| |
| |||||||
Log-Analyse und Auswertung: Win7 64Bit Trojan.Ransom.AMNGenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.06.2012, 11:16
| #1 |
 |  Win7 64Bit Trojan.Ransom.AMNGen Hallo, seit gestern hat sich wohl der Trojan.Ransom.AMNGen bei mir eingenistet. Erst konnte ich auch den Computer nicht benutzen, als ich dann schließlich in den abgesicherten Modus gekommen bin (meine USB Tastatur war scheinbar während des Startens deaktiviert, nur wenn ich sie beim anschalten ausgesteckt hatte und dann einige Sekunden später einsteckte konnte ich F8 benutzen), habe ich per msconfig das starten ausgeschaltet. Leider wurden allerdings bereits einige Dateien bei mir gesperrt (jedoch nicht alle, und auch ohne sofort ein System erkennen zu können). Auf dem Desktop waren einige neue Dateien (meist zufällige Dateinamen plus ein txt mit der Aufforderung Geld zu überweisen), diese habe ich mal in einem Ordner gesammelt - leider 145Mb groß. Die verschlüsselten Dateien haben nicht ein "locked" oder so vorrangestellt, nur zufällige Buchstaben als Dateinamen. Einfach die Endung "richtigstellen" funktioniert nicht. Ich hatte bereits mit Malwarebytes den Virus bereinigt als ich auf eurer Forum gestoßen bin. Malwarebytes berichtete: Trojan.Ransom.AMNGen C:windows\pssßylyknwku.exe.Startup. Ich glaube die Dateien sind noch in Quarantäne (siehe Anhang) Ich habe den defogger benutzt und jetzt OTL durchlaufen lassen (siehe Anhang - leider zu groß als txt, deswegen zip) allerdings erschien der Fehler: "Win32 Error. Code1722. Der RPC-Server ist nicht verfügbar". Leider wurden auch einige Bilder auf meiner D: Partition gelöscht, vor allem bei diesen wäre es super wenn man sie wieder entschlüsseln könnte. Geändert von Oscar451 (24.06.2012 um 11:23 Uhr) |
|
28.06.2012, 10:15
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win7 64Bit Trojan.Ransom.AMNGen Führ bitte auch ESET aus, danach sehen wir weiter.
__________________Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ |
|
28.06.2012, 16:15
| #3 |
| | Win7 64Bit Trojan.Ransom.AMNGen OK, hier mal das Log
__________________Zur Info: Ich habe kein Problem den Computer zu Formatieren und neu zu installieren. Den Virus werde ich also schon irgendwie los. Aber wie beschrieben, wenn es eine Möglichkeit gäbe einige Bilder wieder zu entschlüsseln wäre das super. Die Entschlüsselungsprogramme haben leider nicht funktioniert. |
|
29.06.2012, 11:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 64Bit Trojan.Ransom.AMNGen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.06.2012, 12:59
| #5 |
| | Win7 64Bit Trojan.Ransom.AMNGen 1. Windows funktioniert fast wieder uneingeschränkt. Ich kann es starten und die meisten Programme benutzen. Aber z.B.: Word möchte immer irgendetwas installieren (wohl einen Teil der Installation der verschlüsselt wurde) die Soundwiedergabe wurde wohl nicht mit gestartet. 2. Ich kann keine fehlenden Ordner im Startmenü erkennen. Dort scheinen alle Programme als Icons vorhanden zu sein. PS: Sagen Sie ruhig Bescheid, falls sie mal einen Screenshot von irgendetwas benötigen. |
|
29.06.2012, 13:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 64Bit Trojan.Ransom.AMNGen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Win7 64Bit Trojan.Ransom.AMNGen |
|
01.07.2012, 23:30
| #7 |
| | Win7 64Bit Trojan.Ransom.AMNGen Sorry für die Verspätung, hier der neue Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2012 23:30:40 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Frederik ***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,36 Gb Available Physical Memory | 84,13% Memory free
8,00 Gb Paging File | 7,40 Gb Available in Paging File | 92,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 19,11 Gb Free Space | 19,59% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 129,39 Gb Free Space | 35,15% Space Free | Partition Type: NTFS
Computer Name: FREDERIK-FESTPC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Frederik ***\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (LVPrcS64) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Plc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RDPDISPM) -- C:\Windows\SysNative\drivers\rdpdispm.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (LVUVC64) QuickCam Communicate Deluxe(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 0F 22 35 1B C6 CB 01 [binary data]
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\..\SearchScopes,DefaultScope = {6C489391-CB31-49EB-95E4-3DB794ED5A86}
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\..\SearchScopes\{6C489391-CB31-49EB-95E4-3DB794ED5A86}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\..\SearchScopes\{D456781B-E33C-4A75-9A10-2020DEDB260B}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\..\SearchScopes\{EAFC2157-1AE4-4FCF-BA20-794D7E701AB7}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2352053164-1578933417-3805159915-1025\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.15 20:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 22:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.15 20:01:26 | 000,000,000 | ---D | M]
[2012.06.14 18:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.18 22:50:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.09 14:22:12 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000..\Run: [ASRockOCTuner] File not found
O4 - HKU\S-1-5-21-2352053164-1578933417-3805159915-1000..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-2352053164-1578933417-3805159915-1025..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2352053164-1578933417-3805159915-1025..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\Anwendungsdaten [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\AppData [2012.06.28 14:28:46 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\admin\Cookies [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Desktop [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Documents [2012.06.28 14:28:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Druckumgebung [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Eigene Dateien [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Lokale Einstellungen [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Netzwerkumgebung [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\NTUSER.DAT ()
O4 - Startup: C:\Users\admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\admin\ntuser.ini ()
O4 - Startup: C:\Users\admin\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Recent [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\admin\SendTo [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Startmenü [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\admin\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\admin\Vorlagen [2012.06.28 14:28:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Adobe [2012.04.06 11:05:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AirportMania [2012.06.24 01:16:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Amazon [2012.01.01 15:10:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.09.12 18:53:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011.09.12 18:54:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Cisco [2011.02.22 16:25:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Creative [2011.02.15 12:45:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Deutsche Post AG [2012.05.05 17:49:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Duden [2012.06.24 01:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\EnterNHelp [2011.08.25 17:38:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ezsidmv.dat ()
O4 - Startup: C:\Users\All Users\Favoriten [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2011.04.30 15:01:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\LightScribe [2012.06.23 11:04:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Logishrd [2011.02.08 17:24:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Logitech [2011.02.20 13:48:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.06.24 01:56:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012.05.21 14:20:29 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.06.13 12:09:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012.04.27 21:06:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2011.05.29 17:04:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nikon [2011.08.25 17:34:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA [2012.06.24 01:24:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA Corporation [2011.08.15 12:20:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PKP_DLec.DAT ()
O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2012.02.07 13:33:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012.05.13 21:07:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sophos [2011.04.19 10:47:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sophos Web Intelligence [2011.04.23 11:07:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2011.02.07 18:11:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Ultima_T15 [2011.08.25 17:38:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Western Digital [2012.06.02 13:49:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\boinc_master\Anwendungsdaten [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\AppData [2011.11.24 23:54:20 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\boinc_master\Cookies [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Desktop [2012.06.07 12:42:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Documents [2011.11.24 23:54:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Druckumgebung [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Eigene Dateien [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Lokale Einstellungen [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Netzwerkumgebung [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT ()
O4 - Startup: C:\Users\boinc_master\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\boinc_master\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{02de1a29-3853-11e1-bfd4-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{02de1a29-3853-11e1-bfd4-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{02de1a29-3853-11e1-bfd4-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{0da78820-330c-11e1-b35f-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{0da78820-330c-11e1-b35f-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{0da78820-330c-11e1-b35f-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1835a3e7-6148-11e1-b881-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1835a3e7-6148-11e1-b881-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1835a3e7-6148-11e1-b881-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1a1eef20-8d33-11e1-81b1-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1a1eef20-8d33-11e1-81b1-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1a1eef20-8d33-11e1-81b1-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1a30e516-56f0-11e1-b091-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1a30e516-56f0-11e1-b091-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1a30e516-56f0-11e1-b091-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1e07eb05-797d-11e1-a5f6-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1e07eb05-797d-11e1-a5f6-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1e07eb05-797d-11e1-a5f6-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1ead116f-3c26-11e1-8989-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1ead116f-3c26-11e1-8989-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1ead116f-3c26-11e1-8989-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1fedd53a-57be-11e1-812f-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1fedd53a-57be-11e1-812f-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{1fedd53a-57be-11e1-812f-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{24bd4a4e-3eb0-11e1-bc54-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{24bd4a4e-3eb0-11e1-bc54-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{24bd4a4e-3eb0-11e1-bc54-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{29780480-732a-11e1-b0bd-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{29780480-732a-11e1-b0bd-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{29780480-732a-11e1-b0bd-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{2aa1a8a4-4354-11e1-bcbf-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{2aa1a8a4-4354-11e1-bcbf-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{2aa1a8a4-4354-11e1-bcbf-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{38d2750a-651f-11e1-b1e3-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{38d2750a-651f-11e1-b1e3-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{38d2750a-651f-11e1-b1e3-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{3bf95cce-4a9c-11e1-8709-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{3bf95cce-4a9c-11e1-8709-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{3bf95cce-4a9c-11e1-8709-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{44e16fb9-39e0-11e1-b5f3-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{44e16fb9-39e0-11e1-b5f3-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{44e16fb9-39e0-11e1-b5f3-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{5320d7f8-1d18-11e1-8001-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{5320d7f8-