 . 2012-04-13 23:21	--------	d-----w-	c:\program files (x86)\Common Files\G Data
2012-04-04 16:11 . 2012-04-04 16:11	--------	d-----w-	c:\program files (x86)\G Data
2012-04-01 16:34 . 2012-04-01 16:34	8738464	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 15:53 . 2012-04-01 16:34	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 14:46 . 2012-04-02 15:51	--------	d-----w-	c:\users\USER\AppData\Roaming\Erekpo
2012-03-31 14:46 . 2012-03-31 15:08	--------	d-----w-	c:\users\USER\AppData\Roaming\Osqupo
2012-03-31 14:46 . 2012-03-31 14:46	--------	d-----w-	c:\users\USER\AppData\Roaming\Saaksy
2012-03-30 18:23 . 2012-03-30 18:23	--------	d-----w-	c:\users\USER\AppData\Local\Secomba_GmbH
2012-03-30 18:23 . 2012-03-05 18:48	190480	----a-w-	c:\windows\system32\CbFsMntNtf3.dll
2012-03-30 18:23 . 2012-03-05 18:48	351632	----a-w-	c:\windows\system32\drivers\cbfs3.sys
2012-03-30 18:23 . 2012-03-05 18:48	223760	----a-w-	c:\windows\SysWow64\CbFsNetRdr3.dll
2012-03-30 18:23 . 2012-03-05 18:48	158224	----a-w-	c:\windows\SysWow64\CbFsMntNtf3.dll
2012-03-30 18:23 . 2012-03-05 18:48	141328	----a-w-	c:\windows\system32\CbFsNetRdr3.dll
2012-03-30 18:23 . 2012-03-30 18:23	--------	d-----w-	c:\program files (x86)\BoxCryptor
2012-03-29 18:25 . 2012-03-29 18:25	--------	d-----w-	c:\program files\iPod
2012-03-29 18:25 . 2012-03-29 18:25	--------	d-----w-	c:\program files\iTunes
2012-03-29 18:25 . 2012-03-29 18:25	--------	d-----w-	c:\program files (x86)\iTunes
2012-03-23 18:39 . 2012-03-23 18:39	--------	d-----w-	C:\pidgin
2012-03-18 18:49 . 2012-03-18 18:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 18:49 . 2012-03-18 18:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 18:20 . 2011-03-28 16:36	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-01 16:34 . 2011-05-20 12:20	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 16:50 . 2012-03-08 16:50	49016	----a-w-	c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37	302448	----a-w-	c:\windows\WLXPGSS.SCR
2012-02-17 06:38 . 2012-03-14 18:04	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 18:04	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 18:04	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 18:04	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09	1070352	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 18:05	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 18:05	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 18:05	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-08-28 15:21	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-14 18:04	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 18:04	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 18:04	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-03-05 18:48	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-11 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\program files (x86)\BoxCryptor\BoxCryptor.exe [2012-3-18 1178112]
Dropbox.lnk - c:\users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-18 1207312]
SmartCard Status.lnk - c:\program files (x86)\Post SuisseID\cv act sc interface\RegisterTool.exe [2011-6-15 6814720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-23 103992]
R2 SkypeUpdate;Skype Updater;c:\users\USER\Downloads\SkypePortable\App\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NDISKIO;NDISKIO;c:\users\USER\AppData\Local\Temp\2d3c6cca.nmc\nse\bin\ndiskio.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2010-05-04 89600]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-06 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-03-29 66560]
S2 Synchro Arts License Manager;Synchro Arts License Manager;c:\program files (x86)\Common Files\Synchro Arts Shared\License.exe [2008-02-22 175488]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:34]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 16:10]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 16:10]
.
2012-04-12 c:\windows\Tasks\HPCeeScheduleForUSER.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-03-05 18:48	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-04 487424]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-23 8192]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-24 395344]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nzz.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Über QGet herunterladen - c:\program files (x86)\QNAP\QGet\QGetCatch.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
Trusted Zone: hostpoint.ch\admin
TCP: DhcpNameServer = 192.168.18.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\j7jaaoi7.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-G Data AntiVirus Tray Application - c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
Wow6432Node-HKLM-Run-GDFirewallTray - c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************

.
Zeit der Fertigstellung: 2012-04-14  01:49:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-13 23:49
.
Vor Suchlauf: 20 Verzeichnis(se), 10'048'942'080 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 11'235'581'952 Bytes frei
.
- - End Of File - - 07CB597873E78FBCEF6F9BFB544F4746
         
--- --- ---

gruss

Alt 14.04.2012, 17:51   #8
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 18:09   #9
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



Anbei das Log.. die Meldung von Gdata kommt jedenfalls nicht mehr..

