| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Banking Virus entfernen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2012, 16:30
| #16 |
 |  Banking Virus entfernen!Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/19/2012 at 17:29:54
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Sascha - SASCHA-PC
# Running from : D:\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Sascha\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Sascha\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Sascha\AppData\LocalLow\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={625C4036-B46F-4C22-901D-58C13E1F6433}&mid=802a2a60edb247d08c96d16d67eba778-2bc9a26416f5b3c78dab67574ebb46f75305e584&lang=de&ds=AVG&pr=fr&d=2012-06-21 16:42:59&v=11.1.0.12&sap=nt
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\xfzlfqxq.default\prefs.js
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc8827fac-3f7e-442a-a2d0-02ac44b9bf5c%[...]
*************************
AdwCleaner[R1].txt - [5297 octets] - [19/07/2012 17:29:54]
########## EOF - C:\AdwCleaner[R1].txt - [5425 octets] ##########
|
|
19.07.2012, 19:53
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Banking Virus entfernen! adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________
__________________ |
|
20.07.2012, 13:12
| #18 |
| | Banking Virus entfernen! ALs ich auf Delete geklickt habe, hat mir AVG gesagt, dass der awdcleaner ein Virus sei. Ich habe ihn einfach zugelassen.
__________________Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/20/2012 at 14:08:48
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Sascha - SASCHA-PC
# Running from : D:\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Sascha\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Sascha\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Sascha\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={625C4036-B46F-4C22-901D-58C13E1F6433}&mid=802a2a60edb247d08c96d16d67eba778-2bc9a26416f5b3c78dab67574ebb46f75305e584&lang=de&ds=AVG&pr=fr&d=2012-06-21 16:42:59&v=11.1.0.12&sap=nt --> hxxp://www.google.com
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\xfzlfqxq.default\prefs.js
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc8827fac-3f7e-442a-a2d0-02ac44b9bf5c%[...]
*************************
AdwCleaner[R1].txt - [5426 octets] - [19/07/2012 17:29:54]
AdwCleaner[S1].txt - [5505 octets] - [20/07/2012 14:08:48]
########## EOF - C:\AdwCleaner[S1].txt - [5633 octets] ##########
|
|
20.07.2012, 18:04
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Virus entfernen! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.07.2012, 18:40
| #20 |
| | Banking Virus entfernen! Wie viele Logs muss ich noch machen? Hast du schon was gefunden? Code:
ATTFilter OTL logfile created on: 20.07.2012 19:26:59 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Sascha\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,78% Memory free 6,00 Gb Paging File | 4,69 Gb Available in Paging File | 78,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150,16 Gb Total Space | 120,38 Gb Free Space | 80,16% Space Free | Partition Type: NTFS Drive D: | 488,28 Gb Total Space | 421,10 Gb Free Space | 86,24% Space Free | Partition Type: NTFS Drive E: | 292,87 Gb Total Space | 292,77 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.17 16:21:23 | 003,407,536 | ---- | M] (Electronic Arts) -- C:\Programme\Origin\Origin.exe PRC - [2012.07.17 16:06:38 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe PRC - [2012.07.17 15:49:04 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.06.24 10:52:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe PRC - [2012.06.13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2012.07.20 15:47:03 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.07.17 16:21:24 | 018,604,544 | ---- | M] () -- C:\Programme\Origin\QtWebKit4.dll MOD - [2012.07.17 16:21:24 | 009,440,256 | ---- | M] () -- C:\Programme\Origin\QtGui4.dll MOD - [2012.07.17 16:21:24 | 003,564,544 | ---- | M] () -- C:\Programme\Origin\QtXmlPatterns4.dll MOD - [2012.07.17 16:21:24 | 002,694,144 | ---- | M] () -- C:\Programme\Origin\QtCore4.dll MOD - [2012.07.17 16:21:24 | 001,152,512 | ---- | M] () -- C:\Programme\Origin\QtNetwork4.dll MOD - [2012.07.17 16:21:24 | 000,413,184 | ---- | M] () -- C:\Programme\Origin\QtXml4.dll MOD - [2012.07.17 16:21:24 | 000,312,320 | ---- | M] () -- C:\Programme\Origin\imageformats\qtiff4.dll MOD - [2012.07.17 16:21:24 | 000,264,192 | ---- | M] () -- C:\Programme\Origin\imageformats\qmng4.dll MOD - [2012.07.17 16:21:24 | 000,211,456 | ---- | M] () -- C:\Programme\Origin\imageformats\qjpeg4.dll MOD - [2012.07.17 16:21:24 | 000,032,256 | ---- | M] () -- C:\Programme\Origin\imageformats\qico4.dll MOD - [2012.07.17 16:21:24 | 000,028,672 | ---- | M] () -- C:\Programme\Origin\imageformats\qgif4.dll MOD - [2012.07.17 16:06:38 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.08.25 21:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.08.04 15:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll MOD - [2009.03.04 09:52:36 | 000,372,736 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WlanDll.dll MOD - [2008.12.29 17:13:24 | 000,204,800 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\KJLog.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.20 15:47:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.17 16:37:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.17 15:49:04 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.06.21 15:51:31 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2009.11.18 18:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 DF 45 05 B3 4F CD 01 [binary data] IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 15:58:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.17 15:58:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 15:47:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.21 15:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions [2012.06.23 16:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\xfzlfqxq.default\extensions [2012.06.23 16:35:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\xfzlfqxq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.21 15:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.17 15:58:44 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.07.20 15:47:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.20 15:47:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.20 15:47:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.20 15:47:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.20 15:47:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 15:47:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 15:47:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000..\Run: [Steam] D:\Spiele\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E3C5A3-A58D-4F7D-A977-4AAE6ABE8C34}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B96EAFA4-4CCD-420D-AB87-0DAEA1108052}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.20 17:00:05 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Backups [2012.07.20 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Mods [2012.07.20 14:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.07.18 16:20:56 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Adobe [2012.07.18 16:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.07.18 16:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.07.18 16:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.07.17 23:02:56 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe [2012.07.17 15:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.29 19:19:00 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\2K Games [2012.06.29 19:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.06.28 14:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.06.28 14:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.28 14:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.06.28 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.25 15:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.25 14:54:12 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Malwarebytes [2012.06.25 14:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.24 15:59:32 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\FIFA 11 [2012.06.24 15:57:16 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2012.06.24 15:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2012.06.24 15:38:35 | 000,000,000 | ---D | C] -- C:\Windows\USB Vibration [2012.06.24 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.06.24 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\USB Vibration [2012.06.23 19:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.06.23 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\Rockstar Games [2012.06.23 18:20:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.06.23 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\Games for Windows - LIVE Demos [2012.06.23 17:29:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2012.06.23 17:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.06.23 17:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2012.06.23 17:28:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.06.23 16:35:43 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.23 16:35:33 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.06.23 16:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.06.23 16:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.06.23 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoft [2012.06.23 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Apple Computer [2012.06.23 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Apple Computer [2012.06.23 16:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.23 16:18:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.06.23 16:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.23 16:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.06.23 16:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.06.23 16:17:31 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Apple [2012.06.23 16:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.06.23 16:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.06.23 16:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.06.23 16:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.06.23 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.06.23 16:09:59 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Rockstar Games [2012.06.23 16:09:12 | 000,000,000 | RH-D | C] -- C:\Users\Sascha\AppData\Roaming\SecuROM [2012.06.23 16:08:45 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.06.23 15:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.06.22 18:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12 [2012.06.22 14:47:08 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.06.22 14:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Macromedia [2012.06.22 14:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Macromedia [2012.06.22 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Adobe [2012.06.22 14:02:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012.06.21 21:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.06.21 21:51:08 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\FIFA 12 [2012.06.21 21:42:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller [2012.06.21 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\AVG2012 [2012.06.21 16:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.06.21 16:42:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.21 16:42:12 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.06.21 16:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.06.21 16:42:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012.06.21 16:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.06.21 16:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.06.21 16:09:43 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Origin [2012.06.21 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.06.21 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.06.21 16:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2012.06.21 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Origin [2012.06.21 15:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.06.21 15:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2012.06.21 15:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.06.21 15:43:59 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.06.21 15:43:59 | 000,000,000 | ---D | C] -- C:\OEMSettings [2012.06.21 15:43:33 | 000,376,832 | ---- | C] (NETGEAR Inc. ) -- C:\Windows\System32\drivers\wg111v3.sys [2012.06.21 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR [2012.06.21 15:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WG111v3 Setup-Assistent [2012.06.21 15:43:11 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.06.21 15:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\WinRAR [2012.06.21 15:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.06.21 15:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.06.21 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.06.21 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Mozilla [2012.06.21 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Mozilla [2012.06.21 15:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.21 15:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.21 15:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.06.21 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Diagnostics [2012.06.21 15:28:36 | 000,000,000 | ---D | C] -- C:\Netgear [2012.06.21 15:27:52 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\ATI [2012.06.21 15:27:52 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\ATI [2012.06.21 15:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.21 15:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.06.21 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.06.21 15:18:02 | 000,065,536 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll [2012.06.21 15:17:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.06.21 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.06.21 15:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.06.21 15:05:35 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.06.21 15:05:35 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Searches [2012.06.21 15:05:35 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.06.21 15:05:28 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Identities [2012.06.21 15:05:27 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Contacts [2012.06.21 15:05:20 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\VirtualStore [2012.06.21 15:05:16 | 000,000,000 | --SD | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Videos [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Saved Games [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Pictures [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Music [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Links [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Favorites [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Downloads [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Documents [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Desktop [2012.06.21 15:05:16 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Vorlagen [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\AppData\Local\Verlauf [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\AppData\Local\Temporary Internet Files [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Startmenü [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\SendTo [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Recent [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Netzwerkumgebung [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Lokale Einstellungen [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Documents\Eigene Videos [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Documents\Eigene Musik [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Eigene Dateien [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Documents\Eigene Bilder [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Druckumgebung [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Cookies [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\AppData\Local\Anwendungsdaten [2012.06.21 15:05:16 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Anwendungsdaten [2012.06.21 15:05:16 | 000,000,000 | -H-D | C] -- C:\Users\Sascha\AppData [2012.06.21 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Temp [2012.06.21 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Microsoft [2012.06.21 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Media Center Programs [2012.06.21 15:03:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.06.21 15:02:26 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\Programme [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2012.06.21 15:02:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.06.21 14:57:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.06.21 14:57:38 | 000,000,000 | ---D | C] -- C:\Windows\CSC ========== Files - Modified Within 30 Days ========== [2012.07.20 18:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.20 17:11:01 | 000,027,520 | ---- | M] () -- C:\Users\Sascha\AppData\Local\dt.dat [2012.07.20 17:00:36 | 000,157,735 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.07.20 14:16:51 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.20 14:16:51 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.20 14:16:51 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.20 14:16:51 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.20 14:15:32 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 14:15:32 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 14:13:46 | 101,781,069 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.07.20 14:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 14:10:29 | 2415,312,896 | -HS- | M] () -- C:\hiberfil.sys [2012.07.18 16:19:05 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.17 15:58:48 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.06.30 09:57:09 | 000,000,208 | ---- | M] () -- C:\Users\Sascha\Desktop\Mafia II.url [2012.06.26 21:01:48 | 000,001,279 | ---- | M] () -- C:\Users\Sascha\Desktop\GTA IV.lnk [2012.06.24 10:52:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe [2012.06.24 10:51:45 | 000,000,000 | ---- | M] () -- C:\Users\Sascha\defogger_reenable [2012.06.23 16:39:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.23 16:35:36 | 000,000,823 | ---- | M] () -- C:\Users\Sascha\Desktop\Free YouTube to MP3 Converter.lnk [2012.06.23 16:18:20 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.23 16:08:45 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.06.22 18:06:50 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012.06.22 14:47:08 | 000,000,206 | ---- | M] () -- C:\Users\Sascha\Desktop\Counter-Strike Source.url [2012.06.21 16:13:49 | 000,000,494 | ---- | M] () -- C:\Users\Sascha\Desktop\Lokaler Datenträger (E).lnk [2012.06.21 16:13:41 | 000,000,490 | ---- | M] () -- C:\Users\Sascha\Desktop\System (C).lnk [2012.06.21 16:13:36 | 000,000,471 | ---- | M] () -- C:\Users\Sascha\Desktop\Daten (D).lnk [2012.06.21 16:09:19 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.06.21 15:51:01 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.06.21 15:43:33 | 000,002,037 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk [2012.06.21 15:43:33 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WG111v3 Setup-Assistent.lnk [2012.06.21 15:39:33 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.21 15:25:54 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.06.21 14:59:32 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.06.21 14:59:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf ========== Files Created - No Company Name ========== [2012.07.20 17:11:01 | 000,027,520 | ---- | C] () -- C:\Users\Sascha\AppData\Local\dt.dat [2012.07.20 17:00:35 | 000,157,735 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.07.20 14:13:46 | 101,781,069 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.07.18 16:19:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.07.18 16:19:05 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.06.30 09:57:09 | 000,000,208 | ---- | C] () -- C:\Users\Sascha\Desktop\Mafia II.url [2012.06.24 10:51:45 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\defogger_reenable [2012.06.23 17:29:33 | 000,001,344 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.06.23 17:24:30 | 000,001,279 | ---- | C] () -- C:\Users\Sascha\Desktop\GTA IV.lnk [2012.06.23 16:39:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.23 16:35:36 | 000,000,823 | ---- | C] () -- C:\Users\Sascha\Desktop\Free YouTube to MP3 Converter.lnk [2012.06.23 16:18:20 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.23 16:17:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.06.22 18:06:50 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012.06.22 14:47:08 | 000,000,206 | ---- | C] () -- C:\Users\Sascha\Desktop\Counter-Strike Source.url [2012.06.22 14:02:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.21 16:43:06 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.06.21 16:13:49 | 000,000,494 | ---- | C] () -- C:\Users\Sascha\Desktop\Lokaler Datenträger (E).lnk [2012.06.21 16:13:41 | 000,000,490 | ---- | C] () -- C:\Users\Sascha\Desktop\System (C).lnk [2012.06.21 16:13:36 | 000,000,471 | ---- | C] () -- C:\Users\Sascha\Desktop\Daten (D).lnk [2012.06.21 16:09:19 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.06.21 15:51:01 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.06.21 15:43:33 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk [2012.06.21 15:43:33 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WG111v3 Setup-Assistent.lnk [2012.06.21 15:39:33 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.21 15:39:33 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.21 15:25:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.21 15:18:02 | 000,076,216 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2012.06.21 15:18:02 | 000,021,866 | ---- | C] () -- C:\Windows\atiogl.xml [2012.06.21 15:18:02 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012.06.21 15:05:37 | 000,001,413 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.21 14:59:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.06.21 14:57:16 | 2415,312,896 | -HS- | C] () -- C:\hiberfil.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat ========== LOP Check ========== [2012.06.21 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\AVG2012 [2012.06.23 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoft [2012.06.23 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.24 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2012.06.21 15:58:57 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Origin [2009.07.14 06:53:46 | 000,010,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.07.18 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Adobe [2012.06.23 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Apple Computer [2012.06.21 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\ATI [2012.06.21 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\AVG2012 [2012.06.23 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoft [2012.06.23 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.21 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Identities [2012.06.24 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2012.06.22 14:03:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Macromedia [2012.06.25 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Media Center Programs [2012.06.22 14:03:11 | 000,000,000 | --SD | M] -- C:\Users\Sascha\AppData\Roaming\Microsoft [2012.06.21 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Mozilla [2012.06.21 15:58:57 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Origin [2012.06.23 16:09:12 | 000,000,000 | RH-D | M] -- C:\Users\Sascha\AppData\Roaming\SecuROM [2012.06.21 15:43:00 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
21.07.2012, 15:25
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Virus entfernen! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-1844344738-2340880191-2007229669-1000..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Banking Virus entfernen! |
|
22.07.2012, 14:14
| #22 |
| | Banking Virus entfernen! Hi, was hat dieser Fix jetzt gemacht? Danke für deine Hilfe  Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1844344738-2340880191-2007229669-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b640b-bba0-11e1-b145-806e6f6e6963}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sascha
->Temp folder emptied: 148745187 bytes
->Temporary Internet Files folder emptied: 30465918 bytes
->Java cache emptied: 29110 bytes
->FireFox cache emptied: 62364520 bytes
->Flash cache emptied: 9286 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32586919 bytes
RecycleBin emptied: 377639616 bytes
Total Files Cleaned = 622,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Sascha
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 07222012_150750
Files\Folders moved on Reboot...