1d18-11e1-8001-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{5320d7f8-1d18-11e1-8001-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{55225fda-313d-11e1-8334-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{55225fda-313d-11e1-8334-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{55225fda-313d-11e1-8334-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{5fa376b5-7e6d-11e1-88e6-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{5fa376b5-7e6d-11e1-88e6-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{5fa376b5-7e6d-11e1-88e6-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{62146a33-ba2b-11e1-a409-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{62146a33-ba2b-11e1-a409-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{62146a33-ba2b-11e1-a409-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{6fb7041b-9a76-11e1-8082-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{6fb7041b-9a76-11e1-8082-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{6fb7041b-9a76-11e1-8082-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{753523ac-5011-11e1-8005-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{753523ac-5011-11e1-8005-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{753523ac-5011-11e1-8005-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{7b47b0c4-6cf5-11e1-8196-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{7b47b0c4-6cf5-11e1-8196-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{7b47b0c4-6cf5-11e1-8196-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{8dbc94fe-4e62-11e1-b89e-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{8dbc94fe-4e62-11e1-b89e-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{8dbc94fe-4e62-11e1-b89e-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{9de2e543-5952-11e1-885d-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{9de2e543-5952-11e1-885d-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{9de2e543-5952-11e1-885d-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{a94c52f4-99f0-11e1-88db-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{a94c52f4-99f0-11e1-88db-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{a94c52f4-99f0-11e1-88db-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{af9f36eb-a735-11e1-b7e6-00059a3c7a00}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{af9f36eb-a735-11e1-b7e6-00059a3c7a00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{af9f36eb-a735-11e1-b7e6-00059a3c7a00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b574c3f2-269c-11e1-8426-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b574c3f2-269c-11e1-8426-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b574c3f2-269c-11e1-8426-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b5a0e942-909b-11e1-8332-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b5a0e942-909b-11e1-8332-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b5a0e942-909b-11e1-8332-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b8d5f79b-aee7-11e1-a77e-00059a3c7a00}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b8d5f79b-aee7-11e1-a77e-00059a3c7a00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{b8d5f79b-aee7-11e1-a77e-00059a3c7a00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{c8be8b64-474a-11e1-bf6f-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{c8be8b64-474a-11e1-bf6f-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{c8be8b64-474a-11e1-bf6f-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca740280-aca8-11e1-b047-00059a3c7a00}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca740280-aca8-11e1-b047-00059a3c7a00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca740280-aca8-11e1-b047-00059a3c7a00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca740711-aca8-11e1-b047-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca740711-aca8-11e1-b047-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca740711-aca8-11e1-b047-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca836e33-7b27-11e1-8306-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca836e33-7b27-11e1-8306-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ca836e33-7b27-11e1-8306-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{cbdae0c0-b570-11e1-bc0c-00059a3c7a00}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{cbdae0c0-b570-11e1-bc0c-00059a3c7a00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{cbdae0c0-b570-11e1-bc0c-00059a3c7a00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{cbdae228-b570-11e1-bc0c-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{cbdae228-b570-11e1-bc0c-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{cbdae228-b570-11e1-bc0c-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d0f04ed6-1bea-11e1-b088-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d0f04ed6-1bea-11e1-b088-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d0f04ed6-1bea-11e1-b088-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d3110670-86e6-11e1-b0c8-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d3110670-86e6-11e1-b0c8-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d3110670-86e6-11e1-b0c8-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d5c5da73-5f9b-11e1-800e-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d5c5da73-5f9b-11e1-800e-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{d5c5da73-5f9b-11e1-800e-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e21a6fef-3d2c-11e1-b591-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e21a6fef-3d2c-11e1-b591-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e21a6fef-3d2c-11e1-b591-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e82d2057-33ce-11e1-ac7c-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e82d2057-33ce-11e1-ac7c-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e82d2057-33ce-11e1-ac7c-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e9008d5b-83ad-11e1-b70c-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e9008d5b-83ad-11e1-b70c-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{e9008d5b-83ad-11e1-b70c-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{edb96750-bd88-11e1-bb34-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{edb96750-bd88-11e1-bb34-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{edb96750-bd88-11e1-bb34-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ff922081-7673-11e1-84bc-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ff922081-7673-11e1-84bc-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ff922081-7673-11e1-84bc-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ffcddcf7-b46e-11e1-80f5-00059a3c7a00}.TM.blf ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ffcddcf7-b46e-11e1-80f5-00059a3c7a00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\NTUSER.DAT{ffcddcf7-b46e-11e1-80f5-00059a3c7a00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\boinc_master\ntuser.ini ()
O4 - Startup: C:\Users\boinc_master\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Recent [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\boinc_master\SendTo [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Startmenü [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\boinc_master\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\boinc_master\Vorlagen [2011.11.24 23:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 05:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2011.02.06 17:50:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2011.02.06 17:50:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Anwendungsdaten [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\AppData [2011.02.06 17:50:51 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Frederik ***\Application Data [2011.02.27 16:26:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Frederik ***\Contacts [2012.06.24 01:17:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Cookies [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\defogger_reenable ()
O4 - Startup: C:\Users\Frederik ***\Desktop [2012.07.01 23:29:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Documents [2012.06.24 01:18:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Downloads [2012.06.24 01:18:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Druckumgebung [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Eigene Dateien [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Favorites [2012.02.15 12:20:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Glnlfn [2012.06.24 01:48:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Frederik ***\Links [2012.04.03 15:03:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Lokale Einstellungen [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Music [2012.06.24 01:18:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Netzwerkumgebung [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\NTUSER.DAT ()
O4 - Startup: C:\Users\Frederik ***\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Frederik ***\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Frederik ***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Frederik ***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Frederik ***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Frederik ***\ntuser.ini ()
O4 - Startup: C:\Users\Frederik ***\Pictures [2012.06.24 01:18:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Recent [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Saved Games [2012.02.15 12:20:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Searches [2012.06.24 01:18:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\SendTo [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Startmenü [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\Studium Uni Hannover [2012.06.24 01:26:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Frederik ***\Videos [2012.02.15 12:20:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Frederik ***\Vorlagen [2011.02.06 17:50:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Frederik ***\WG [2012.06.24 01:26:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\dcmsvcsetup.exe ( )
O4 - Startup: C:\Users\Public\Desktop [2012.06.24 02:05:53 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011.12.31 14:29:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\invokesi.exe ()
O4 - Startup: C:\Users\Public\Libraries [2011.02.06 18:00:30 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2011.07.05 21:10:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011.03.10 21:41:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Thumbs.db ()
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Anwendungsdaten [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\AppData [2012.02.25 02:05:16 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\UpdatusUser\Contacts [2012.02.25 02:05:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\Cookies [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Desktop [2012.06.07 12:42:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Documents [2012.02.25 02:05:16 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Druckumgebung [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Eigene Dateien [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Lokale Einstellungen [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Netzwerkumgebung [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT ()
O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{7b47b1fe-6cf5-11e1-8196-001966c5bf6f}.TM.blf ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{7b47b1fe-6cf5-11e1-8196-001966c5bf6f}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{7b47b1fe-6cf5-11e1-8196-001966c5bf6f}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\UpdatusUser\ntuser.ini ()
O4 - Startup: C:\Users\UpdatusUser\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Recent [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\Searches [2012.02.25 02:05:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\SendTo [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Startmenü [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Vorlagen [2012.02.25 02:05:16 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4FDE4BC-EA28-4B59-8E6D-E5FBB736B3A5}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~2\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk - C:\PROGRA~2\Nikon\PICTUR~1\NKBMON~1.EXE - (Nikon Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Frederik ***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpFolder: C:^Users^Frederik ***^Glnlfn^ylyjbwju.exe - - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AmazonGSDownloaderTray - hkey= - key= - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: boincmgr - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: boinctray - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: dcmsvc - hkey= - key= - C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Frederik ***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: P17RunE - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WD Quick View - hkey= - key= - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
MsConfig:64bit - StartUpReg: WLSync - hkey= - key= - C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A4697B5E-FAA8-49FC-BAB2-A2272F82B527} - msiexec /fus {A4697B5E-FAA8-49FC-BAB2-A2272F82B527} /quiet
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
CREATERESTOREPOINT
System Restore Service not available.