Zitat:
18:01:07.0055 6264 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:01:09.0067 6264 ============================================================
18:01:09.0067 6264 Current date / time: 2012/04/16 18:01:09.0067
18:01:09.0067 6264 SystemInfo:
18:01:09.0067 6264
18:01:09.0067 6264 OS Version: 6.1.7601 ServicePack: 1.0
18:01:09.0067 6264 Product type: Workstation
18:01:09.0067 6264 ComputerName: hostname
18:01:09.0067 6264 UserName: user
18:01:09.0067 6264 Windows directory: C:\Windows
18:01:09.0067 6264 System windows directory: C:\Windows
18:01:09.0067 6264 Running under WOW64
18:01:09.0067 6264 Processor architecture: Intel x64
18:01:09.0067 6264 Number of processors: 8
18:01:09.0067 6264 Page size: 0x1000
18:01:09.0067 6264 Boot type: Normal boot
18:01:09.0067 6264 ============================================================
18:01:16.0633 6264 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:01:16.0633 6264 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:01:16.0664 6264 \Device\Harddisk1\DR1:
18:01:16.0664 6264 MBR used
18:01:16.0664 6264 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:01:16.0664 6264 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
18:01:16.0664 6264 \Device\Harddisk0\DR0:
18:01:16.0664 6264 MBR used
18:01:16.0664 6264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
18:01:17.0039 6264 Initialize success
18:01:17.0039 6264 ============================================================
18:01:39.0347 1796 ============================================================
18:01:39.0347 1796 Scan started
18:01:39.0347 1796 Mode: Manual; SigCheck; TDLFS;
18:01:39.0347 1796 ============================================================
18:01:39.0612 1796 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:01:40.0002 1796 1394ohci - ok
18:01:40.0017 1796 A38CCID (cedda5e0599a595911be1210e16c0d2e) C:\Windows\system32\DRIVERS\a38ccid.sys
18:01:40.0049 1796 A38CCID - ok
18:01:40.0080 1796 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:01:40.0173 1796 Accelerometer - ok
18:01:40.0189 1796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:01:40.0236 1796 ACPI - ok
18:01:40.0251 1796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:01:40.0314 1796 AcpiPmi - ok
18:01:40.0345 1796 AcrSch2Svc (c8ac99197698d2c5988ee2a902e2a042) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:01:40.0454 1796 AcrSch2Svc - ok
18:01:40.0485 1796 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:40.0610 1796 AdobeFlashPlayerUpdateSvc - ok
18:01:40.0626 1796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:01:40.0688 1796 adp94xx - ok
18:01:40.0704 1796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:01:40.0751 1796 adpahci - ok
18:01:40.0782 1796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:01:40.0813 1796 adpu320 - ok
18:01:40.0844 1796 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:01:41.0000 1796 AeLookupSvc - ok
18:01:41.0016 1796 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
18:01:41.0063 1796 AESTFilters - ok
18:01:41.0094 1796 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
18:01:41.0141 1796 afcdp - ok
18:01:41.0219 1796 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:01:41.0499 1796 afcdpsrv - ok
18:01:41.0515 1796 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:01:41.0577 1796 AFD - ok
18:01:41.0593 1796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:01:41.0624 1796 agp440 - ok
18:01:41.0640 1796 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:01:41.0702 1796 ALG - ok
18:01:41.0733 1796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:01:41.0765 1796 aliide - ok
18:01:41.0780 1796 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
18:01:41.0827 1796 AMD External Events Utility - ok
18:01:41.0843 1796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:01:41.0874 1796 amdide - ok
18:01:41.0905 1796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:01:41.0936 1796 AmdK8 - ok
18:01:42.0139 1796 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
18:01:42.0591 1796 amdkmdag - ok
18:01:42.0607 1796 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
18:01:42.0669 1796 amdkmdap - ok
18:01:42.0685 1796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:01:42.0732 1796 AmdPPM - ok
18:01:42.0747 1796 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:01:42.0779 1796 amdsata - ok
18:01:42.0794 1796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:01:42.0841 1796 amdsbs - ok
18:01:42.0857 1796 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:01:42.0903 1796 amdxata - ok
18:01:42.0919 1796 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS
18:01:42.0966 1796 AmUStor - ok
18:01:42.0981 1796 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:01:43.0075 1796 AppID - ok
18:01:43.0091 1796 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:01:43.0184 1796 AppIDSvc - ok
18:01:43.0200 1796 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:01:43.0293 1796 Appinfo - ok
18:01:43.0309 1796 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:01:43.0371 1796 Apple Mobile Device - ok
18:01:43.0387 1796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:01:43.0418 1796 arc - ok
18:01:43.0449 1796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:01:43.0496 1796 arcsas - ok
18:01:43.0512 1796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:43.0605 1796 AsyncMac - ok
18:01:43.0621 1796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:01:43.0652 1796 atapi - ok
18:01:43.0668 1796 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
18:01:43.0746 1796 AtiHDAudioService - ok
18:01:43.0777 1796 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:01:43.0886 1796 AudioEndpointBuilder - ok
18:01:43.0917 1796 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:01:44.0011 1796 AudioSrv - ok
18:01:44.0042 1796 AVKProxy (bf3b991e0e22f9e6a82ccf6512cb51d0) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
18:01:44.0120 1796 AVKProxy - ok
18:01:44.0136 1796 AVKService (29da2d5958b352022a1bb5ce6fdb427c) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
18:01:44.0183 1796 AVKService - ok
18:01:44.0229 1796 AVKWCtl (bd66948f382d077ac9833b6414d1f06e) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
18:01:44.0401 1796 AVKWCtl - ok
18:01:44.0417 1796 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:01:44.0495 1796 AxInstSV - ok
18:01:44.0510 1796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:01:44.0588 1796 b06bdrv - ok
18:01:44.0604 1796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:01:44.0651 1796 b57nd60a - ok
18:01:44.0729 1796 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:01:44.0869 1796 BCM43XX - ok
18:01:44.0900 1796 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:01:44.0947 1796 BDESVC - ok
18:01:44.0963 1796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:01:45.0056 1796 Beep - ok
18:01:45.0087 1796 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:01:45.0212 1796 BFE - ok
18:01:45.0243 1796 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:01:45.0368 1796 BITS - ok
18:01:45.0384 1796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:45.0431 1796 blbdrive - ok
18:01:45.0446 1796 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:01:45.0509 1796 Bonjour Service - ok
18:01:45.0540 1796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:01:45.0587 1796 bowser - ok
18:01:45.0602 1796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:01:45.0649 1796 BrFiltLo - ok
18:01:45.0665 1796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:01:45.0711 1796 BrFiltUp - ok
18:01:45.0727 1796 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:01:45.0836 1796 BridgeMP - ok
18:01:45.0852 1796 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:01:45.0930 1796 Browser - ok
18:01:45.0961 1796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:01:46.0008 1796 Brserid - ok
18:01:46.0023 1796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:46.0070 1796 BrSerWdm - ok
18:01:46.0086 1796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:46.0133 1796 BrUsbMdm - ok
18:01:46.0148 1796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:46.0195 1796 BrUsbSer - ok
18:01:46.0211 1796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:01:46.0242 1796 BthEnum - ok
18:01:46.0257 1796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:01:46.0304 1796 BTHMODEM - ok
18:01:46.0335 1796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:01:46.0367 1796 BthPan - ok
18:01:46.0398 1796 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:01:46.0460 1796 BTHPORT - ok
18:01:46.0476 1796 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:01:46.0585 1796 bthserv - ok
18:01:46.0601 1796 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:01:46.0632 1796 BTHUSB - ok
18:01:46.0663 1796 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