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2010.03.23 17:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) F:\Autorun.exe : MD5=04C96FBB45F6E482A761E60B089EC3D1
[2010.03.15 18:17:45 | 000,000,047 | R--- | M] () F:\Autorun.inf : MD5=5EFD73841335C08D358D78342E25CC12
Registry entries deleted on Reboot...
|
|
23.07.2012, 14:31
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Virus entfernen! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2012, 12:52
| #24 |
| | Banking Virus entfernen!Code:
ATTFilter 13:48:28.0827 1264 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:48:28.0874 1264 ============================================================
13:48:28.0874 1264 Current date / time: 2012/07/28 13:48:28.0874
13:48:28.0874 1264 SystemInfo:
13:48:28.0874 1264
13:48:28.0874 1264 OS Version: 6.1.7600 ServicePack: 0.0
13:48:28.0874 1264 Product type: Workstation
13:48:28.0874 1264 ComputerName: SASCHA-PC
13:48:28.0874 1264 UserName: Sascha
13:48:28.0874 1264 Windows directory: C:\Windows
13:48:28.0874 1264 System windows directory: C:\Windows
13:48:28.0874 1264 Processor architecture: Intel x86
13:48:28.0874 1264 Number of processors: 4
13:48:28.0874 1264 Page size: 0x1000
13:48:28.0874 1264 Boot type: Normal boot
13:48:28.0874 1264 ============================================================
13:48:30.0777 1264 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:48:30.0792 1264 ============================================================
13:48:30.0792 1264 \Device\Harddisk0\DR0:
13:48:30.0792 1264 MBR partitions:
13:48:30.0792 1264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x12C54000
13:48:30.0792 1264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12C86800, BlocksNum 0x3D08F000
13:48:30.0792 1264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4FD15800, BlocksNum 0x32000
13:48:30.0792 1264 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4FD47800, BlocksNum 0x249BE800
13:48:30.0792 1264 ============================================================
13:48:30.0808 1264 C: <-> \Device\Harddisk0\DR0\Partition0
13:48:30.0839 1264 D: <-> \Device\Harddisk0\DR0\Partition1
13:48:30.0855 1264 E: <-> \Device\Harddisk0\DR0\Partition3
13:48:30.0855 1264 ============================================================
13:48:30.0855 1264 Initialize success
13:48:30.0855 1264 ============================================================
13:50:22.0283 5384 ============================================================
13:50:22.0283 5384 Scan started
13:50:22.0283 5384 Mode: Manual; SigCheck; TDLFS;
13:50:22.0283 5384 ============================================================
13:50:23.0403 5384 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
13:50:23.0503 5384 1394ohci - ok
13:50:23.0523 5384 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
13:50:23.0533 5384 ACPI - ok
13:50:23.0563 5384 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
13:50:23.0593 5384 AcpiPmi - ok
13:50:23.0663 5384 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:50:23.0673 5384 AdobeARMservice - ok
13:50:23.0733 5384 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:50:23.0743 5384 AdobeFlashPlayerUpdateSvc - ok
13:50:23.0773 5384 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:50:23.0793 5384 adp94xx - ok
13:50:23.0813 5384 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:50:23.0823 5384 adpahci - ok
13:50:23.0833 5384 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:50:23.0843 5384 adpu320 - ok
13:50:23.0883 5384 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:50:23.0943 5384 AeLookupSvc - ok
13:50:23.0973 5384 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
13:50:24.0023 5384 AFD - ok
13:50:24.0033 5384 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
13:50:24.0043 5384 agp440 - ok
13:50:24.0063 5384 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:50:24.0073 5384 aic78xx - ok
13:50:24.0093 5384 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:50:24.0113 5384 ALG - ok
13:50:24.0123 5384 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
13:50:24.0133 5384 aliide - ok
13:50:24.0163 5384 AMD External Events Utility (b90a4332cf4c6580c845266a656de4ab) C:\Windows\system32\atiesrxx.exe
13:50:24.0173 5384 AMD External Events Utility - ok
13:50:24.0183 5384 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
13:50:24.0193 5384 amdagp - ok
13:50:24.0203 5384 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
13:50:24.0213 5384 amdide - ok
13:50:24.0223 5384 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:50:24.0243 5384 AmdK8 - ok
13:50:24.0483 5384 amdkmdag (7844984a5e1e6f18d93af9e9bcc65436) C:\Windows\system32\DRIVERS\atikmdag.sys
13:50:24.0673 5384 amdkmdag - ok
13:50:24.0753 5384 amdkmdap (202def509d76105b08741d36c3a7e4d7) C:\Windows\system32\DRIVERS\atikmpag.sys
13:50:24.0783 5384 amdkmdap - ok
13:50:24.0793 5384 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:50:24.0813 5384 AmdPPM - ok
13:50:24.0823 5384 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
13:50:24.0833 5384 amdsata - ok
13:50:24.0843 5384 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:50:24.0853 5384 amdsbs - ok
13:50:24.0863 5384 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
13:50:24.0873 5384 amdxata - ok
13:50:24.0893 5384 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
13:50:24.0923 5384 AppID - ok
13:50:24.0933 5384 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:50:24.0963 5384 AppIDSvc - ok
13:50:24.0963 5384 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
13:50:25.0003 5384 Appinfo - ok
13:50:25.0053 5384 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:50:25.0063 5384 Apple Mobile Device - ok
13:50:25.0073 5384 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:50:25.0093 5384 AppMgmt - ok
13:50:25.0103 5384 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:50:25.0113 5384 arc - ok
13:50:25.0123 5384 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:50:25.0143 5384 arcsas - ok
13:50:25.0233 5384 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:50:25.0243 5384 aspnet_state - ok
13:50:25.0253 5384 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:50:25.0293 5384 AsyncMac - ok
13:50:25.0313 5384 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
13:50:25.0323 5384 atapi - ok
13:50:25.0353 5384 AtiHDAudioService (6adc42cf4a6ab84975ca63dccfaaf5d8) C:\Windows\system32\drivers\AtihdW73.sys
13:50:25.0383 5384 AtiHDAudioService - ok
13:50:25.0413 5384 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
13:50:25.0443 5384 AudioEndpointBuilder - ok
13:50:25.0453 5384 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
13:50:25.0483 5384 Audiosrv - ok
13:50:25.0654 5384 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
13:50:25.0744 5384 AVGIDSAgent - ok
13:50:25.0824 5384 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
13:50:25.0834 5384 AVGIDSDriver - ok
13:50:25.0844 5384 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
13:50:25.0844 5384 AVGIDSFilter - ok
13:50:25.0854 5384 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
13:50:25.0864 5384 AVGIDSHX - ok
13:50:25.0874 5384 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
13:50:25.0874 5384 AVGIDSShim - ok
13:50:25.0894 5384 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
13:50:25.0904 5384 Avgldx86 - ok
13:50:25.0914 5384 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
13:50:25.0924 5384 Avgmfx86 - ok
13:50:25.0944 5384 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
13:50:25.0954 5384 Avgrkx86 - ok
13:50:25.0974 5384 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
13:50:25.0984 5384 Avgtdix - ok
13:50:26.0004 5384 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:50:26.0014 5384 avgwd - ok
13:50:26.0044 5384 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
13:50:26.0064 5384 AxInstSV - ok
13:50:26.0114 5384 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:50:26.0144 5384 b06bdrv - ok
13:50:26.0194 5384 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:50:26.0214 5384 b57nd60x - ok
13:50:26.0244 5384 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:50:26.0264 5384 BDESVC - ok
13:50:26.0284 5384 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:50:26.0324 5384 Beep - ok
13:50:26.0374 5384 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
13:50:26.0414 5384 BFE - ok
13:50:26.0454 5384 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
13:50:26.0484 5384 BITS - ok
13:50:26.0494 5384 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:50:26.0504 5384 blbdrive - ok
13:50:26.0584 5384 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:50:26.0604 5384 Bonjour Service - ok