========== Files/Folders - Created Within 30 Days ==========
[2012.06.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Videos
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Pictures
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Music
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Links
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Favorites
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Downloads
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Documents
[2012.06.28 14:28:46 | 000,000,000 | R--D | C] -- C:\Users\admin\Desktop
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Vorlagen
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Startmenü
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\SendTo
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Recent
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Netzwerkumgebung
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Lokale Einstellungen
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Eigene Dateien
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Druckumgebung
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Cookies
[2012.06.28 14:28:46 | 000,000,000 | -HSD | C] -- C:\Users\admin\Anwendungsdaten
[2012.06.28 14:28:46 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData
[2012.06.28 14:28:46 | 000,000,000 | ---D | C] -- C:\Users\admin\Saved Games
[2012.06.24 01:56:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.24 01:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 01:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.23 11:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
[2012.06.23 11:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.06.23 11:02:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.06.23 11:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.06.14 18:19:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.06.07 22:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dcmsvc
[2012.06.07 22:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager
[2012.06.07 12:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack
[2012.06.02 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2012.06.02 13:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012.06.02 13:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
========== Files - Modified Within 30 Days ==========
[2012.07.01 23:22:31 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 23:22:31 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 23:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.01 23:15:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.07.01 23:15:09 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.24 01:25:19 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.24 00:33:01 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.24 00:28:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2352053164-1578933417-3805159915-1000UA.job
[2012.06.23 20:42:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2352053164-1578933417-3805159915-1000Core.job
[2012.06.20 18:04:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 18:04:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 18:04:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 18:04:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 18:04:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.16 17:39:14 | 000,001,072 | ---- | M] () -- C:\Windows\eReg.dat
[2012.06.14 19:02:37 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 18:32:32 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.14 18:30:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.14 18:29:51 | 000,840,264 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.13 18:00:37 | 002,478,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.11 22:58:40 | 000,000,936 | ---- | M] () -- C:\Windows\STA2.ini
========== Files Created - No Company Name ==========
[2012.06.23 11:08:30 | 000,648,192 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2012.06.14 18:30:04 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 18:30:04 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.14 18:30:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.14 18:29:57 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.07 22:20:58 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warner Bros. Digital Copy Manager.lnk
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.11.01 23:51:16 | 000,000,936 | ---- | C] () -- C:\Windows\STA2.ini
[2011.08.25 17:38:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2011.02.15 13:31:13 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.02.15 13:31:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.02.14 17:53:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.02.12 23:46:48 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.07 11:55:25 | 000,001,072 | ---- | C] () -- C:\Windows\eReg.dat
[2011.02.06 20:36:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.06 17:35:34 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011.02.06 17:35:33 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011.02.06 17:01:24 | 3220,578,304 | -HS- | C] () -- \hiberfil.sys
========== LOP Check ==========
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Anwendungsdaten
[2012.06.28 14:28:46 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Cookies
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Desktop
[2012.06.28 14:28:46 | 000,000,000 | R--D | M] -- C:\Users\admin\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Downloads
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Druckumgebung
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Links
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Music
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Pictures
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\admin\Saved Games
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\SendTo
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Startmenü
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\admin\Videos
[2012.06.28 14:28:46 | 000,000,000 | -HSD | M] -- C:\Users\admin\Vorlagen
[2012.06.24 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\AirportMania
[2012.01.01 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Amazon
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2011.02.22 16:25:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2012.05.05 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\Deutsche Post AG
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2012.06.24 01:16:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Duden
[2011.08.25 17:38:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\EnterNHelp
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012.06.23 11:04:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\LightScribe
[2011.08.25 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nikon
[2012.02.07 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2011.04.19 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sophos
[2011.04.23 11:07:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sophos Web Intelligence
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011.08.25 17:38:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ultima_T15
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2012.06.02 13:49:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Western Digital
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Anwendungsdaten
[2011.11.24 23:54:20 | 000,000,000 | -H-D | M] -- C:\Users\boinc_master\AppData
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Cookies
[2012.06.07 12:42:30 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Desktop
[2011.11.24 23:54:20 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Downloads
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Druckumgebung
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Links
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Music
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Pictures
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\boinc_master\Saved Games
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\SendTo
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Startmenü
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\boinc_master\Videos
[2011.11.24 23:54:20 | 000,000,000 | -HSD | M] -- C:\Users\boinc_master\Vorlagen
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011.02.06 17:50:40 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2011.02.06 17:50:40 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Anwendungsdaten
[2011.02.06 17:50:51 | 000,000,000 | -H-D | M] -- C:\Users\Frederik ***\AppData
[2011.02.27 16:26:05 | 000,000,000 | ---D | M] -- C:\Users\Frederik ***\Application Data
[2012.06.24 01:17:28 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Contacts
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Cookies
[2012.07.01 23:29:33 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Desktop
[2012.06.24 01:18:30 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Documents
[2012.06.24 01:18:47 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Downloads
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Druckumgebung
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Eigene Dateien
[2012.02.15 12:20:20 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Favorites
[2012.06.24 01:48:55 | 000,000,000 | ---D | M] -- C:\Users\Frederik ***\Glnlfn
[2012.04.03 15:03:41 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Links
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Lokale Einstellungen
[2012.06.24 01:18:47 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Music
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Netzwerkumgebung
[2012.06.24 01:18:49 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Pictures
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Recent
[2012.02.15 12:20:21 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Saved Games
[2012.06.24 01:18:49 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Searches
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\SendTo
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Startmenü
[2012.06.24 01:26:38 | 000,000,000 | ---D | M] -- C:\Users\Frederik ***\Studium Uni Hannover
[2012.02.15 12:20:20 | 000,000,000 | R--D | M] -- C:\Users\Frederik ***\Videos
[2011.02.06 17:50:51 | 000,000,000 | -HSD | M] -- C:\Users\Frederik ***\Vorlagen
[2012.06.24 01:26:36 | 000,000,000 | ---D | M] -- C:\Users\Frederik ***\WG
[2012.06.24 02:05:53 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011.12.31 14:29:33 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2011.02.06 18:00:30 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011.07.05 21:10:10 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011.03.10 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Anwendungsdaten
[2012.02.25 02:05:16 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\AppData
[2012.02.25 02:05:17 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Contacts
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Cookies
[2012.06.07 12:42:30 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Desktop
[2012.02.25 02:05:16 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Downloads
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Druckumgebung
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Links
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Music
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Pictures
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Saved Games
[2012.02.25 02:05:17 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Searches
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\SendTo
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Startmenü
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Videos
[2012.02.25 02:05:16 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Vorlagen
[2011.08.26 21:35:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.06.28 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2012.04.06 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2012.06.28 15:31:41 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2012.06.28 14:35:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
< %APPDATA%\*.exe /s >
[2012.04.06 11:02:41 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
|
|
02.07.2012, 13:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 64Bit Trojan.Ransom.AMNGen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
MsConfig:64bit - StartUpFolder: C:^Users^Frederik ***^Glnlfn^ylyjbwju.exe - - File not found
:Files
C:\Users\Frederik ***\AppData\Local\Temp\V.class
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 14:11
| #9 |
| | Win7 64Bit Trojan.Ransom.AMNGen Ok, hier mal das Ergebnis des Fixes: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
========== FILES ==========
C:\Users\Frederik ***\AppData\Local\Temp\V.class moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Frederik ***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
-> No Temporary Internet Files cache folder defined!