18:01:46.0694 1796 btwaudio - ok
18:01:46.0725 1796 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
18:01:46.0772 1796 btwavdt - ok
18:01:46.0788 1796 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:01:46.0881 1796 btwdins - ok
18:01:46.0897 1796 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:01:46.0944 1796 btwl2cap - ok
18:01:46.0959 1796 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
18:01:46.0991 1796 btwrchid - ok
18:01:47.0006 1796 catchme - ok
18:01:47.0037 1796 cbfs3 (ac563f4e30025405182bef668ccfd26d) C:\Windows\system32\drivers\cbfs3.sys
18:01:47.0084 1796 cbfs3 - ok
18:01:47.0100 1796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:47.0193 1796 cdfs - ok
18:01:47.0209 1796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:01:47.0256 1796 cdrom - ok
18:01:47.0271 1796 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:01:47.0365 1796 CertPropSvc - ok
18:01:47.0381 1796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:01:47.0427 1796 circlass - ok
18:01:47.0443 1796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:01:47.0490 1796 CLFS - ok
18:01:47.0505 1796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:47.0583 1796 clr_optimization_v2.0.50727_32 - ok
18:01:47.0599 1796 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:01:47.0646 1796 clr_optimization_v2.0.50727_64 - ok
18:01:47.0646 1796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:47.0693 1796 clr_optimization_v4.0.30319_32 - ok
18:01:47.0708 1796 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:01:47.0739 1796 clr_optimization_v4.0.30319_64 - ok
18:01:47.0755 1796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:47.0802 1796 CmBatt - ok
18:01:47.0817 1796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:01:47.0849 1796 cmdide - ok
18:01:47.0864 1796 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:01:47.0958 1796 CNG - ok
18:01:47.0989 1796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:01:48.0020 1796 Compbatt - ok
18:01:48.0051 1796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:01:48.0098 1796 CompositeBus - ok
18:01:48.0114 1796 COMSysApp - ok
18:01:48.0129 1796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:01:48.0161 1796 crcdisk - ok
18:01:48.0176 1796 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:01:48.0270 1796 CryptSvc - ok
18:01:48.0301 1796 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:01:48.0395 1796 DcomLaunch - ok
18:01:48.0410 1796 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:01:48.0519 1796 defragsvc - ok
18:01:48.0551 1796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:01:48.0644 1796 DfsC - ok
18:01:48.0660 1796 dgderdrv - ok
18:01:48.0675 1796 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
18:01:48.0722 1796 dg_ssudbus - ok
18:01:48.0753 1796 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:01:48.0863 1796 Dhcp - ok
18:01:48.0878 1796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:01:48.0972 1796 discache - ok
18:01:48.0987 1796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:01:49.0034 1796 Disk - ok
18:01:49.0050 1796 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:01:49.0112 1796 Dnscache - ok
18:01:49.0128 1796 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:01:49.0237 1796 dot3svc - ok
18:01:49.0253 1796 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:01:49.0346 1796 DPS - ok
18:01:49.0377 1796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:01:49.0409 1796 drmkaud - ok
18:01:49.0455 1796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:49.0549 1796 DXGKrnl - ok
18:01:49.0565 1796 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:01:49.0658 1796 EapHost - ok
18:01:49.0736 1796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:01:49.0892 1796 ebdrv - ok
18:01:49.0908 1796 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:01:49.0955 1796 EFS - ok
18:01:49.0970 1796 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:01:50.0064 1796 ehRecvr - ok
18:01:50.0064 1796 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:01:50.0126 1796 ehSched - ok
18:01:50.0157 1796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:01:50.0235 1796 elxstor - ok
18:01:50.0251 1796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:01:50.0282 1796 ErrDev - ok
18:01:50.0313 1796 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:01:50.0407 1796 EventSystem - ok
18:01:50.0423 1796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:01:50.0516 1796 exfat - ok
18:01:50.0547 1796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:01:50.0641 1796 fastfat - ok
18:01:50.0657 1796 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:01:50.0719 1796 Fax - ok
18:01:50.0735 1796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:01:50.0766 1796 fdc - ok
18:01:50.0781 1796 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:01:50.0875 1796 fdPHost - ok
18:01:50.0891 1796 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:01:50.0969 1796 FDResPub - ok
18:01:51.0000 1796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:01:51.0047 1796 FileInfo - ok
18:01:51.0062 1796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:01:51.0140 1796 Filetrace - ok
18:01:51.0156 1796 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:01:51.0281 1796 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:01:51.0281 1796 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:01:51.0312 1796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:51.0343 1796 flpydisk - ok
18:01:51.0359 1796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:01:51.0421 1796 FltMgr - ok
18:01:51.0452 1796 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:01:51.0561 1796 FontCache - ok
18:01:51.0577 1796 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:51.0608 1796 FontCache3.0.0.0 - ok
18:01:51.0624 1796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:01:51.0655 1796 FsDepends - ok
18:01:51.0671 1796 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:51.0717 1796 Fs_Rec - ok
18:01:51.0749 1796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:01:51.0811 1796 fvevol - ok
18:01:51.0827 1796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:01:51.0858 1796 gagp30kx - ok
18:01:51.0889 1796 GDBehave (116f4672a804da33e1159c005ae88b9c) C:\Windows\system32\drivers\GDBehave.sys
18:01:51.0920 1796 GDBehave - ok
18:01:51.0967 1796 GDFwSvc (cc011fabe68cdc2ec9b0dea07b8414c9) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
18:01:52.0107 1796 GDFwSvc - ok
18:01:52.0139 1796 GDMnIcpt (e02ac68f1fc31d38ead729e00bd68c93) C:\Windows\system32\drivers\MiniIcpt.sys
18:01:52.0185 1796 GDMnIcpt - ok
18:01:52.0201 1796 GDPkIcpt (290ddb8c97249f99569b77e9df2f76fc) C:\Windows\system32\drivers\PktIcpt.sys
18:01:52.0248 1796 GDPkIcpt - ok
18:01:52.0263 1796 GDScan (b7d4df09a86a5dc98f74a2fa2875c154) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
18:01:52.0388 1796 GDScan - ok
18:01:52.0404 1796 gdwfpcd (e64c471dbd91adeb0b4c78c204326ecd) C:\Windows\system32\drivers\gdwfpcd64.sys
18:01:52.0451 1796 gdwfpcd - ok
18:01:52.0466 1796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:52.0497 1796 GEARAspiWDM - ok
18:01:52.0529 1796 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:01:52.0638 1796 gpsvc - ok
18:01:52.0653 1796 GRD (9580cbf03d2ee08bd1c0d701aae4092a) C:\Windows\system32\drivers\GRD.sys
18:01:52.0700 1796 GRD - ok
18:01:52.0700 1796 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:52.0731 1796 gupdate - ok
18:01:52.0747 1796 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:52.0763 1796 gupdatem - ok
18:01:52.0794 1796 hcmon (8cdad7b707ddd77d45588f74d59c9aff) C:\Windows\system32\drivers\hcmon.sys
18:01:52.0825 1796 hcmon - ok
18:01:52.0856 1796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:01:52.0887 1796 hcw85cir - ok
18:01:52.0919 1796 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:01:52.0981 1796 HdAudAddService - ok
18:01:52.0997 1796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:01:53.0059 1796 HDAudBus - ok
18:01:53.0075 1796 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:01:53.0106 1796 HECIx64 - ok
18:01:53.0121 1796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:01:53.0168 1796 HidBatt - ok
18:01:53.0184 1796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:01:53.0231 1796 HidBth - ok
18:01:53.0262 1796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:01:53.0309 1796 HidIr - ok
18:01:53.0324 1796 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:01:53.0418 1796 hidserv - ok
18:01:53.0433 1796 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:53.0465 1796 HidUsb - ok
18:01:53.0480 1796 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:01:53.0574 1796 hkmsvc - ok
18:01:53.0605 1796 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:01:53.0652 1796 HomeGroupListener - ok