13:50:26.0604 5384 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
13:50:26.0634 5384 bowser - ok
13:50:26.0644 5384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:50:26.0654 5384 BrFiltLo - ok
13:50:26.0664 5384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:50:26.0674 5384 BrFiltUp - ok
13:50:26.0694 5384 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
13:50:26.0724 5384 Browser - ok
13:50:26.0734 5384 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:50:26.0764 5384 Brserid - ok
13:50:26.0774 5384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:50:26.0784 5384 BrSerWdm - ok
13:50:26.0804 5384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:50:26.0814 5384 BrUsbMdm - ok
13:50:26.0824 5384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:50:26.0844 5384 BrUsbSer - ok
13:50:26.0854 5384 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:50:26.0864 5384 BTHMODEM - ok
13:50:26.0884 5384 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:50:26.0914 5384 bthserv - ok
13:50:26.0914 5384 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:50:26.0944 5384 cdfs - ok
13:50:26.0954 5384 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
13:50:26.0964 5384 cdrom - ok
13:50:26.0984 5384 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
13:50:27.0014 5384 CertPropSvc - ok
13:50:27.0024 5384 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:50:27.0034 5384 circlass - ok
13:50:27.0054 5384 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:50:27.0064 5384 CLFS - ok
13:50:27.0104 5384 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:50:27.0114 5384 clr_optimization_v2.0.50727_32 - ok
13:50:27.0154 5384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:50:27.0194 5384 clr_optimization_v4.0.30319_32 - ok
13:50:27.0204 5384 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:50:27.0224 5384 CmBatt - ok
13:50:27.0234 5384 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
13:50:27.0244 5384 cmdide - ok
13:50:27.0264 5384 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:50:27.0284 5384 CNG - ok
13:50:27.0294 5384 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:50:27.0294 5384 Compbatt - ok
13:50:27.0304 5384 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:50:27.0314 5384 CompositeBus - ok
13:50:27.0324 5384 COMSysApp - ok
13:50:27.0334 5384 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:50:27.0344 5384 crcdisk - ok
13:50:27.0354 5384 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
13:50:27.0384 5384 CryptSvc - ok
13:50:27.0404 5384 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
13:50:27.0424 5384 CSC - ok
13:50:27.0454 5384 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
13:50:27.0484 5384 CscService - ok
13:50:27.0514 5384 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
13:50:27.0544 5384 DcomLaunch - ok
13:50:27.0564 5384 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:50:27.0604 5384 defragsvc - ok
13:50:27.0634 5384 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
13:50:27.0664 5384 DfsC - ok
13:50:27.0674 5384 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
13:50:27.0714 5384 Dhcp - ok
13:50:27.0724 5384 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:50:27.0764 5384 discache - ok
13:50:27.0764 5384 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:50:27.0774 5384 Disk - ok
13:50:27.0804 5384 Dnscache (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll
13:50:27.0834 5384 Dnscache - ok
13:50:27.0844 5384 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
13:50:27.0884 5384 dot3svc - ok
13:50:27.0894 5384 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
13:50:27.0924 5384 DPS - ok
13:50:27.0974 5384 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:50:27.0994 5384 drmkaud - ok
13:50:28.0034 5384 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
13:50:28.0054 5384 DXGKrnl - ok
13:50:28.0064 5384 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:50:28.0084 5384 E1G60 - ok
13:50:28.0104 5384 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:50:28.0134 5384 EapHost - ok
13:50:28.0204 5384 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:50:28.0284 5384 ebdrv - ok
13:50:28.0344 5384 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
13:50:28.0354 5384 EFS - ok
13:50:28.0404 5384 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
13:50:28.0434 5384 ehRecvr - ok
13:50:28.0454 5384 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:50:28.0464 5384 ehSched - ok
13:50:28.0494 5384 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:50:28.0514 5384 elxstor - ok
13:50:28.0524 5384 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
13:50:28.0544 5384 ErrDev - ok
13:50:28.0574 5384 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:50:28.0604 5384 EventSystem - ok
13:50:28.0614 5384 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:50:28.0634 5384 exfat - ok
13:50:28.0654 5384 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:50:28.0674 5384 fastfat - ok
13:50:28.0704 5384 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
13:50:28.0724 5384 Fax - ok
13:50:28.0734 5384 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:50:28.0754 5384 fdc - ok
13:50:28.0774 5384 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:50:28.0804 5384 fdPHost - ok
13:50:28.0824 5384 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:50:28.0844 5384 FDResPub - ok
13:50:28.0864 5384 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:50:28.0874 5384 FileInfo - ok
13:50:28.0874 5384 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:50:28.0894 5384 Filetrace - ok
13:50:28.0914 5384 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:50:28.0934 5384 flpydisk - ok
13:50:28.0944 5384 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:50:28.0964 5384 FltMgr - ok
13:50:28.0994 5384 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
13:50:29.0024 5384 FontCache - ok
13:50:29.0084 5384 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:50:29.0084 5384 FontCache3.0.0.0 - ok
13:50:29.0094 5384 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:50:29.0104 5384 FsDepends - ok
13:50:29.0124 5384 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:50:29.0134 5384 Fs_Rec - ok
13:50:29.0144 5384 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
13:50:29.0154 5384 fvevol - ok
13:50:29.0164 5384 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:50:29.0174 5384 gagp30kx - ok
13:50:29.0204 5384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:50:29.0214 5384 GEARAspiWDM - ok
13:50:29.0234 5384 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
13:50:29.0264 5384 gpsvc - ok
13:50:29.0264 5384 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:50:29.0294 5384 hcw85cir - ok
13:50:29.0324 5384 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
13:50:29.0354 5384 HdAudAddService - ok
13:50:29.0364 5384 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:50:29.0384 5384 HDAudBus - ok
13:50:29.0384 5384 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:50:29.0404 5384 HidBatt - ok
13:50:29.0414 5384 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:50:29.0424 5384 HidBth - ok
13:50:29.0434 5384 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:50:29.0444 5384 HidIr - ok
13:50:29.0464 5384 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:50:29.0484 5384 hidserv - ok
13:50:29.0504 5384 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:50:29.0514 5384 HidUsb - ok
13:50:29.0554 5384 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
13:50:29.0574 5384 hkmsvc - ok
13:50:29.0594 5384 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
13:50:29.0614 5384 HomeGroupListener - ok
13:50:29.0644 5384 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
13:50:29.0664 5384 HomeGroupProvider - ok
13:50:29.0674 5384 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:50:29.0684 5384 HpSAMD - ok
13:50:29.0714 5384 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
13:50:29.0744 5384 HTTP - ok
13:50:29.0754 5384 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
13:50:29.0764 5384 hwpolicy - ok
13:50:29.0774 5384 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:50:29.0794 5384 i8042prt - ok
13:50:29.0804 5384 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
13:50:29.0824 5384 iaStorV - ok
13:50:29.0904 5384 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:50:29.0924 5384 idsvc - ok
13:50:29.0964 5384 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:50:29.0974 5384 iirsp - ok
13:50:30.0014 5384 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
13:50:30.0054 5384 IKEEXT - ok