User: All Users
-> No Temporary Internet Files cache folder defined!
User: boinc_master
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: Frederik ***
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: UpdatusUser
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 459681694 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 136888 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 439,00 mb
[EMPTYFLASH]
User: admin
User: All Users
User: boinc_master
User: Default
User: Default User
User: Frederik ***
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_150235
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
02.07.2012, 14:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 64Bit Trojan.Ransom.AMNGen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 14:55
| #11 |
| | Win7 64Bit Trojan.Ransom.AMNGen Dann mal hier das Log vom TDSS Code:
ATTFilter 15:52:02.0500 0796 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
15:52:02.0704 0796 ============================================================
15:52:02.0704 0796 Current date / time: 2012/07/02 15:52:02.0704
15:52:02.0704 0796 SystemInfo:
15:52:02.0704 0796
15:52:02.0704 0796 OS Version: 6.1.7601 ServicePack: 1.0
15:52:02.0704 0796 Product type: Workstation
15:52:02.0704 0796 ComputerName: FREDERIK-FESTPC
15:52:02.0704 0796 UserName: admin
15:52:02.0704 0796 Windows directory: C:\Windows
15:52:02.0704 0796 System windows directory: C:\Windows
15:52:02.0704 0796 Running under WOW64
15:52:02.0704 0796 Processor architecture: Intel x64
15:52:02.0704 0796 Number of processors: 2
15:52:02.0704 0796 Page size: 0x1000
15:52:02.0704 0796 Boot type: Normal boot
15:52:02.0704 0796 ============================================================
15:52:03.0735 0796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:03.0735 0796 ============================================================
15:52:03.0735 0796 \Device\Harddisk0\DR0:
15:52:03.0735 0796 MBR partitions:
15:52:03.0735 0796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
15:52:03.0735 0796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
15:52:03.0735 0796 ============================================================
15:52:03.0750 0796 C: <-> \Device\Harddisk0\DR0\Partition0
15:52:03.0797 0796 D: <-> \Device\Harddisk0\DR0\Partition1
15:52:03.0797 0796 ============================================================
15:52:03.0797 0796 Initialize success
15:52:03.0797 0796 ============================================================
15:52:16.0547 1384 ============================================================
15:52:16.0547 1384 Scan started
15:52:16.0547 1384 Mode: Manual; SigCheck; TDLFS;
15:52:16.0547 1384 ============================================================
15:52:17.0313 1384 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:52:17.0469 1384 1394ohci - ok
15:52:17.0500 1384 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:52:17.0516 1384 ACPI - ok
15:52:17.0532 1384 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:52:17.0594 1384 AcpiPmi - ok
15:52:17.0735 1384 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:52:17.0735 1384 AdobeARMservice - ok
15:52:17.0797 1384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:17.0813 1384 adp94xx - ok
15:52:17.0844 1384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:52:17.0860 1384 adpahci - ok
15:52:17.0875 1384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:52:17.0891 1384 adpu320 - ok
15:52:17.0907 1384 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:52:18.0000 1384 AeLookupSvc - ok
15:52:18.0079 1384 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:52:18.0125 1384 AFD - ok
15:52:18.0157 1384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:52:18.0172 1384 agp440 - ok
15:52:18.0188 1384 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:52:18.0219 1384 ALG - ok
15:52:18.0235 1384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:52:18.0250 1384 aliide - ok
15:52:18.0360 1384 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
15:52:18.0391 1384 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning
15:52:18.0391 1384 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)
15:52:18.0407 1384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:52:18.0422 1384 amdide - ok
15:52:18.0454 1384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:52:18.0500 1384 AmdK8 - ok
15:52:18.0516 1384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:52:18.0532 1384 AmdPPM - ok
15:52:18.0563 1384 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:52:18.0579 1384 amdsata - ok
15:52:18.0594 1384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:18.0610 1384 amdsbs - ok
15:52:18.0610 1384 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:52:18.0625 1384 amdxata - ok
15:52:18.0657 1384 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:52:18.0766 1384 AppID - ok
15:52:18.0797 1384 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:52:18.0844 1384 AppIDSvc - ok
15:52:19.0000 1384 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:52:19.0047 1384 Appinfo - ok
15:52:19.0079 1384 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:52:19.0110 1384 AppMgmt - ok
15:52:19.0125 1384 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:52:19.0141 1384 arc - ok
15:52:19.0157 1384 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:52:19.0172 1384 arcsas - ok
15:52:19.0188 1384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:19.0235 1384 AsyncMac - ok
15:52:19.0250 1384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:52:19.0266 1384 atapi - ok
15:52:19.0313 1384 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:52:19.0391 1384 AudioEndpointBuilder - ok
15:52:19.0391 1384 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:52:19.0422 1384 AudioSrv - ok
15:52:19.0485 1384 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:52:19.0532 1384 AxInstSV - ok
15:52:19.0579 1384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:19.0610 1384 b06bdrv - ok
15:52:19.0641 1384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:19.0688 1384 b57nd60a - ok
15:52:19.0719 1384 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:52:19.0750 1384 BDESVC - ok
15:52:19.0782 1384 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:52:19.0829 1384 Beep - ok
15:52:19.0907 1384 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:52:19.0954 1384 BFE - ok
15:52:19.0985 1384 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:52:20.0094 1384 BITS - ok
15:52:20.0141 1384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:20.0157 1384 blbdrive - ok
15:52:20.0250 1384 BOINC - ok
15:52:20.0313 1384 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:52:20.0344 1384 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
15:52:20.0344 1384 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
15:52:20.0375 1384 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:52:20.0422 1384 bowser - ok
15:52:20.0438 1384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:20.0500 1384 BrFiltLo - ok
15:52:20.0516 1384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:20.0532 1384 BrFiltUp - ok
15:52:20.0563 1384 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:52:20.0641 1384 Browser - ok
15:52:20.0672 1384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:52:20.0719 1384 Brserid - ok
15:52:20.0750 1384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:20.0782 1384 BrSerWdm - ok
15:52:20.0813 1384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:20.0829 1384 BrUsbMdm - ok
15:52:20.0860 1384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:20.0875 1384 BrUsbSer - ok
15:52:20.0938 1384 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:52:20.0985 1384 BthEnum - ok
15:52:21.0000 1384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:21.0032 1384 BTHMODEM - ok
15:52:21.0063 1384 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:52:21.0079 1384 BthPan - ok
15:52:21.0110 1384 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:52:21.0141 1384 BTHPORT - ok
15:52:21.0157 1384 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:52:21.0204 1384 bthserv - ok
15:52:21.0250 1384 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:52:21.0282 1384 BTHUSB - ok
15:52:21.0297 1384 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:21.0344 1384 cdfs - ok
15:52:21.0391 1384 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:21.0407 1384 cdrom - ok
15:52:21.0438 1384 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:52:21.0500 1384 CertPropSvc - ok
15:52:21.0516 1384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:52:21.0547 1384 circlass - ok
15:52:21.0579 1384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:52:21.0594 1384 CLFS - ok
15:52:21.0641 1384 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:21.0657 1384 clr_optimization_v2.0.50727_32 - ok
15:52:21.0704 1384 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:21.0719 1384 clr_optimization_v2.0.50727_64 - ok
15:52:21.0797 1384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:21.0829 1384 clr_optimization_v4.0.30319_32 - ok
15:52:21.0860 1384 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:21.0875 1384 clr_optimization_v4.0.30319_64 - ok
15:52:21.0907 1384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:21.0922 1384 CmBatt - ok
15:52:21.0954 1384 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:52:21.0954 1384 cmdide - ok
15:52:22.0000 1384 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:52:22.0047 1384 CNG - ok
15:52:22.0063 1384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:22.0079 1384 Compbatt - ok
15:52:22.0094 1384 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:52:22.0125 1384 CompositeBus - ok
15:52:22.0141 1384 COMSysApp - ok
15:52:22.0157 1384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:22.0157 1384 crcdisk - ok