18:01:53.0683 1796 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:01:53.0714 1796 HomeGroupProvider - ok
18:01:53.0730 1796 HookCentre (3cd18f0b3681fb267e67763cc3152d4e) C:\Windows\system32\drivers\HookCentre.sys
18:01:53.0777 1796 HookCentre - ok
18:01:53.0792 1796 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:01:53.0808 1796 HP Support Assistant Service - ok
18:01:53.0823 1796 HP Wireless Assistant Service (47810bf7bf4480a602621e341bf46586) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
18:01:53.0839 1796 HP Wireless Assistant Service - ok
18:01:53.0855 1796 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:01:53.0933 1796 HPDrvMntSvc.exe - ok
18:01:53.0948 1796 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:01:53.0979 1796 hpdskflt - ok
18:01:54.0011 1796 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:01:54.0057 1796 hpqwmiex - ok
18:01:54.0073 1796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:01:54.0120 1796 HpSAMD - ok
18:01:54.0135 1796 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
18:01:54.0151 1796 hpsrv - ok
18:01:54.0167 1796 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:01:54.0182 1796 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
18:01:54.0182 1796 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
18:01:54.0198 1796 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:01:54.0213 1796 HTCAND64 ( UnsignedFile.Multi.Generic ) - warning
18:01:54.0213 1796 HTCAND64 - detected UnsignedFile.Multi.Generic (1)
18:01:54.0245 1796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:01:54.0369 1796 HTTP - ok
18:01:54.0385 1796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:01:54.0432 1796 hwpolicy - ok
18:01:54.0447 1796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:01:54.0495 1796 i8042prt - ok
18:01:54.0511 1796 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:01:54.0558 1796 iaStorV - ok
18:01:54.0573 1796 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:01:54.0636 1796 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:01:54.0636 1796 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:01:54.0651 1796 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:54.0714 1796 idsvc - ok
18:01:54.0729 1796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:01:54.0760 1796 iirsp - ok
18:01:54.0792 1796 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:01:54.0932 1796 IKEEXT - ok
18:01:54.0948 1796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:01:54.0979 1796 intelide - ok
18:01:55.0010 1796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:55.0057 1796 intelppm - ok
18:01:55.0072 1796 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:01:55.0166 1796 IPBusEnum - ok
18:01:55.0182 1796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:55.0260 1796 IpFilterDriver - ok
18:01:55.0291 1796 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:01:55.0384 1796 iphlpsvc - ok
18:01:55.0400 1796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:01:55.0431 1796 IPMIDRV - ok
18:01:55.0462 1796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:01:55.0557 1796 IPNAT - ok
18:01:55.0588 1796 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:01:55.0635 1796 iPod Service - ok
18:01:55.0651 1796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:01:55.0713 1796 IRENUM - ok
18:01:55.0729 1796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:01:55.0760 1796 isapnp - ok
18:01:55.0775 1796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:01:55.0822 1796 iScsiPrt - ok
18:01:55.0838 1796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:55.0885 1796 kbdclass - ok
18:01:55.0900 1796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:55.0947 1796 kbdhid - ok
18:01:55.0963 1796 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:55.0994 1796 KeyIso - ok
18:01:56.0009 1796 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:01:56.0056 1796 KSecDD - ok
18:01:56.0087 1796 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:01:56.0134 1796 KSecPkg - ok
18:01:56.0150 1796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:01:56.0243 1796 ksthunk - ok
18:01:56.0259 1796 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:01:56.0384 1796 KtmRm - ok
18:01:56.0399 1796 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:01:56.0493 1796 LanmanServer - ok
18:01:56.0524 1796 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:01:56.0618 1796 LanmanWorkstation - ok
18:01:56.0633 1796 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
18:01:56.0680 1796 LBTServ - ok
18:01:56.0696 1796 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:01:56.0727 1796 LEqdUsb - ok
18:01:56.0743 1796 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:01:56.0774 1796 LHidEqd - ok
18:01:56.0789 1796 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:01:56.0836 1796 LHidFilt - ok
18:01:56.0852 1796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:56.0945 1796 lltdio - ok
18:01:56.0961 1796 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:01:57.0070 1796 lltdsvc - ok
18:01:57.0086 1796 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:01:57.0179 1796 lmhosts - ok
18:01:57.0195 1796 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:01:57.0242 1796 LMouFilt - ok
18:01:57.0257 1796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:01:57.0304 1796 LSI_FC - ok
18:01:57.0320 1796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:01:57.0367 1796 LSI_SAS - ok
18:01:57.0382 1796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:01:57.0413 1796 LSI_SAS2 - ok
18:01:57.0429 1796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:01:57.0476 1796 LSI_SCSI - ok
18:01:57.0491 1796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:01:57.0585 1796 luafv - ok
18:01:57.0616 1796 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
18:01:57.0663 1796 LVRS64 - ok
18:01:57.0772 1796 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:01:58.0147 1796 LVUVC64 - ok
18:01:58.0162 1796 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:01:58.0209 1796 Mcx2Svc - ok
18:01:58.0225 1796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:01:58.0256 1796 megasas - ok
18:01:58.0287 1796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:01:58.0350 1796 MegaSR - ok
18:01:58.0365 1796 Microsoft SharePoint Workspace Audit Service - ok
18:01:58.0381 1796 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:01:58.0474 1796 MMCSS - ok
18:01:58.0506 1796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:01:58.0584 1796 Modem - ok
18:01:58.0615 1796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:01:58.0646 1796 monitor - ok
18:01:58.0677 1796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:58.0708 1796 mouclass - ok
18:01:58.0740 1796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:58.0786 1796 mouhid - ok
18:01:58.0802 1796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:01:58.0849 1796 mountmgr - ok
18:01:58.0864 1796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:01:58.0927 1796 mpio - ok
18:01:58.0942 1796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:01:59.0052 1796 mpsdrv - ok
18:01:59.0083 1796 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:01:59.0176 1796 MpsSvc - ok
18:01:59.0208 1796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:01:59.0254 1796 MRxDAV - ok
18:01:59.0286 1796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:59.0332 1796 mrxsmb - ok
18:01:59.0348 1796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:59.0410 1796 mrxsmb10 - ok
18:01:59.0426 1796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:59.0488 1796 mrxsmb20 - ok
18:01:59.0504 1796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:01:59.0566 1796 msahci - ok
18:01:59.0582 1796 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:01:59.0629 1796 msdsm - ok
18:01:59.0660 1796 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:01:59.0707 1796 MSDTC - ok
18:01:59.0738 1796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:01:59.0816 1796 Msfs - ok
18:01:59.0832 1796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:01:59.0925 1796 mshidkmdf - ok
18:01:59.0941 1796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:01:59.0988 1796 msisadrv - ok
18:02:00.0003 1796 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:02:00.0112 1796 MSiSCSI - ok
18:02:00.0128 1796 msiserver - ok
18:02:00.0144 1796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:02:00.0237 1796 MSKSSRV - ok
18:02:00.0253 1796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:00.0331 1796 MSPCLOCK - ok
18:02:00.0346 1796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:02:00.0440 1796 MSPQM - ok
18:02:00.0471 1796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:02:00.0534 1796 MsRPC - ok
18:02:00.0565 1796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:02:00.0596 1796 mssmbios - ok