13:50:30.0064 5384 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
13:50:30.0074 5384 intelide - ok
13:50:30.0104 5384 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:50:30.0114 5384 intelppm - ok
13:50:30.0124 5384 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:50:30.0154 5384 IPBusEnum - ok
13:50:30.0154 5384 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:50:30.0184 5384 IpFilterDriver - ok
13:50:30.0204 5384 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
13:50:30.0234 5384 iphlpsvc - ok
13:50:30.0234 5384 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:50:30.0254 5384 IPMIDRV - ok
13:50:30.0264 5384 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:50:30.0294 5384 IPNAT - ok
13:50:30.0344 5384 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
13:50:30.0364 5384 iPod Service - ok
13:50:30.0374 5384 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:50:30.0384 5384 IRENUM - ok
13:50:30.0394 5384 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
13:50:30.0404 5384 isapnp - ok
13:50:30.0424 5384 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
13:50:30.0434 5384 iScsiPrt - ok
13:50:30.0444 5384 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:50:30.0454 5384 kbdclass - ok
13:50:30.0454 5384 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
13:50:30.0474 5384 kbdhid - ok
13:50:30.0484 5384 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
13:50:30.0494 5384 KeyIso - ok
13:50:30.0504 5384 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
13:50:30.0514 5384 KSecDD - ok
13:50:30.0524 5384 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:50:30.0534 5384 KSecPkg - ok
13:50:30.0564 5384 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:50:30.0604 5384 KtmRm - ok
13:50:30.0634 5384 LanmanServer (bca92cb047a4326925ecef759dbaa233) C:\Windows\system32\srvsvc.dll
13:50:30.0674 5384 LanmanServer - ok
13:50:30.0694 5384 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
13:50:30.0714 5384 LanmanWorkstation - ok
13:50:30.0734 5384 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:50:30.0754 5384 lltdio - ok
13:50:30.0774 5384 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:50:30.0794 5384 lltdsvc - ok
13:50:30.0814 5384 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:50:30.0844 5384 lmhosts - ok
13:50:30.0854 5384 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:50:30.0864 5384 LSI_FC - ok
13:50:30.0874 5384 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:50:30.0884 5384 LSI_SAS - ok
13:50:30.0894 5384 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:50:30.0904 5384 LSI_SAS2 - ok
13:50:30.0914 5384 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:50:30.0924 5384 LSI_SCSI - ok
13:50:30.0934 5384 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:50:30.0954 5384 luafv - ok
13:50:30.0964 5384 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
13:50:30.0974 5384 Mcx2Svc - ok
13:50:30.0984 5384 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:50:30.0994 5384 megasas - ok
13:50:31.0004 5384 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:50:31.0014 5384 MegaSR - ok
13:50:31.0034 5384 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:50:31.0054 5384 MMCSS - ok
13:50:31.0064 5384 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:50:31.0094 5384 Modem - ok
13:50:31.0114 5384 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:50:31.0124 5384 monitor - ok
13:50:31.0134 5384 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:50:31.0144 5384 mouclass - ok
13:50:31.0144 5384 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:50:31.0164 5384 mouhid - ok
13:50:31.0164 5384 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
13:50:31.0174 5384 mountmgr - ok
13:50:31.0234 5384 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:50:31.0244 5384 MozillaMaintenance - ok
13:50:31.0254 5384 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
13:50:31.0264 5384 mpio - ok
13:50:31.0274 5384 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:50:31.0294 5384 mpsdrv - ok
13:50:31.0334 5384 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
13:50:31.0364 5384 MpsSvc - ok
13:50:31.0374 5384 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
13:50:31.0394 5384 MRxDAV - ok
13:50:31.0404 5384 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:50:31.0434 5384 mrxsmb - ok
13:50:31.0454 5384 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:50:31.0484 5384 mrxsmb10 - ok
13:50:31.0484 5384 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:50:31.0514 5384 mrxsmb20 - ok
13:50:31.0524 5384 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
13:50:31.0534 5384 msahci - ok
13:50:31.0544 5384 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
13:50:31.0554 5384 msdsm - ok
13:50:31.0584 5384 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:50:31.0594 5384 MSDTC - ok
13:50:31.0614 5384 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:50:31.0634 5384 Msfs - ok
13:50:31.0644 5384 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:50:31.0674 5384 mshidkmdf - ok
13:50:31.0684 5384 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
13:50:31.0694 5384 msisadrv - ok
13:50:31.0714 5384 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:50:31.0734 5384 MSiSCSI - ok
13:50:31.0744 5384 msiserver - ok
13:50:31.0764 5384 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:50:31.0794 5384 MSKSSRV - ok
13:50:31.0804 5384 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:50:31.0834 5384 MSPCLOCK - ok
13:50:31.0844 5384 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:50:31.0864 5384 MSPQM - ok
13:50:31.0874 5384 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:50:31.0884 5384 MsRPC - ok
13:50:31.0894 5384 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:50:31.0904 5384 mssmbios - ok
13:50:31.0924 5384 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:50:31.0944 5384 MSTEE - ok
13:50:31.0964 5384 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:50:31.0974 5384 MTConfig - ok
13:50:31.0974 5384 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:50:31.0984 5384 Mup - ok
13:50:32.0004 5384 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
13:50:32.0034 5384 napagent - ok
13:50:32.0054 5384 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:50:32.0074 5384 NativeWifiP - ok
13:50:32.0114 5384 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
13:50:32.0134 5384 NDIS - ok
13:50:32.0144 5384 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:50:32.0164 5384 NdisCap - ok
13:50:32.0184 5384 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:50:32.0204 5384 NdisTapi - ok
13:50:32.0214 5384 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
13:50:32.0244 5384 Ndisuio - ok
13:50:32.0254 5384 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
13:50:32.0274 5384 NdisWan - ok
13:50:32.0284 5384 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
13:50:32.0304 5384 NDProxy - ok
13:50:32.0314 5384 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:50:32.0334 5384 NetBIOS - ok
13:50:32.0354 5384 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
13:50:32.0374 5384 NetBT - ok
13:50:32.0394 5384 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
13:50:32.0404 5384 Netlogon - ok
13:50:32.0424 5384 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:50:32.0454 5384 Netman - ok
13:50:32.0547 5384 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:50:32.0562 5384 NetMsmqActivator - ok
13:50:32.0562 5384 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:50:32.0562 5384 NetPipeActivator - ok
13:50:32.0594 5384 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:50:32.0609 5384 netprofm - ok
13:50:32.0625 5384 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:50:32.0625 5384 NetTcpActivator - ok
13:50:32.0625 5384 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:50:32.0640 5384 NetTcpPortSharing - ok
13:50:32.0656 5384 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:50:32.0656 5384 nfrd960 - ok
13:50:32.0672 5384 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
13:50:32.0703 5384 NlaSvc - ok
13:50:32.0718 5384 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:50:32.0734 5384 Npfs - ok
13:50:32.0750 5384 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:50:32.0781 5384 nsi - ok
13:50:32.0781 5384 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:50:32.0828 5384 nsiproxy - ok
13:50:32.0874 5384 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
13:50:32.0906 5384 Ntfs - ok
13:50:32.0968 5384 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:50:32.0984 5384 Null - ok