15:52:22.0219 1384 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:52:22.0235 1384 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:52:22.0235 1384 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:52:22.0266 1384 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:52:22.0297 1384 CryptSvc - ok
15:52:22.0344 1384 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:52:22.0407 1384 CSC - ok
15:52:22.0438 1384 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:52:22.0469 1384 CscService - ok
15:52:22.0547 1384 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:52:22.0563 1384 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
15:52:22.0563 1384 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
15:52:22.0625 1384 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:52:22.0688 1384 DcomLaunch - ok
15:52:22.0719 1384 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:52:22.0782 1384 defragsvc - ok
15:52:22.0829 1384 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:52:22.0875 1384 DfsC - ok
15:52:22.0938 1384 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:52:22.0985 1384 Dhcp - ok
15:52:23.0000 1384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:52:23.0063 1384 discache - ok
15:52:23.0094 1384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:52:23.0110 1384 Disk - ok
15:52:23.0141 1384 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:52:23.0172 1384 Dnscache - ok
15:52:23.0219 1384 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:52:23.0266 1384 dot3svc - ok
15:52:23.0313 1384 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:52:23.0360 1384 DPS - ok
15:52:23.0375 1384 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:52:23.0391 1384 drmkaud - ok
15:52:23.0454 1384 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:23.0485 1384 DXGKrnl - ok
15:52:23.0500 1384 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:52:23.0547 1384 EapHost - ok
15:52:23.0657 1384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:23.0719 1384 ebdrv - ok
15:52:23.0813 1384 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:52:23.0860 1384 EFS - ok
15:52:23.0907 1384 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:52:23.0954 1384 ehRecvr - ok
15:52:23.0969 1384 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:52:24.0000 1384 ehSched - ok
15:52:24.0079 1384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:24.0094 1384 elxstor - ok
15:52:24.0125 1384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:52:24.0141 1384 ErrDev - ok
15:52:24.0188 1384 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:52:24.0250 1384 EventSystem - ok
15:52:24.0266 1384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:24.0313 1384 exfat - ok
15:52:24.0329 1384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:24.0375 1384 fastfat - ok
15:52:24.0438 1384 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:52:24.0469 1384 Fax - ok
15:52:24.0500 1384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:24.0516 1384 fdc - ok
15:52:24.0532 1384 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:52:24.0579 1384 fdPHost - ok
15:52:24.0594 1384 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:52:24.0641 1384 FDResPub - ok
15:52:24.0657 1384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:24.0657 1384 FileInfo - ok
15:52:24.0672 1384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:24.0719 1384 Filetrace - ok
15:52:24.0813 1384 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:52:24.0844 1384 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:52:24.0844 1384 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:52:24.0860 1384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:24.0875 1384 flpydisk - ok
15:52:24.0922 1384 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:52:24.0938 1384 FltMgr - ok
15:52:24.0985 1384 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:52:25.0032 1384 FontCache - ok
15:52:25.0094 1384 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:25.0094 1384 FontCache3.0.0.0 - ok
15:52:25.0125 1384 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:25.0141 1384 FsDepends - ok
15:52:25.0172 1384 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:25.0188 1384 Fs_Rec - ok
15:52:25.0235 1384 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:25.0266 1384 fvevol - ok
15:52:25.0282 1384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:25.0297 1384 gagp30kx - ok
15:52:25.0344 1384 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:52:25.0407 1384 gpsvc - ok
15:52:25.0469 1384 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:25.0485 1384 gupdate - ok
15:52:25.0500 1384 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:25.0516 1384 gupdatem - ok
15:52:25.0532 1384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:25.0579 1384 hcw85cir - ok
15:52:25.0610 1384 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:52:25.0625 1384 HdAudAddService - ok
15:52:25.0657 1384 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:52:25.0688 1384 HDAudBus - ok
15:52:25.0704 1384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:25.0719 1384 HidBatt - ok
15:52:25.0735 1384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:25.0782 1384 HidBth - ok
15:52:25.0797 1384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:25.0813 1384 HidIr - ok
15:52:25.0844 1384 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:52:25.0891 1384 hidserv - ok
15:52:25.0938 1384 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:25.0938 1384 HidUsb - ok
15:52:25.0969 1384 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:52:26.0016 1384 hkmsvc - ok
15:52:26.0063 1384 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:52:26.0094 1384 HomeGroupListener - ok
15:52:26.0141 1384 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:52:26.0157 1384 HomeGroupProvider - ok
15:52:26.0188 1384 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:52:26.0204 1384 HpSAMD - ok
15:52:26.0282 1384 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:52:26.0329 1384 HTTP - ok
15:52:26.0360 1384 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:52:26.0375 1384 hwpolicy - ok
15:52:26.0391 1384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:52:26.0407 1384 i8042prt - ok
15:52:26.0438 1384 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:52:26.0454 1384 iaStorV - ok
15:52:26.0563 1384 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:26.0579 1384 idsvc - ok
15:52:26.0610 1384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:26.0625 1384 iirsp - ok
15:52:26.0688 1384 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:52:26.0750 1384 IKEEXT - ok
15:52:26.0766 1384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:52:26.0782 1384 intelide - ok
15:52:26.0797 1384 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:26.0813 1384 intelppm - ok
15:52:26.0844 1384 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:52:26.0891 1384 IPBusEnum - ok
15:52:26.0922 1384 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:26.0954 1384 IpFilterDriver - ok
15:52:27.0000 1384 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:52:27.0047 1384 iphlpsvc - ok
15:52:27.0063 1384 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:52:27.0094 1384 IPMIDRV - ok
15:52:27.0125 1384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:27.0172 1384 IPNAT - ok
15:52:27.0188 1384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:27.0250 1384 IRENUM - ok
15:52:27.0266 1384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:52:27.0282 1384 isapnp - ok
15:52:27.0297 1384 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:52:27.0313 1384 iScsiPrt - ok
15:52:27.0329 1384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:27.0329 1384 kbdclass - ok
15:52:27.0360 1384 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:27.0375 1384 kbdhid - ok
15:52:27.0407 1384 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:27.0422 1384 KeyIso - ok
15:52:27.0438 1384 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:52:27.0454 1384 KSecDD - ok
15:52:27.0469 1384 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:27.0469 1384 KSecPkg - ok
15:52:27.0500 1384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:27.0547 1384 ksthunk - ok
15:52:27.0579 1384 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:52:27.0641 1384 KtmRm - ok
15:52:27.0688 1384 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:52:27.0735 1384 LanmanServer - ok
15:52:27.0766 1384 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:52:27.0813 1384 LanmanWorkstation - ok
15:52:27.0891 1384 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:52:27.0922 1384 LBTServ - ok
15:52:27.0954 1384 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:52:27.0954 1384 LHidFilt - ok
15:52:28.0047 1384 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:52:28.0063 1384 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:52:28.0063 1384 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:52:28.0094 1384 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:28.0141 1384 lltdio - ok
15:52:28.0172 1384 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:52:28.0219 1384 lltdsvc - ok
15:52:28.0235 1384 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:52:28.0266 1384 lmhosts - ok
15:52:28.0282 1384 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:52:28.0297 1384 LMouFilt - ok
15:52:28.0329 1384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:28.0329 1384 LSI_FC - ok
15:52:28.0360 1384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:28.0375 1384 LSI_SAS - ok
15:52:28.0391 1384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:28.0391 1384 LSI_SAS2 - ok
15:52:28.0407 1384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:28.0422 1384 LSI_SCSI - ok
15:52:28.0454 1384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:28.0485 1384 luafv - ok
15:52:28.0500 1384 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
15:52:28.0516 1384 LUsbFilt - ok
15:52:28.0547 1384 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:52:28.0547 1384 LVPr2M64 - ok