18:02:00.0612 1796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:02:00.0690 1796 MSTEE - ok
18:02:00.0705 1796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:02:00.0752 1796 MTConfig - ok
18:02:00.0768 1796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:02:00.0814 1796 Mup - ok
18:02:00.0846 1796 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:02:00.0939 1796 napagent - ok
18:02:00.0970 1796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:02:01.0033 1796 NativeWifiP - ok
18:02:01.0048 1796 NAUpdate (9ae6509862de96416ca9ad54440a861b) C:\Program Files (x86)\Nero\Update\NASvc.exe
18:02:01.0158 1796 NAUpdate - ok
18:02:01.0204 1796 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:02:01.0251 1796 NDIS - ok
18:02:01.0267 1796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:02:01.0345 1796 NdisCap - ok
18:02:01.0360 1796 NDISKIO - ok
18:02:01.0392 1796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:01.0470 1796 NdisTapi - ok
18:02:01.0485 1796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:01.0579 1796 Ndisuio - ok
18:02:01.0594 1796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:01.0688 1796 NdisWan - ok
18:02:01.0704 1796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:02:01.0797 1796 NDProxy - ok
18:02:01.0813 1796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:02:01.0891 1796 NetBIOS - ok
18:02:01.0906 1796 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:02:02.0016 1796 NetBT - ok
18:02:02.0031 1796 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:02:02.0062 1796 Netlogon - ok
18:02:02.0078 1796 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:02:02.0187 1796 Netman - ok
18:02:02.0203 1796 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:02:02.0296 1796 netprofm - ok
18:02:02.0312 1796 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:02.0343 1796 NetTcpPortSharing - ok
18:02:02.0359 1796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:02:02.0390 1796 nfrd960 - ok
18:02:02.0421 1796 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:02:02.0530 1796 NlaSvc - ok
18:02:02.0546 1796 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
18:02:02.0608 1796 nlsX86cc - ok
18:02:02.0640 1796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:02:02.0733 1796 Npfs - ok
18:02:02.0749 1796 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:02:02.0842 1796 nsi - ok
18:02:02.0858 1796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:02:02.0952 1796 nsiproxy - ok
18:02:02.0998 1796 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:02:03.0108 1796 Ntfs - ok
18:02:03.0123 1796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:02:03.0217 1796 Null - ok
18:02:03.0232 1796 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:02:03.0279 1796 nvraid - ok
18:02:03.0295 1796 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:02:03.0342 1796 nvstor - ok
18:02:03.0357 1796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:02:03.0404 1796 nv_agp - ok
18:02:03.0420 1796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:02:03.0466 1796 ohci1394 - ok
18:02:03.0482 1796 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:03.0544 1796 ose - ok
18:02:03.0654 1796 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:02:03.0888 1796 osppsvc - ok
18:02:03.0903 1796 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:02:03.0950 1796 p2pimsvc - ok
18:02:03.0981 1796 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:02:04.0044 1796 p2psvc - ok
18:02:04.0059 1796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:02:04.0106 1796 Parport - ok
18:02:04.0122 1796 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:02:04.0168 1796 partmgr - ok
18:02:04.0184 1796 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:02:04.0246 1796 PcaSvc - ok
18:02:04.0262 1796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:02:04.0324 1796 pci - ok
18:02:04.0371 1796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:02:04.0418 1796 pciide - ok
18:02:04.0465 1796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:02:04.0512 1796 pcmcia - ok
18:02:04.0543 1796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:02:04.0590 1796 pcw - ok
18:02:04.0652 1796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:02:04.0792 1796 PEAUTH - ok
18:02:04.0824 1796 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:02:04.0886 1796 PerfHost - ok
18:02:04.0933 1796 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:02:05.0104 1796 pla - ok
18:02:05.0136 1796 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:02:05.0198 1796 PlugPlay - ok
18:02:05.0214 1796 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:02:05.0260 1796 PNRPAutoReg - ok
18:02:05.0276 1796 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:02:05.0323 1796 PNRPsvc - ok
18:02:05.0354 1796 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:02:05.0479 1796 PolicyAgent - ok
18:02:05.0494 1796 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:02:05.0588 1796 Power - ok
18:02:05.0604 1796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:02:05.0697 1796 PptpMiniport - ok
18:02:05.0728 1796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:02:05.0760 1796 Processor - ok
18:02:05.0775 1796 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:02:05.0884 1796 ProfSvc - ok
18:02:05.0900 1796 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:02:05.0931 1796 ProtectedStorage - ok
18:02:05.0947 1796 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:02:06.0040 1796 Psched - ok
18:02:06.0087 1796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:02:06.0228 1796 ql2300 - ok
18:02:06.0243 1796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:02:06.0290 1796 ql40xx - ok
18:02:06.0306 1796 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:02:06.0368 1796 QWAVE - ok
18:02:06.0399 1796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:02:06.0446 1796 QWAVEdrv - ok
18:02:06.0462 1796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:02:06.0555 1796 RasAcd - ok
18:02:06.0571 1796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:02:06.0664 1796 RasAgileVpn - ok
18:02:06.0696 1796 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:02:06.0789 1796 RasAuto - ok
18:02:06.0805 1796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:06.0914 1796 Rasl2tp - ok
18:02:06.0930 1796 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:02:07.0039 1796 RasMan - ok
18:02:07.0054 1796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:07.0148 1796 RasPppoe - ok
18:02:07.0179 1796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:02:07.0273 1796 RasSstp - ok
18:02:07.0304 1796 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:02:07.0382 1796 rdbss - ok
18:02:07.0413 1796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:02:07.0444 1796 rdpbus - ok
18:02:07.0460 1796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:07.0554 1796 RDPCDD - ok
18:02:07.0569 1796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:02:07.0663 1796 RDPENCDD - ok
18:02:07.0694 1796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:02:07.0772 1796 RDPREFMP - ok
18:02:07.0803 1796 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:02:07.0834 1796 RDPWD - ok
18:02:07.0866 1796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:02:07.0928 1796 rdyboost - ok
18:02:07.0944 1796 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:02:08.0037 1796 RemoteAccess - ok
18:02:08.0053 1796 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:02:08.0162 1796 RemoteRegistry - ok
18:02:08.0193 1796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:02:08.0240 1796 RFCOMM - ok
18:02:08.0256 1796 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:02:08.0349 1796 RpcEptMapper - ok
18:02:08.0365 1796 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:02:08.0412 1796 RpcLocator - ok
18:02:08.0427 1796 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:02:08.0536 1796 RpcSs - ok
18:02:08.0552 1796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:02:08.0646 1796 rspndr - ok
18:02:08.0677 1796 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:02:08.0724 1796 RTL8167 - ok
18:02:08.0755 1796 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:02:08.0786 1796 SamSs - ok
18:02:08.0802 1796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:02:08.0848 1796 sbp2port - ok
18:02:08.0864 1796 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:02:08.0958 1796 SCardSvr - ok
18:02:08.0989 1796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:02:09.0067 1796 scfilter - ok
18:02:09.0098 1796 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:02:09.0254 1796 Schedule - ok
18:02:09.0285 1796 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:02:09.0379 1796 SCPolicySvc - ok
18:02:09.0394 1796 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:02:09.0457 1796 SDRSVC - ok