13:50:33.0015 5384 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
13:50:33.0030 5384 NVENETFD - ok
13:50:33.0062 5384 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
13:50:33.0062 5384 nvraid - ok
13:50:33.0077 5384 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
13:50:33.0093 5384 nvstor - ok
13:50:33.0093 5384 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
13:50:33.0108 5384 nv_agp - ok
13:50:33.0124 5384 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
13:50:33.0140 5384 ohci1394 - ok
13:50:33.0155 5384 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:50:33.0186 5384 p2pimsvc - ok
13:50:33.0202 5384 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:50:33.0218 5384 p2psvc - ok
13:50:33.0233 5384 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:50:33.0249 5384 Parport - ok
13:50:33.0249 5384 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
13:50:33.0264 5384 partmgr - ok
13:50:33.0280 5384 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:50:33.0296 5384 Parvdm - ok
13:50:33.0311 5384 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:50:33.0327 5384 PcaSvc - ok
13:50:33.0342 5384 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
13:50:33.0358 5384 pci - ok
13:50:33.0358 5384 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
13:50:33.0374 5384 pciide - ok
13:50:33.0389 5384 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:50:33.0405 5384 pcmcia - ok
13:50:33.0420 5384 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:50:33.0436 5384 pcw - ok
13:50:33.0452 5384 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:50:33.0514 5384 PEAUTH - ok
13:50:33.0545 5384 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:50:33.0576 5384 PeerDistSvc - ok
13:50:33.0639 5384 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
13:50:33.0670 5384 pla - ok
13:50:33.0748 5384 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
13:50:33.0795 5384 PlugPlay - ok
13:50:33.0795 5384 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:50:33.0810 5384 PNRPAutoReg - ok
13:50:33.0826 5384 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:50:33.0842 5384 PNRPsvc - ok
13:50:33.0857 5384 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
13:50:33.0904 5384 PolicyAgent - ok
13:50:33.0920 5384 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
13:50:33.0951 5384 Power - ok
13:50:33.0998 5384 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:50:34.0029 5384 PptpMiniport - ok
13:50:34.0029 5384 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:50:34.0044 5384 Processor - ok
13:50:34.0060 5384 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
13:50:34.0091 5384 ProfSvc - ok
13:50:34.0107 5384 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
13:50:34.0122 5384 ProtectedStorage - ok
13:50:34.0138 5384 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:50:34.0154 5384 Psched - ok
13:50:34.0232 5384 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:50:34.0263 5384 ql2300 - ok
13:50:34.0310 5384 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:50:34.0310 5384 ql40xx - ok
13:50:34.0341 5384 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:50:34.0356 5384 QWAVE - ok
13:50:34.0372 5384 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:50:34.0388 5384 QWAVEdrv - ok
13:50:34.0388 5384 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:50:34.0419 5384 RasAcd - ok
13:50:34.0434 5384 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:50:34.0450 5384 RasAgileVpn - ok
13:50:34.0481 5384 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:50:34.0497 5384 RasAuto - ok
13:50:34.0512 5384 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:50:34.0544 5384 Rasl2tp - ok
13:50:34.0559 5384 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
13:50:34.0600 5384 RasMan - ok
13:50:34.0600 5384 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:50:34.0630 5384 RasPppoe - ok
13:50:34.0630 5384 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:50:34.0660 5384 RasSstp - ok
13:50:34.0680 5384 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
13:50:34.0710 5384 rdbss - ok
13:50:34.0710 5384 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:50:34.0720 5384 rdpbus - ok
13:50:34.0740 5384 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:50:34.0760 5384 RDPCDD - ok
13:50:34.0770 5384 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
13:50:34.0790 5384 RDPDR - ok
13:50:34.0810 5384 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:50:34.0830 5384 RDPENCDD - ok
13:50:34.0840 5384 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:50:34.0870 5384 RDPREFMP - ok
13:50:34.0890 5384 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
13:50:34.0920 5384 RDPWD - ok
13:50:34.0930 5384 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
13:50:34.0940 5384 rdyboost - ok
13:50:34.0950 5384 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:50:34.0980 5384 RemoteAccess - ok
13:50:34.0990 5384 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:50:35.0010 5384 RemoteRegistry - ok
13:50:35.0030 5384 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:50:35.0050 5384 RpcEptMapper - ok
13:50:35.0060 5384 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:50:35.0080 5384 RpcLocator - ok
13:50:35.0160 5384 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
13:50:35.0190 5384 RpcSs - ok
13:50:35.0200 5384 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:50:35.0220 5384 rspndr - ok
13:50:35.0250 5384 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys
13:50:35.0270 5384 RTL8187B - ok
13:50:35.0280 5384 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
13:50:35.0300 5384 s3cap - ok
13:50:35.0320 5384 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
13:50:35.0330 5384 SamSs - ok
13:50:35.0350 5384 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
13:50:35.0360 5384 sbp2port - ok
13:50:35.0370 5384 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:50:35.0400 5384 SCardSvr - ok
13:50:35.0420 5384 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
13:50:35.0450 5384 scfilter - ok
13:50:35.0480 5384 Schedule (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
13:50:35.0510 5384 Schedule - ok
13:50:35.0542 5384 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
13:50:35.0557 5384 SCPolicySvc - ok
13:50:35.0573 5384 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
13:50:35.0588 5384 SDRSVC - ok
13:50:35.0604 5384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:50:35.0635 5384 secdrv - ok
13:50:35.0651 5384 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:50:35.0682 5384 seclogon - ok
13:50:35.0698 5384 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:50:35.0729 5384 SENS - ok
13:50:35.0729 5384 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:50:35.0744 5384 SensrSvc - ok
13:50:35.0760 5384 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:50:35.0776 5384 Serenum - ok
13:50:35.0776 5384 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:50:35.0807 5384 Serial - ok
13:50:35.0822 5384 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:50:35.0822 5384 sermouse - ok
13:50:35.0854 5384 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
13:50:35.0869 5384 SessionEnv - ok
13:50:35.0885 5384 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:50:35.0900 5384 sffdisk - ok
13:50:35.0900 5384 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:50:35.0916 5384 sffp_mmc - ok
13:50:35.0932 5384 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:50:35.0947 5384 sffp_sd - ok
13:50:35.0947 5384 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:50:35.0963 5384 sfloppy - ok
13:50:35.0978 5384 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:50:36.0010 5384 SharedAccess - ok
13:50:36.0025 5384 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
13:50:36.0041 5384 ShellHWDetection - ok
13:50:36.0072 5384 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
13:50:36.0072 5384 simptcp - ok
13:50:36.0088 5384 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
13:50:36.0103 5384 sisagp - ok
13:50:36.0103 5384 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:50:36.0119 5384 SiSRaid2 - ok
13:50:36.0119 5384 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:50:36.0134 5384 SiSRaid4 - ok
13:50:36.0150 5384 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:50:36.0181 5384 Smb - ok
13:50:36.0212 5384 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:50:36.0228 5384 SNMPTRAP - ok
13:50:36.0228 5384 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:50:36.0244 5384 spldr - ok
13:50:36.0259 5384 Spooler (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