15:52:28.0547 1384 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:52:28.0563 1384 LVPr2Mon - ok
15:52:28.0625 1384 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:52:28.0625 1384 LVPrcS64 - ok
15:52:28.0672 1384 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
15:52:28.0688 1384 LVRS64 - ok
15:52:29.0141 1384 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:52:29.0250 1384 LVUVC64 - ok
15:52:29.0329 1384 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:52:29.0360 1384 Mcx2Svc - ok
15:52:29.0391 1384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:29.0391 1384 megasas - ok
15:52:29.0422 1384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:29.0438 1384 MegaSR - ok
15:52:29.0500 1384 Microsoft SharePoint Workspace Audit Service - ok
15:52:29.0516 1384 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:29.0563 1384 MMCSS - ok
15:52:29.0594 1384 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:29.0625 1384 Modem - ok
15:52:29.0657 1384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:29.0688 1384 monitor - ok
15:52:29.0704 1384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:29.0719 1384 mouclass - ok
15:52:29.0735 1384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:29.0766 1384 mouhid - ok
15:52:29.0797 1384 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:52:29.0813 1384 mountmgr - ok
15:52:29.0875 1384 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:29.0875 1384 MozillaMaintenance - ok
15:52:29.0907 1384 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:52:29.0922 1384 mpio - ok
15:52:29.0938 1384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:52:29.0985 1384 mpsdrv - ok
15:52:30.0047 1384 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:52:30.0094 1384 MpsSvc - ok
15:52:30.0125 1384 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:52:30.0157 1384 MRxDAV - ok
15:52:30.0188 1384 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:30.0235 1384 mrxsmb - ok
15:52:30.0250 1384 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:30.0282 1384 mrxsmb10 - ok
15:52:30.0297 1384 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:30.0313 1384 mrxsmb20 - ok
15:52:30.0344 1384 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:52:30.0344 1384 msahci - ok
15:52:30.0360 1384 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:52:30.0375 1384 msdsm - ok
15:52:30.0391 1384 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:52:30.0422 1384 MSDTC - ok
15:52:30.0469 1384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:52:30.0500 1384 Msfs - ok
15:52:30.0500 1384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:52:30.0547 1384 mshidkmdf - ok
15:52:30.0563 1384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:52:30.0579 1384 msisadrv - ok
15:52:30.0610 1384 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:52:30.0657 1384 MSiSCSI - ok
15:52:30.0657 1384 msiserver - ok
15:52:30.0688 1384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:30.0735 1384 MSKSSRV - ok
15:52:30.0750 1384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:30.0797 1384 MSPCLOCK - ok
15:52:30.0813 1384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:52:30.0844 1384 MSPQM - ok
15:52:30.0891 1384 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:52:30.0907 1384 MsRPC - ok
15:52:30.0938 1384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:52:30.0938 1384 mssmbios - ok
15:52:30.0954 1384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:52:31.0000 1384 MSTEE - ok
15:52:31.0016 1384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:31.0032 1384 MTConfig - ok
15:52:31.0047 1384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:52:31.0063 1384 Mup - ok
15:52:31.0110 1384 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:52:31.0157 1384 napagent - ok
15:52:31.0188 1384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:31.0235 1384 NativeWifiP - ok
15:52:31.0266 1384 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:52:31.0297 1384 NDIS - ok
15:52:31.0313 1384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:31.0344 1384 NdisCap - ok
15:52:31.0375 1384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:31.0422 1384 NdisTapi - ok
15:52:31.0469 1384 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:31.0500 1384 Ndisuio - ok
15:52:31.0547 1384 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:31.0594 1384 NdisWan - ok
15:52:31.0610 1384 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:52:31.0641 1384 NDProxy - ok
15:52:31.0672 1384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:52:31.0719 1384 NetBIOS - ok
15:52:31.0750 1384 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:52:31.0797 1384 NetBT - ok
15:52:31.0829 1384 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:31.0844 1384 Netlogon - ok
15:52:31.0875 1384 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:52:31.0922 1384 Netman - ok
15:52:31.0938 1384 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:52:31.0985 1384 netprofm - ok
15:52:32.0063 1384 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:52:32.0063 1384 NetTcpPortSharing - ok
15:52:32.0094 1384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:32.0110 1384 nfrd960 - ok
15:52:32.0157 1384 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:52:32.0204 1384 NlaSvc - ok
15:52:32.0282 1384 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
15:52:32.0297 1384 NMIndexingService - ok
15:52:32.0297 1384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:52:32.0344 1384 Npfs - ok
15:52:32.0360 1384 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:52:32.0407 1384 nsi - ok
15:52:32.0422 1384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:52:32.0469 1384 nsiproxy - ok
15:52:32.0547 1384 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:52:32.0579 1384 Ntfs - ok
15:52:32.0641 1384 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:52:32.0688 1384 Null - ok
15:52:32.0735 1384 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:52:32.0766 1384 NVENETFD - ok
15:52:33.0172 1384 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:52:33.0375 1384 nvlddmkm - ok
15:52:33.0469 1384 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:52:33.0485 1384 NVNET - ok
15:52:33.0516 1384 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:52:33.0532 1384 nvraid - ok
15:52:33.0547 1384 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:52:33.0563 1384 nvstor - ok
15:52:33.0625 1384 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
15:52:33.0657 1384 nvsvc - ok
15:52:33.0797 1384 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:52:33.0844 1384 nvUpdatusService - ok
15:52:33.0922 1384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:52:33.0938 1384 nv_agp - ok
15:52:33.0954 1384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:52:33.0985 1384 ohci1394 - ok
15:52:34.0125 1384 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:34.0141 1384 ose - ok
15:52:34.0360 1384 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:52:34.0454 1384 osppsvc - ok
15:52:34.0579 1384 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
15:52:34.0625 1384 P17 - ok
15:52:34.0657 1384 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:52:34.0688 1384 p2pimsvc - ok
15:52:34.0719 1384 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:52:34.0735 1384 p2psvc - ok
15:52:34.0766 1384 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:52:34.0782 1384 Parport - ok
15:52:34.0813 1384 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:52:34.0829 1384 partmgr - ok
15:52:34.0844 1384 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:52:34.0875 1384 PcaSvc - ok
15:52:34.0922 1384 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:52:34.0922 1384 pci - ok
15:52:34.0938 1384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:52:34.0954 1384 pciide - ok
15:52:34.0969 1384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:34.0985 1384 pcmcia - ok
15:52:34.0985 1384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:52:35.0000 1384 pcw - ok
15:52:35.0032 1384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:52:35.0079 1384 PEAUTH - ok
15:52:35.0141 1384 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:52:35.0188 1384 PeerDistSvc - ok
15:52:35.0250 1384 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:52:35.0282 1384 PerfHost - ok
15:52:35.0391 1384 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:52:35.0454 1384 pla - ok
15:52:35.0500 1384 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:52:35.0532 1384 PlugPlay - ok
15:52:35.0547 1384 PnkBstrA - ok
15:52:35.0579 1384 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:52:35.0594 1384 PNRPAutoReg - ok
15:52:35.0625 1384 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:52:35.0641 1384 PNRPsvc - ok
15:52:35.0672 1384 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:52:35.0735 1384 PolicyAgent - ok
15:52:35.0750 1384 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:52:35.0797 1384 Power - ok
15:52:35.0860 1384 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:35.0907 1384 PptpMiniport - ok
15:52:35.0922 1384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:52:35.0954 1384 Processor - ok
15:52:36.0000 1384 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:52:36.0016 1384 ProfSvc - ok
15:52:36.0047 1384 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:36.0063 1384 ProtectedStorage - ok
15:52:36.0110 1384 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:52:36.0157 1384 Psched - ok
15:52:36.0219 1384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:52:36.0250 1384 ql2300 - ok
15:52:36.0344 1384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:36.0360 1384 ql40xx - ok
15:52:36.0407 1384 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:52:36.0438 1384 QWAVE - ok
15:52:36.0454 1384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:52:36.0485 1384 QWAVEdrv - ok