18:02:09.0472 1796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:02:09.0566 1796 secdrv - ok
18:02:09.0582 1796 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:02:09.0675 1796 seclogon - ok
18:02:09.0691 1796 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:02:09.0800 1796 SENS - ok
18:02:09.0816 1796 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:02:09.0862 1796 SensrSvc - ok
18:02:09.0878 1796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:02:09.0956 1796 Serenum - ok
18:02:09.0972 1796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:02:10.0018 1796 Serial - ok
18:02:10.0034 1796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:02:10.0065 1796 sermouse - ok
18:02:10.0081 1796 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:02:10.0174 1796 SessionEnv - ok
18:02:10.0190 1796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:02:10.0237 1796 sffdisk - ok
18:02:10.0252 1796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:02:10.0284 1796 sffp_mmc - ok
18:02:10.0299 1796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:02:10.0330 1796 sffp_sd - ok
18:02:10.0346 1796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:02:10.0377 1796 sfloppy - ok
18:02:10.0408 1796 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:02:10.0518 1796 SharedAccess - ok
18:02:10.0533 1796 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:02:10.0642 1796 ShellHWDetection - ok
18:02:10.0658 1796 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
18:02:10.0705 1796 silabenm - ok
18:02:10.0720 1796 silabser (4ad84f9b367b89b48a3338e0aeca06b9) C:\Windows\system32\DRIVERS\silabser.sys
18:02:10.0752 1796 silabser - ok
18:02:10.0767 1796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:02:10.0798 1796 SiSRaid2 - ok
18:02:10.0814 1796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:02:10.0845 1796 SiSRaid4 - ok
18:02:10.0861 1796 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Users\user\Downloads\SkypePortable\App\Skype\Updater\Updater.exe
18:02:11.0017 1796 SkypeUpdate - ok
18:02:11.0032 1796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:02:11.0126 1796 Smb - ok
18:02:11.0157 1796 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
18:02:11.0204 1796 snapman - ok
18:02:11.0220 1796 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:02:11.0266 1796 SNMPTRAP - ok
18:02:11.0282 1796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:02:11.0329 1796 spldr - ok
18:02:11.0344 1796 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:02:11.0485 1796 Spooler - ok
18:02:11.0563 1796 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:02:11.0750 1796 sppsvc - ok
18:02:11.0766 1796 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:02:11.0875 1796 sppuinotify - ok
18:02:11.0890 1796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:02:11.0968 1796 srv - ok
18:02:11.0984 1796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:02:12.0046 1796 srv2 - ok
18:02:12.0062 1796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:02:12.0109 1796 srvnet - ok
18:02:12.0124 1796 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:02:12.0202 1796 SSDPSRV - ok
18:02:12.0218 1796 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:02:12.0296 1796 SstpSvc - ok
18:02:12.0312 1796 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:02:12.0343 1796 ssudmdm - ok
18:02:12.0374 1796 STacSV (5752bacef32a6803528d05a6fb266758) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
18:02:12.0405 1796 STacSV - ok
18:02:12.0421 1796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:02:12.0452 1796 stexstor - ok
18:02:12.0468 1796 STHDA (936a4d05f7a790b8aab3b6be61651e0e) C:\Windows\system32\DRIVERS\stwrt64.sys
18:02:12.0514 1796 STHDA - ok
18:02:12.0546 1796 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:02:12.0592 1796 stisvc - ok
18:02:12.0608 1796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:02:12.0639 1796 swenum - ok
18:02:12.0655 1796 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:02:12.0686 1796 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:02:12.0686 1796 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:02:12.0702 1796 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:02:12.0795 1796 swprv - ok
18:02:12.0795 1796 Synchro Arts License Manager (13ab76478ef751c130bfa226f373065b) C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe
18:02:12.0889 1796 Synchro Arts License Manager ( UnsignedFile.Multi.Generic ) - warning
18:02:12.0889 1796 Synchro Arts License Manager - detected UnsignedFile.Multi.Generic (1)
18:02:12.0920 1796 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
18:02:12.0982 1796 SynTP - ok
18:02:13.0014 1796 synusb64 (bcb6aa197267d3506be2535342fc40e0) C:\Windows\system32\DRIVERS\synusb64.sys
18:02:13.0029 1796 synusb64 - ok
18:02:13.0060 1796 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:02:13.0185 1796 SysMain - ok
18:02:13.0201 1796 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:02:13.0232 1796 TabletInputService - ok
18:02:13.0341 1796 TabletServiceWacom (c0255d8e3abe790694927624603f8f10) C:\Windows\system32\Wacom_Tablet.exe
18:02:13.0591 1796 TabletServiceWacom - ok
18:02:13.0622 1796 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:02:13.0731 1796 TapiSrv - ok
18:02:13.0747 1796 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:02:13.0825 1796 TBS - ok
18:02:13.0887 1796 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:02:14.0059 1796 Tcpip - ok
18:02:14.0106 1796 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:02:14.0215 1796 TCPIP6 - ok
18:02:14.0230 1796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:02:14.0324 1796 tcpipreg - ok
18:02:14.0340 1796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:02:14.0386 1796 TDPIPE - ok
18:02:14.0433 1796 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
18:02:14.0511 1796 tdrpman273 - ok
18:02:14.0527 1796 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:02:14.0558 1796 TDTCP - ok
18:02:14.0589 1796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:02:14.0683 1796 tdx - ok
18:02:14.0698 1796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:02:14.0745 1796 TermDD - ok
18:02:14.0776 1796 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:02:14.0901 1796 TermService - ok
18:02:14.0917 1796 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:02:14.0979 1796 Themes - ok
18:02:14.0995 1796 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:02:15.0088 1796 THREADORDER - ok
18:02:15.0135 1796 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
18:02:15.0229 1796 timounter - ok
18:02:15.0244 1796 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:02:15.0354 1796 TrkWks - ok
18:02:15.0369 1796 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:02:15.0447 1796 TrustedInstaller - ok
18:02:15.0463 1796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:15.0556 1796 tssecsrv - ok
18:02:15.0572 1796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:02:15.0619 1796 TsUsbFlt - ok
18:02:15.0634 1796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:15.0728 1796 tunnel - ok
18:02:15.0744 1796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:02:15.0790 1796 uagp35 - ok
18:02:15.0806 1796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:02:15.0915 1796 udfs - ok
18:02:16.0040 1796 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:02:16.0087 1796 UI0Detect - ok
18:02:16.0102 1796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:02:16.0149 1796 uliagpkx - ok
18:02:16.0165 1796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:02:16.0212 1796 umbus - ok
18:02:16.0227 1796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:02:16.0274 1796 UmPass - ok
18:02:16.0305 1796 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:02:16.0399 1796 upnphost - ok
18:02:16.0414 1796 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
18:02:16.0430 1796 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:02:16.0430 1796 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:02:16.0446 1796 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:02:16.0508 1796 usbaudio - ok
18:02:16.0524 1796 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:16.0570 1796 usbccgp - ok
18:02:16.0586 1796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:02:16.0633 1796 usbcir - ok
18:02:16.0664 1796 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:02:16.0711 1796 usbehci - ok
18:02:16.0726 1796 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:16.0789 1796 usbhub - ok
18:02:16.0804 1796 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:02:16.0851 1796 usbohci - ok
18:02:16.0867 1796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:16.0898 1796 usbprint - ok
18:02:16.0929 1796 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:16.0976 1796 USBSTOR - ok