13:50:36.0275 5384 Spooler - ok
13:50:36.0368 5384 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
13:50:36.0415 5384 sppsvc - ok
13:50:36.0478 5384 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
13:50:36.0509 5384 sppuinotify - ok
13:50:36.0540 5384 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
13:50:36.0571 5384 srv - ok
13:50:36.0587 5384 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
13:50:36.0618 5384 srv2 - ok
13:50:36.0634 5384 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
13:50:36.0649 5384 srvnet - ok
13:50:36.0680 5384 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:50:36.0696 5384 SSDPSRV - ok
13:50:36.0712 5384 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:50:36.0743 5384 SstpSvc - ok
13:50:36.0774 5384 Steam Client Service - ok
13:50:36.0790 5384 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:50:36.0790 5384 stexstor - ok
13:50:36.0821 5384 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
13:50:36.0836 5384 StiSvc - ok
13:50:36.0852 5384 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:50:36.0868 5384 storflt - ok
13:50:36.0868 5384 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
13:50:36.0883 5384 storvsc - ok
13:50:36.0899 5384 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:50:36.0899 5384 swenum - ok
13:50:36.0914 5384 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:50:36.0946 5384 swprv - ok
13:50:36.0992 5384 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
13:50:37.0024 5384 SysMain - ok
13:50:37.0024 5384 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
13:50:37.0039 5384 TabletInputService - ok
13:50:37.0055 5384 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
13:50:37.0086 5384 TapiSrv - ok
13:50:37.0102 5384 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:50:37.0133 5384 TBS - ok
13:50:37.0195 5384 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
13:50:37.0211 5384 Tcpip - ok
13:50:37.0336 5384 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
13:50:37.0367 5384 TCPIP6 - ok
13:50:37.0398 5384 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
13:50:37.0429 5384 tcpipreg - ok
13:50:37.0445 5384 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
13:50:37.0460 5384 TDPIPE - ok
13:50:37.0476 5384 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
13:50:37.0507 5384 TDTCP - ok
13:50:37.0523 5384 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:50:37.0538 5384 tdx - ok
13:50:37.0554 5384 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
13:50:37.0554 5384 TermDD - ok
13:50:37.0585 5384 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
13:50:37.0632 5384 TermService - ok
13:50:37.0648 5384 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:50:37.0663 5384 Themes - ok
13:50:37.0679 5384 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:50:37.0710 5384 THREADORDER - ok
13:50:37.0726 5384 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:50:37.0757 5384 TrkWks - ok
13:50:37.0788 5384 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
13:50:37.0804 5384 TrustedInstaller - ok
13:50:37.0819 5384 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:50:37.0835 5384 tssecsrv - ok
13:50:37.0866 5384 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
13:50:37.0882 5384 tunnel - ok
13:50:37.0897 5384 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:50:37.0897 5384 uagp35 - ok
13:50:37.0913 5384 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
13:50:37.0944 5384 udfs - ok
13:50:37.0960 5384 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:50:37.0975 5384 UI0Detect - ok
13:50:37.0991 5384 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:50:38.0006 5384 uliagpkx - ok
13:50:38.0006 5384 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
13:50:38.0022 5384 umbus - ok
13:50:38.0038 5384 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:50:38.0069 5384 UmPass - ok
13:50:38.0084 5384 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
13:50:38.0100 5384 UmRdpService - ok
13:50:38.0100 5384 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:50:38.0131 5384 upnphost - ok
13:50:38.0162 5384 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:50:38.0178 5384 USBAAPL - ok
13:50:38.0194 5384 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
13:50:38.0209 5384 usbccgp - ok
13:50:38.0209 5384 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
13:50:38.0235 5384 usbcir - ok
13:50:38.0235 5384 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
13:50:38.0245 5384 usbehci - ok
13:50:38.0265 5384 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
13:50:38.0275 5384 usbhub - ok
13:50:38.0295 5384 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
13:50:38.0305 5384 usbohci - ok
13:50:38.0315 5384 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:50:38.0335 5384 usbprint - ok
13:50:38.0335 5384 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:50:38.0355 5384 USBSTOR - ok
13:50:38.0365 5384 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
13:50:38.0375 5384 usbuhci - ok
13:50:38.0405 5384 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:50:38.0445 5384 UxSms - ok
13:50:38.0465 5384 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
13:50:38.0475 5384 VaultSvc - ok
13:50:38.0495 5384 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:50:38.0505 5384 vdrvroot - ok
13:50:38.0525 5384 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
13:50:38.0545 5384 vds - ok
13:50:38.0565 5384 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:50:38.0575 5384 vga - ok
13:50:38.0595 5384 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:50:38.0615 5384 VgaSave - ok
13:50:38.0625 5384 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
13:50:38.0645 5384 vhdmp - ok
13:50:38.0655 5384 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
13:50:38.0665 5384 viaagp - ok
13:50:38.0675 5384 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:50:38.0685 5384 ViaC7 - ok
13:50:38.0695 5384 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
13:50:38.0705 5384 viaide - ok
13:50:38.0715 5384 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
13:50:38.0725 5384 vmbus - ok
13:50:38.0735 5384 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:50:38.0745 5384 VMBusHID - ok
13:50:38.0755 5384 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
13:50:38.0765 5384 volmgr - ok
13:50:38.0785 5384 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:50:38.0795 5384 volmgrx - ok
13:50:38.0805 5384 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
13:50:38.0815 5384 volsnap - ok
13:50:38.0825 5384 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:50:38.0835 5384 vsmraid - ok
13:50:38.0875 5384 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
13:50:38.0905 5384 VSS - ok
13:50:39.0005 5384 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
13:50:39.0025 5384 vToolbarUpdater11.2.0 - ok
13:50:39.0095 5384 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:50:39.0105 5384 vwifibus - ok
13:50:39.0115 5384 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:50:39.0135 5384 vwififlt - ok
13:50:39.0155 5384 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:50:39.0175 5384 W32Time - ok
13:50:39.0185 5384 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:50:39.0195 5384 WacomPen - ok
13:50:39.0205 5384 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:39.0235 5384 WANARP - ok
13:50:39.0235 5384 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:39.0265 5384 Wanarpv6 - ok
13:50:39.0315 5384 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
13:50:39.0355 5384 wbengine - ok
13:50:39.0365 5384 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:50:39.0375 5384 WbioSrvc - ok
13:50:39.0395 5384 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
13:50:39.0415 5384 wcncsvc - ok
13:50:39.0425 5384 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:50:39.0455 5384 WcsPlugInService - ok
13:50:39.0465 5384 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:50:39.0475 5384 Wd - ok
13:50:39.0505 5384 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:50:39.0515 5384 Wdf01000 - ok
13:50:39.0525 5384 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:50:39.0555 5384 WdiServiceHost - ok
13:50:39.0555 5384 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:50:39.0575 5384 WdiSystemHost - ok
13:50:39.0585 5384 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
13:50:39.0605 5384 WebClient - ok
13:50:39.0625 5384 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:50:39.0655 5384 Wecsvc - ok
13:50:39.0665 5384 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:50:39.0695 5384 wercplsupport - ok