15:52:36.0485 1384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:36.0532 1384 RasAcd - ok
15:52:36.0563 1384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:36.0594 1384 RasAgileVpn - ok
15:52:36.0610 1384 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:52:36.0641 1384 RasAuto - ok
15:52:36.0688 1384 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:36.0719 1384 Rasl2tp - ok
15:52:36.0766 1384 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:52:36.0813 1384 RasMan - ok
15:52:36.0829 1384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:36.0875 1384 RasPppoe - ok
15:52:36.0891 1384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:36.0938 1384 RasSstp - ok
15:52:36.0969 1384 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:37.0016 1384 rdbss - ok
15:52:37.0016 1384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:37.0047 1384 rdpbus - ok
15:52:37.0063 1384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:37.0110 1384 RDPCDD - ok
15:52:37.0125 1384 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\Windows\system32\DRIVERS\rdpdispm.sys
15:52:37.0172 1384 RDPDISPM - ok
15:52:37.0204 1384 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:52:37.0235 1384 RDPDR - ok
15:52:37.0250 1384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:52:37.0282 1384 RDPENCDD - ok
15:52:37.0297 1384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:52:37.0329 1384 RDPREFMP - ok
15:52:37.0375 1384 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:52:37.0422 1384 RDPWD - ok
15:52:37.0469 1384 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:52:37.0485 1384 rdyboost - ok
15:52:37.0516 1384 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:52:37.0563 1384 RemoteAccess - ok
15:52:37.0579 1384 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:52:37.0625 1384 RemoteRegistry - ok
15:52:37.0688 1384 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:52:37.0719 1384 RFCOMM - ok
15:52:37.0735 1384 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:52:37.0782 1384 RpcEptMapper - ok
15:52:37.0782 1384 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:52:37.0813 1384 RpcLocator - ok
15:52:37.0860 1384 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:52:37.0891 1384 RpcSs - ok
15:52:37.0922 1384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:37.0969 1384 rspndr - ok
15:52:37.0985 1384 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:52:38.0032 1384 s3cap - ok
15:52:38.0063 1384 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:38.0079 1384 SamSs - ok
15:52:38.0141 1384 SAVAdminService (c77e73dbce16aa2fe51bbbb042d3303b) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
15:52:38.0188 1384 SAVAdminService - ok
15:52:38.0235 1384 SAVOnAccess (7f5c54e0634827a87032eedf95f63715) C:\Windows\system32\DRIVERS\savonaccess.sys
15:52:38.0235 1384 SAVOnAccess - ok
15:52:38.0266 1384 SAVService (def34501c7a84166678f80d6e8c7b6f5) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
15:52:38.0282 1384 SAVService - ok
15:52:38.0297 1384 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:52:38.0313 1384 sbp2port - ok
15:52:38.0329 1384 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:52:38.0375 1384 SCardSvr - ok
15:52:38.0407 1384 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:52:38.0454 1384 scfilter - ok
15:52:38.0516 1384 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:52:38.0579 1384 Schedule - ok
15:52:38.0610 1384 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:52:38.0641 1384 SCPolicySvc - ok
15:52:38.0672 1384 sdcfilter (7e450d5b46ff8fe82dab822d3b48e3b3) C:\Windows\system32\DRIVERS\sdcfilter.sys
15:52:38.0688 1384 sdcfilter - ok
15:52:38.0704 1384 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:52:38.0719 1384 SDRSVC - ok
15:52:38.0750 1384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:38.0782 1384 secdrv - ok
15:52:38.0797 1384 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:52:38.0844 1384 seclogon - ok
15:52:38.0875 1384 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:52:38.0922 1384 SENS - ok
15:52:38.0938 1384 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:52:38.0969 1384 SensrSvc - ok
15:52:38.0985 1384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:52:39.0000 1384 Serenum - ok
15:52:39.0016 1384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:52:39.0032 1384 Serial - ok
15:52:39.0047 1384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:52:39.0063 1384 sermouse - ok
15:52:39.0110 1384 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:52:39.0172 1384 SessionEnv - ok
15:52:39.0188 1384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:52:39.0219 1384 sffdisk - ok
15:52:39.0235 1384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:39.0250 1384 sffp_mmc - ok
15:52:39.0266 1384 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:52:39.0282 1384 sffp_sd - ok
15:52:39.0313 1384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:39.0329 1384 sfloppy - ok
15:52:39.0360 1384 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:52:39.0407 1384 SharedAccess - ok
15:52:39.0454 1384 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:52:39.0485 1384 ShellHWDetection - ok
15:52:39.0500 1384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:39.0516 1384 SiSRaid2 - ok
15:52:39.0532 1384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:39.0547 1384 SiSRaid4 - ok
15:52:39.0594 1384 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:52:39.0610 1384 SkypeUpdate - ok
15:52:39.0625 1384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:52:39.0672 1384 Smb - ok
15:52:39.0704 1384 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:52:39.0735 1384 SNMPTRAP - ok
15:52:39.0782 1384 Sophos AutoUpdate Service (4bf422afa499bf0001332756aff0bcb1) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
15:52:39.0797 1384 Sophos AutoUpdate Service - ok
15:52:39.0844 1384 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
15:52:39.0860 1384 SophosBootDriver - ok
15:52:39.0875 1384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:52:39.0875 1384 spldr - ok
15:52:39.0938 1384 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:52:39.0985 1384 Spooler - ok
15:52:40.0110 1384 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:52:40.0204 1384 sppsvc - ok
15:52:40.0282 1384 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:52:40.0329 1384 sppuinotify - ok
15:52:40.0391 1384 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:52:40.0438 1384 srv - ok
15:52:40.0454 1384 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:52:40.0485 1384 srv2 - ok
15:52:40.0500 1384 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:40.0532 1384 srvnet - ok
15:52:40.0563 1384 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:52:40.0610 1384 SSDPSRV - ok
15:52:40.0641 1384 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:52:40.0672 1384 SstpSvc - ok
15:52:40.0719 1384 Steam Client Service - ok
15:52:40.0829 1384 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:52:40.0844 1384 Stereo Service - ok
15:52:40.0860 1384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:52:40.0860 1384 stexstor - ok
15:52:40.0922 1384 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:52:40.0969 1384 stisvc - ok
15:52:40.0985 1384 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:52:41.0000 1384 storflt - ok
15:52:41.0016 1384 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:52:41.0047 1384 StorSvc - ok
15:52:41.0063 1384 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:52:41.0079 1384 storvsc - ok
15:52:41.0094 1384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:52:41.0094 1384 swenum - ok
15:52:41.0204 1384 swi_service (4f4c3efceeda23d2261c255430842d22) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
15:52:41.0250 1384 swi_service - ok
15:52:41.0329 1384 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:52:41.0391 1384 swprv - ok
15:52:41.0469 1384 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:52:41.0516 1384 SysMain - ok
15:52:41.0563 1384 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:52:41.0594 1384 TabletInputService - ok
15:52:41.0625 1384 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:52:41.0672 1384 TapiSrv - ok
15:52:41.0688 1384 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:52:41.0750 1384 TBS - ok
15:52:41.0844 1384 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:52:41.0891 1384 Tcpip - ok
15:52:41.0985 1384 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:42.0016 1384 TCPIP6 - ok
15:52:42.0079 1384 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:52:42.0110 1384 tcpipreg - ok
15:52:42.0125 1384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:52:42.0157 1384 TDPIPE - ok
15:52:42.0188 1384 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:52:42.0204 1384 TDTCP - ok
15:52:42.0250 1384 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:52:42.0282 1384 tdx - ok
15:52:42.0454 1384 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:52:42.0516 1384 TeamViewer7 - ok
15:52:42.0594 1384 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:52:42.0594 1384 teamviewervpn - ok
15:52:42.0625 1384 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:52:42.0625 1384 TermDD - ok
15:52:42.0672 1384 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:52:42.0719 1384 TermService - ok
15:52:42.0750 1384 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:52:42.0782 1384 Themes - ok
15:52:42.0797 1384 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:42.0829 1384 THREADORDER - ok
15:52:42.0860 1384 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:52:42.0891 1384 TrkWks - ok
15:52:42.0954 1384 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
15:52:42.0969 1384 truecrypt - ok
15:52:43.0032 1384 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:52:43.0079 1384 TrustedInstaller - ok
15:52:43.0125 1384 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:43.0157 1384 tssecsrv - ok