18:02:16.0992 1796 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:02:17.0038 1796 usbuhci - ok
18:02:17.0054 1796 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:02:17.0116 1796 usbvideo - ok
18:02:17.0132 1796 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:02:17.0226 1796 UxSms - ok
18:02:17.0241 1796 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:02:17.0288 1796 VaultSvc - ok
18:02:17.0304 1796 VBoxDrv (00203e05f2fe6cfb94229ed91d6010a2) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:02:17.0366 1796 VBoxDrv - ok
18:02:17.0382 1796 VBoxNetAdp (85df2c59645d374be7e3234241761230) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:02:17.0428 1796 VBoxNetAdp - ok
18:02:17.0460 1796 VBoxNetFlt (57daefdd2c459afef2596a656f016e74) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:02:17.0506 1796 VBoxNetFlt - ok
18:02:17.0522 1796 VBoxUSBMon (74ce29e023c79c195ddff87fbf075037) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:02:17.0569 1796 VBoxUSBMon - ok
18:02:17.0584 1796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:02:17.0631 1796 vdrvroot - ok
18:02:17.0662 1796 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:02:17.0787 1796 vds - ok
18:02:17.0803 1796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:17.0850 1796 vga - ok
18:02:17.0865 1796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:02:17.0959 1796 VgaSave - ok
18:02:17.0974 1796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:02:18.0021 1796 vhdmp - ok
18:02:18.0037 1796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:02:18.0084 1796 viaide - ok
18:02:18.0193 1796 vmci (cdaa992c18f3f3612444c818a478cf57) C:\Windows\system32\drivers\vmci.sys
18:02:18.0240 1796 vmci - ok
18:02:18.0255 1796 vmkbd (ea9c266cd4b4bb7c7d818c1c27461959) C:\Windows\system32\drivers\VMkbd.sys
18:02:18.0286 1796 vmkbd - ok
18:02:18.0770 1796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:02:18.0817 1796 volmgr - ok
18:02:18.0832 1796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:02:18.0879 1796 volmgrx - ok
18:02:18.0910 1796 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:02:18.0973 1796 volsnap - ok
18:02:19.0004 1796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:02:19.0051 1796 vsmraid - ok
18:02:19.0082 1796 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:02:19.0269 1796 VSS - ok
18:02:19.0285 1796 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
18:02:19.0332 1796 vstor2-ws60 - ok
18:02:19.0347 1796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:02:19.0394 1796 vwifibus - ok
18:02:19.0410 1796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:02:19.0472 1796 vwififlt - ok
18:02:19.0488 1796 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:02:19.0534 1796 vwifimp - ok
18:02:19.0566 1796 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:02:19.0675 1796 W32Time - ok
18:02:19.0706 1796 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
18:02:19.0737 1796 wacmoumonitor - ok
18:02:19.0753 1796 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
18:02:19.0800 1796 wacommousefilter - ok
18:02:19.0815 1796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:02:19.0846 1796 WacomPen - ok
18:02:19.0878 1796 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
18:02:19.0909 1796 wacomvhid - ok
18:02:19.0924 1796 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:20.0018 1796 WANARP - ok
18:02:20.0049 1796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:20.0127 1796 Wanarpv6 - ok
18:02:20.0174 1796 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:02:20.0314 1796 WatAdminSvc - ok
18:02:20.0361 1796 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:02:20.0502 1796 wbengine - ok
18:02:20.0517 1796 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:02:20.0580 1796 WbioSrvc - ok
18:02:20.0611 1796 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:02:20.0689 1796 wcncsvc - ok
18:02:20.0704 1796 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:02:20.0767 1796 WcsPlugInService - ok
18:02:20.0782 1796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:02:20.0814 1796 Wd - ok
18:02:20.0845 1796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:02:20.0907 1796 Wdf01000 - ok
18:02:20.0923 1796 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:02:21.0001 1796 WdiServiceHost - ok
18:02:21.0016 1796 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:02:21.0063 1796 WdiSystemHost - ok
18:02:21.0079 1796 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:02:21.0157 1796 WebClient - ok
18:02:21.0172 1796 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:02:21.0282 1796 Wecsvc - ok
18:02:21.0391 1796 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:02:21.0500 1796 wercplsupport - ok
18:02:21.0531 1796 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:02:21.0656 1796 WerSvc - ok
18:02:21.0672 1796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:02:21.0750 1796 WfpLwf - ok
18:02:21.0765 1796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:02:21.0796 1796 WIMMount - ok
18:02:21.0812 1796 WinDefend - ok
18:02:21.0812 1796 WinHttpAutoProxySvc - ok
18:02:21.0849 1796 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:02:21.0943 1796 Winmgmt - ok
18:02:21.0983 1796 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:02:22.0163 1796 WinRM - ok
18:02:22.0193 1796 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:02:22.0233 1796 WinUsb - ok
18:02:22.0263 1796 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:02:22.0353 1796 Wlansvc - ok
18:02:22.0393 1796 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:02:22.0533 1796 wlidsvc - ok
18:02:22.0553 1796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:02:22.0583 1796 WmiAcpi - ok
18:02:22.0603 1796 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:02:22.0653 1796 wmiApSrv - ok
18:02:22.0663 1796 WMPNetworkSvc - ok
18:02:22.0683 1796 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:02:22.0723 1796 WPCSvc - ok
18:02:22.0743 1796 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:02:22.0783 1796 WPDBusEnum - ok
18:02:22.0803 1796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:22.0893 1796 ws2ifsl - ok
18:02:22.0913 1796 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:02:22.0953 1796 wscsvc - ok
18:02:22.0973 1796 WSearch - ok
18:02:23.0023 1796 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:02:23.0173 1796 wuauserv - ok
18:02:23.0203 1796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:02:23.0283 1796 WudfPf - ok
18:02:23.0303 1796 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:23.0383 1796 WUDFRd - ok
18:02:23.0403 1796 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:02:23.0493 1796 wudfsvc - ok
18:02:23.0513 1796 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:02:23.0583 1796 WwanSvc - ok
18:02:23.0623 1796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:02:23.0653 1796 \Device\Harddisk1\DR1 - ok
18:02:23.0663 1796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:02:24.0104 1796 \Device\Harddisk0\DR0 - ok
18:02:24.0104 1796 Boot (0x1200) (ab00a6886c5cb4209d68075b010e0b44) \Device\Harddisk1\DR1\Partition0
18:02:24.0104 1796 \Device\Harddisk1\DR1\Partition0 - ok
18:02:24.0104 1796 Boot (0x1200) (b99f987ab8cc210919b10b97f20cb24b) \Device\Harddisk1\DR1\Partition1
18:02:24.0114 1796 \Device\Harddisk1\DR1\Partition1 - ok
18:02:24.0114 1796 Boot (0x1200) (12f651a568430211d04b8d8c67b18fd9) \Device\Harddisk0\DR0\Partition0
18:02:24.0114 1796 \Device\Harddisk0\DR0\Partition0 - ok
18:02:24.0114 1796 ============================================================
18:02:24.0114 1796 Scan finished
18:02:24.0114 1796 ============================================================
18:02:24.0124 5704 Detected object count: 7
18:02:24.0124 5704 Actual detected object count: 7
18:04:10.0164 5704 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0164 5704 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:10.0164 5704 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0164 5704 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:10.0179 5704 HTCAND64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0179 5704 HTCAND64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:10.0179 5704 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0179 5704 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:10.0179 5704 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0179 5704 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:10.0179 5704 Synchro Arts License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0179 5704 Synchro Arts License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:10.0179 5704 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:10.0179 5704 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 16.04.2012, 18:10   #10
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