13:50:39.0705 5384 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:50:39.0735 5384 WerSvc - ok
13:50:39.0755 5384 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:50:39.0785 5384 WfpLwf - ok
13:50:39.0795 5384 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:50:39.0805 5384 WIMMount - ok
13:50:39.0875 5384 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:50:39.0905 5384 WinDefend - ok
13:50:39.0915 5384 WinHttpAutoProxySvc - ok
13:50:39.0955 5384 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:50:39.0985 5384 Winmgmt - ok
13:50:40.0045 5384 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
13:50:40.0085 5384 WinRM - ok
13:50:40.0155 5384 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
13:50:40.0165 5384 WinUsb - ok
13:50:40.0205 5384 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:50:40.0235 5384 Wlansvc - ok
13:50:40.0325 5384 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:50:40.0355 5384 wlidsvc - ok
13:50:40.0435 5384 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:50:40.0445 5384 WmiAcpi - ok
13:50:40.0475 5384 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:50:40.0495 5384 wmiApSrv - ok
13:50:40.0555 5384 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:50:40.0575 5384 WMPNetworkSvc - ok
13:50:40.0615 5384 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:50:40.0635 5384 WPCSvc - ok
13:50:40.0645 5384 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
13:50:40.0665 5384 WPDBusEnum - ok
13:50:40.0675 5384 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:50:40.0695 5384 ws2ifsl - ok
13:50:40.0725 5384 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
13:50:40.0735 5384 wscsvc - ok
13:50:40.0745 5384 WSearch - ok
13:50:40.0805 5384 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
13:50:40.0845 5384 wuauserv - ok
13:50:40.0895 5384 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:50:40.0925 5384 WudfPf - ok
13:50:40.0945 5384 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:50:40.0975 5384 WUDFRd - ok
13:50:40.0995 5384 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
13:50:41.0025 5384 wudfsvc - ok
13:50:41.0035 5384 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:50:41.0055 5384 WwanSvc - ok
13:50:41.0085 5384 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
13:50:41.0105 5384 xnacc - ok
13:50:41.0135 5384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:50:41.0265 5384 \Device\Harddisk0\DR0 - ok
13:50:41.0295 5384 Boot (0x1200) (51d132202bdfc8b6fd630c57eaf6c98a) \Device\Harddisk0\DR0\Partition0
13:50:41.0295 5384 \Device\Harddisk0\DR0\Partition0 - ok
13:50:41.0325 5384 Boot (0x1200) (aec66d04aa87d2f986f42f90e806a4cb) \Device\Harddisk0\DR0\Partition1
13:50:41.0325 5384 \Device\Harddisk0\DR0\Partition1 - ok
13:50:41.0345 5384 Boot (0x1200) (15b5013e3ba26359ba0367b978622d53) \Device\Harddisk0\DR0\Partition2
13:50:41.0345 5384 \Device\Harddisk0\DR0\Partition2 - ok
13:50:41.0355 5384 Boot (0x1200) (b8cdd65eb02b7cd1ff54dfa58e0972cf) \Device\Harddisk0\DR0\Partition3
13:50:41.0355 5384 \Device\Harddisk0\DR0\Partition3 - ok
13:50:41.0355 5384 ============================================================
13:50:41.0355 5384 Scan finished
13:50:41.0355 5384 ============================================================
13:50:41.0375 5132 Detected object count: 0
13:50:41.0375 5132 Actual detected object count: 0
13:51:11.0778 2164 Deinitialize success
|
|
29.07.2012, 00:26
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Virus entfernen! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 13:49
| #26 |
| | Banking Virus entfernen!Code:
ATTFilter ComboFix 12-07-31.03 - Sascha 02.08.2012 14:42:45.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3071.2027 [GMT 2:00]
ausgeführt von:: c:\users\Sascha\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-02 bis 2012-08-02 ))))))))))))))))))))))))))))))
.
.
2012-08-02 12:46 . 2012-08-02 12:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 13:18 . 2012-07-30 13:18 -------- d-----w- c:\users\Sascha\AppData\Roaming\MotioninJoy
2012-07-30 13:18 . 2011-11-10 16:32 95304 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-30 13:18 . 2010-08-19 17:24 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-07-30 13:18 . 2010-08-19 17:24 255496 ----a-w- c:\windows\system32\MijFrc.dll
2012-07-30 13:18 . 2010-08-19 17:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-27 20:24 . 2012-07-27 20:24 -------- d-----w- c:\windows\de
2012-07-27 20:22 . 2012-07-27 20:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-27 20:22 . 2012-07-27 20:22 -------- d-----w- c:\windows\PCHEALTH
2012-07-27 20:21 . 2012-07-27 20:22 -------- d-----w- c:\program files\Windows Live
2012-07-27 20:20 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-27 20:20 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-27 20:20 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-07-27 20:20 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-27 20:20 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2012-07-27 20:19 . 2012-07-27 20:32 -------- d-----w- c:\users\Sascha\AppData\Local\Windows Live
2012-07-27 20:19 . 2012-07-27 20:19 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-22 13:07 . 2012-07-22 13:07 -------- d-----w- C:\_OTL
2012-07-21 07:11 . 2012-07-21 07:11 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-07-20 17:53 . 2012-07-20 17:53 -------- d-----w- c:\programdata\ATI
2012-07-20 17:52 . 2012-07-20 17:52 -------- d-----w- c:\programdata\AMD
2012-07-20 17:52 . 2012-07-20 17:52 -------- d-----w- c:\program files\AMD AVT
2012-07-20 17:52 . 2012-07-20 17:52 -------- d-----w- c:\program files\AMD APP
2012-07-20 17:49 . 2012-07-20 17:49 -------- d-----w- C:\AMD
2012-07-20 12:10 . 2012-07-20 12:10 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-18 14:20 . 2012-07-18 14:20 -------- d-----w- c:\users\Sascha\AppData\Local\Adobe
2012-07-18 14:18 . 2012-07-18 14:18 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 20:21 . 2009-08-18 09:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-27 13:37 . 2012-06-22 12:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 13:37 . 2012-06-22 12:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 12:05 . 2012-06-28 12:05 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-23 14:08 . 2012-06-23 14:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2010-08-26 02:01 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2010-08-26 01:52 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2010-08-26 01:20 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2010-08-26 01:19 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-22 13:47 . 2012-06-23 14:35 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-05-10 14:35 . 2012-05-10 14:35 29184 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-05-04 17:29 . 2012-06-28 12:05 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-20 13:47 . 2012-06-21 13:39 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\spiele\Steam\Steam.exe" [2012-06-21 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="d:\programme\itunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 13:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\xfzlfqxq.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Fraps - d:\programme\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1844344738-2340880191-2007229669-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,46,0a,68,43,27,fe,da,39,88,00,da,14,82,5a,c6,54,48,3d,fa,d4,
49,02,fb,a0,38,8b,22,29,53,04,2d,3f,67,bd,ed,51,cd,69,10,62,05,3c,f3,38,31,\
"rkeysecu"=hex:fe,5e,06,63,3a,1c,b4,e2,6a,cc,26,48,42,5f,57,36
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-02 14:48:21
ComboFix-quarantined-files.txt 2012-08-02 12:48
.
Vor Suchlauf: 9 Verzeichnis(se), 129.468.456.960 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 129.391.960.064 Bytes frei
.
- - End Of File - - 5662659E7214648D6ABBA4BF760C3BEF
|
|
02.08.2012, 14:37
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Virus entfernen! Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Banking Virus entfernen! |
| autorun, avg, avira, bho, bonjour, converter, dateien, einfach, error, explorer, fehler, firefox, flash player, format, gebraucht, gefunde, gemerkt, gescannt, glaube, helper, installation, interne, internet, internet explorer, internet-explorer, logfile, löschen, malware, mozilla, mp3, namens, netgear, nicht löschen, quarantäne, registry, rundll, scan, scanner, security, seitdem, software, svchost.exe, tagen, total, troja, trojaner, virus, virus entfernen, virus entfernen!, virus total, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