15:52:43.0188 1384 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:52:43.0235 1384 TsUsbFlt - ok
15:52:43.0297 1384 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:43.0329 1384 tunnel - ok
15:52:43.0360 1384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:52:43.0375 1384 uagp35 - ok
15:52:43.0391 1384 UCOREW64 - ok
15:52:43.0438 1384 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:52:43.0485 1384 udfs - ok
15:52:43.0516 1384 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:52:43.0547 1384 UI0Detect - ok
15:52:43.0563 1384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:52:43.0579 1384 uliagpkx - ok
15:52:43.0610 1384 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:52:43.0610 1384 umbus - ok
15:52:43.0641 1384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:52:43.0657 1384 UmPass - ok
15:52:43.0688 1384 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:52:43.0719 1384 UmRdpService - ok
15:52:43.0750 1384 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:52:43.0797 1384 upnphost - ok
15:52:43.0829 1384 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:52:43.0829 1384 usbaudio - ok
15:52:43.0860 1384 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:43.0875 1384 usbccgp - ok
15:52:43.0922 1384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:52:43.0938 1384 usbcir - ok
15:52:43.0954 1384 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:43.0969 1384 usbehci - ok
15:52:44.0000 1384 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:44.0032 1384 usbhub - ok
15:52:44.0047 1384 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:52:44.0079 1384 usbohci - ok
15:52:44.0110 1384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:44.0125 1384 usbprint - ok
15:52:44.0157 1384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:44.0157 1384 usbscan - ok
15:52:44.0188 1384 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:44.0219 1384 USBSTOR - ok
15:52:44.0250 1384 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:52:44.0282 1384 usbuhci - ok
15:52:44.0329 1384 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:52:44.0360 1384 usbvideo - ok
15:52:44.0375 1384 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:52:44.0422 1384 UxSms - ok
15:52:44.0454 1384 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:44.0469 1384 VaultSvc - ok
15:52:44.0485 1384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:52:44.0485 1384 vdrvroot - ok
15:52:44.0547 1384 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:52:44.0610 1384 vds - ok
15:52:44.0641 1384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:44.0657 1384 vga - ok
15:52:44.0657 1384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:52:44.0704 1384 VgaSave - ok
15:52:44.0735 1384 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:52:44.0750 1384 vhdmp - ok
15:52:44.0766 1384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:52:44.0782 1384 viaide - ok
15:52:44.0797 1384 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:52:44.0813 1384 vmbus - ok
15:52:44.0829 1384 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:52:44.0860 1384 VMBusHID - ok
15:52:44.0875 1384 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:52:44.0875 1384 volmgr - ok
15:52:44.0922 1384 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:52:44.0938 1384 volmgrx - ok
15:52:45.0000 1384 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:52:45.0016 1384 volsnap - ok
15:52:45.0079 1384 vpnagent (193d323a88f442334d652ac5c1f56414) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:52:45.0094 1384 vpnagent - ok
15:52:45.0141 1384 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
15:52:45.0141 1384 vpnva - ok
15:52:45.0188 1384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:45.0204 1384 vsmraid - ok
15:52:45.0282 1384 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:52:45.0344 1384 VSS - ok
15:52:45.0407 1384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:52:45.0422 1384 vwifibus - ok
15:52:45.0469 1384 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:52:45.0500 1384 W32Time - ok
15:52:45.0532 1384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:52:45.0547 1384 WacomPen - ok
15:52:45.0594 1384 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:45.0641 1384 WANARP - ok
15:52:45.0641 1384 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:45.0672 1384 Wanarpv6 - ok
15:52:45.0750 1384 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:52:45.0782 1384 wbengine - ok
15:52:45.0860 1384 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:52:45.0875 1384 WbioSrvc - ok
15:52:45.0922 1384 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:52:45.0954 1384 wcncsvc - ok
15:52:45.0985 1384 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:52:46.0000 1384 WcsPlugInService - ok
15:52:46.0032 1384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:52:46.0032 1384 Wd - ok
15:52:46.0157 1384 WDBackup (6a1aef46ac445ef4013e494bac9d66c2) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
15:52:46.0188 1384 WDBackup - ok
15:52:46.0204 1384 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:52:46.0235 1384 WDC_SAM - ok
15:52:46.0266 1384 WDDriveService (46da6f2c6b084069ec9c4a1c79bfe8c7) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
15:52:46.0282 1384 WDDriveService - ok
15:52:46.0329 1384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:46.0344 1384 Wdf01000 - ok
15:52:46.0375 1384 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:46.0422 1384 WdiServiceHost - ok
15:52:46.0438 1384 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:46.0454 1384 WdiSystemHost - ok
15:52:46.0516 1384 WDRulesService (b1c9682b3ac27567bdba4dedafb6fa79) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
15:52:46.0547 1384 WDRulesService - ok
15:52:46.0594 1384 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:52:46.0625 1384 WebClient - ok
15:52:46.0641 1384 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:52:46.0704 1384 Wecsvc - ok
15:52:46.0735 1384 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:52:46.0782 1384 wercplsupport - ok
15:52:46.0797 1384 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:52:46.0844 1384 WerSvc - ok
15:52:46.0891 1384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:46.0922 1384 WfpLwf - ok
15:52:46.0938 1384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:52:46.0938 1384 WIMMount - ok
15:52:46.0969 1384 WinDefend - ok
15:52:46.0969 1384 WinHttpAutoProxySvc - ok
15:52:47.0016 1384 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:52:47.0047 1384 Winmgmt - ok
15:52:47.0141 1384 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:52:47.0204 1384 WinRM - ok
15:52:47.0594 1384 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:47.0625 1384 WinUsb - ok
15:52:47.0688 1384 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:52:47.0735 1384 Wlansvc - ok
15:52:47.0797 1384 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:52:47.0797 1384 wlcrasvc - ok
15:52:47.0922 1384 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:47.0969 1384 wlidsvc - ok
15:52:48.0047 1384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:52:48.0063 1384 WmiAcpi - ok
15:52:48.0125 1384 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:48.0157 1384 wmiApSrv - ok
15:52:48.0188 1384 WMPNetworkSvc - ok
15:52:48.0204 1384 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:52:48.0219 1384 WPCSvc - ok
15:52:48.0250 1384 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:52:48.0282 1384 WPDBusEnum - ok
15:52:48.0297 1384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:48.0344 1384 ws2ifsl - ok
15:52:48.0375 1384 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:52:48.0407 1384 wscsvc - ok
15:52:48.0407 1384 WSearch - ok
15:52:48.0500 1384 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:52:48.0563 1384 wuauserv - ok
15:52:48.0641 1384 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:52:48.0704 1384 WudfPf - ok
15:52:48.0735 1384 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:48.0766 1384 WUDFRd - ok
15:52:48.0813 1384 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:52:48.0844 1384 wudfsvc - ok
15:52:48.0875 1384 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:52:48.0922 1384 WwanSvc - ok
15:52:48.0954 1384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:52:49.0375 1384 \Device\Harddisk0\DR0 - ok
15:52:49.0407 1384 Boot (0x1200) (cdb4e23078a7fe5fdb7496cfe8917bb4) \Device\Harddisk0\DR0\Partition0
15:52:49.0407 1384 \Device\Harddisk0\DR0\Partition0 - ok
15:52:49.0422 1384 Boot (0x1200) (1b4dca47aace5495c274fd489b52b599) \Device\Harddisk0\DR0\Partition1
15:52:49.0422 1384 \Device\Harddisk0\DR0\Partition1 - ok
15:52:49.0422 1384 ============================================================
15:52:49.0422 1384 Scan finished
15:52:49.0422 1384 ============================================================
15:52:49.0454 1100 Detected object count: 6
15:52:49.0454 1100 Actual detected object count: 6
15:52:59.0391 1100 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:59.0391 1100 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:59.0391 1100 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:59.0391 1100 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:59.0391 1100 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:59.0391 1100 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:59.0391 1100 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:59.0391 1100 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:59.0391 1100 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:59.0391 1100 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:59.0391 1100 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:59.0391 1100 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.07.2012, 16:20
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 64Bit Trojan.Ransom.AMNGen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