nutzt du den pc denn für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges wie berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 18:32   #11
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



ja nutze ich...wieso?

Alt 16.04.2012, 18:38   #12
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



dann lass dir bitte von der bank neue zugangsdaten sichern, und wir setzen das gerät neu auf.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 19:22   #13
Ronny80
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



hmmm.. ok.. die frage is.. ob ich mal mein 6 Monate altes Acronis image rüber spielen soll.. oder ob da das Gekreuch auch schon drinnen is..

was meinst du?

Alt 16.04.2012, 20:21   #14
markusg
/// Malware-holic
 
Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Standard

Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9



ja das sollte gehen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9
anderes, beim starten, booten, entfernen, essen, g-data, gdata, hallo zusammen, interne, internetsecurity, log, melde, meldet, meldung, posting, security, sinowal, starte, starten, support, tools, virus, windows, zusammen, öffnen



Ähnliche Themen: Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9


  1. Facebook meldet Virus in Datei beim Hochladen - Firefox
    Log-Analyse und Auswertung - 04.11.2014 (5)
  2. Facebook meldet Virus in Datei beim Hochladen
    Log-Analyse und Auswertung - 10.06.2014 (11)
  3. beim Anschliessen einer externen Festplatte : 'BOO/Sinowal.A' [virus]
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (13)
  4. Pop-Up beim Öffnen anderer Seiten (mögl. Virus?)
    Alles rund um Windows - 05.04.2012 (2)
  5. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  6. Avast meldet Sinowal-IM in c:\Windows\SysWOW64\prodorom_0.dll
    Log-Analyse und Auswertung - 04.08.2011 (7)
  7. AV-Meldung beim Öffnen von IE - Virus HEUR/HTML
    Plagegeister aller Art und deren Bekämpfung - 17.07.2010 (2)
  8. Iload.to : Virus beim Öffnen der Seite?
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (5)
  9. Vista lahm, G-Data findet Trojan.Generic ... Nero schuld oder Virus/Malware?
    Log-Analyse und Auswertung - 14.02.2010 (3)
  10. windows stottert beim öffnen von audios videos oder spielen
    Log-Analyse und Auswertung - 15.08.2009 (4)
  11. AntiVir meldet BOO/Sinowal.D - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2009 (2)
  12. Virus beim öffnen von MSN Bräuchte bitte hilfe
    Mülltonne - 28.11.2008 (1)
  13. Virus Fehler beim Öffnen eines Ordners !!!
    Log-Analyse und Auswertung - 23.08.2008 (12)
  14. Virus als Critical Error beim öffnen von Ordnern
    Plagegeister aller Art und deren Bekämpfung - 25.07.2008 (6)
  15. Virus?fehler beim öffnen von ordner!help pls
    Plagegeister aller Art und deren Bekämpfung - 03.07.2008 (4)
  16. G Data meldet Win32:SQLSlammer
    Log-Analyse und Auswertung - 14.05.2008 (2)
  17. G-Data meldet ...
    Plagegeister aller Art und deren Bekämpfung - 11.04.2008 (1)

Zum Thema Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 - Hallo Zusammen, Ich habe mir irgendwie etwas komisches eingefangen. Der Liebe Security Essentials von MS hat nie etwas gemeldet. Als ich die Internetsecurity Demo von G-Data installierte.. meldet der beim - Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9...
Archiv
Du betrachtest: Sinowal oder so.. G-Data meldet Virus beim öffnen von IE9 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.