| |
| |||||||
Log-Analyse und Auswertung: Battle.net-Acc wurde gehackt nach EchtgeldeinkaufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.07.2012, 17:58
| #16 |
 |  Battle.net-Acc wurde gehackt nach Echtgeldeinkauf So bin wieder zu hause und an meinem rechner. im Anhang sämtliche logs die vom tdssKiller erstellt wurden. Hier das Letzte Log: Code:
ATTFilter 01:22:39.0219 4260 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
01:22:39.0566 4260 ============================================================
01:22:39.0566 4260 Current date / time: 2012/07/21 01:22:39.0566
01:22:39.0566 4260 SystemInfo:
01:22:39.0566 4260
01:22:39.0566 4260 OS Version: 6.1.7601 ServicePack: 1.0
01:22:39.0566 4260 Product type: Workstation
01:22:39.0566 4260 ComputerName: ANDREAS-PC
01:22:39.0566 4260 UserName: Andreas
01:22:39.0566 4260 Windows directory: C:\Windows
01:22:39.0566 4260 System windows directory: C:\Windows
01:22:39.0566 4260 Running under WOW64
01:22:39.0566 4260 Processor architecture: Intel x64
01:22:39.0566 4260 Number of processors: 4
01:22:39.0566 4260 Page size: 0x1000
01:22:39.0566 4260 Boot type: Normal boot
01:22:39.0566 4260 ============================================================
01:22:40.0695 4260 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0xA8178, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
01:22:41.0263 4260 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:22:41.0270 4260 ============================================================
01:22:41.0271 4260 \Device\Harddisk0\DR0:
01:22:41.0271 4260 MBR partitions:
01:22:41.0271 4260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:22:41.0271 4260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
01:22:41.0271 4260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x249F0000
01:22:41.0271 4260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D40000, BlocksNum 0x7DD47000
01:22:41.0271 4260 \Device\Harddisk1\DR1:
01:22:41.0271 4260 MBR partitions:
01:22:41.0271 4260 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:22:41.0271 4260 ============================================================
01:22:41.0302 4260 C: <-> \Device\Harddisk0\DR0\Partition1
01:22:41.0347 4260 D: <-> \Device\Harddisk0\DR0\Partition2
01:22:41.0405 4260 E: <-> \Device\Harddisk0\DR0\Partition3
01:22:41.0436 4260 F: <-> \Device\Harddisk1\DR1\Partition0
01:22:41.0436 4260 ============================================================
01:22:41.0436 4260 Initialize success
01:22:41.0436 4260 ============================================================
01:22:46.0202 7048 ============================================================
01:22:46.0202 7048 Scan started
01:22:46.0202 7048 Mode: Manual; SigCheck; TDLFS;
01:22:46.0202 7048 ============================================================
01:22:47.0030 7048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:22:47.0108 7048 1394ohci - ok
01:22:47.0168 7048 a2acc (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
01:22:47.0192 7048 a2acc - ok
01:22:47.0318 7048 a2AntiMalware (8b75ba256bcada2b73ffa5bd77aa9e6c) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
01:22:47.0371 7048 a2AntiMalware - ok
01:22:47.0577 7048 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
01:22:47.0592 7048 A2DDA - ok
01:22:47.0693 7048 ABBYY.Licensing.FineReader.Professional.11.0 (656f06850d02baed19f0e2e72b047ce2) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
01:22:47.0715 7048 ABBYY.Licensing.FineReader.Professional.11.0 - ok
01:22:47.0768 7048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:22:47.0787 7048 ACPI - ok
01:22:47.0802 7048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:22:47.0821 7048 AcpiPmi - ok
01:22:47.0898 7048 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:22:47.0914 7048 AdobeFlashPlayerUpdateSvc - ok
01:22:47.0961 7048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:22:47.0982 7048 adp94xx - ok
01:22:48.0006 7048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:22:48.0025 7048 adpahci - ok
01:22:48.0046 7048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:22:48.0064 7048 adpu320 - ok
01:22:48.0091 7048 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:22:48.0127 7048 AeLookupSvc - ok
01:22:48.0159 7048 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:22:48.0180 7048 AFD - ok
01:22:48.0197 7048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:22:48.0212 7048 agp440 - ok
01:22:48.0217 7048 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:22:48.0235 7048 ALG - ok
01:22:48.0242 7048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:22:48.0258 7048 aliide - ok
01:22:48.0290 7048 AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
01:22:48.0311 7048 AMD External Events Utility - ok
01:22:48.0326 7048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:22:48.0342 7048 amdide - ok
01:22:48.0359 7048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:22:48.0379 7048 AmdK8 - ok
01:22:48.0611 7048 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:48.0709 7048 amdkmdag - ok
01:22:48.0765 7048 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
01:22:48.0785 7048 amdkmdap - ok
01:22:48.0805 7048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:22:48.0822 7048 AmdPPM - ok
01:22:48.0838 7048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:22:48.0854 7048 amdsata - ok
01:22:48.0875 7048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:22:48.0894 7048 amdsbs - ok
01:22:48.0904 7048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:22:48.0919 7048 amdxata - ok
01:22:48.0941 7048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:22:48.0976 7048 AppID - ok
01:22:48.0989 7048 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:22:49.0024 7048 AppIDSvc - ok
01:22:49.0050 7048 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:22:49.0084 7048 Appinfo - ok
01:22:49.0110 7048 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:22:49.0128 7048 AppMgmt - ok
01:22:49.0139 7048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:22:49.0155 7048 arc - ok
01:22:49.0165 7048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:22:49.0181 7048 arcsas - ok
01:22:49.0256 7048 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:22:49.0270 7048 aspnet_state - ok
01:22:49.0287 7048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:49.0321 7048 AsyncMac - ok
01:22:49.0324 7048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:22:49.0339 7048 atapi - ok
01:22:49.0372 7048 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:22:49.0388 7048 AtiHDAudioService - ok
01:22:49.0420 7048 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
01:22:49.0435 7048 AtiHdmiService - ok
01:22:49.0710 7048 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:49.0809 7048 atikmdag - ok
01:22:49.0867 7048 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
01:22:49.0885 7048 atksgt - ok
01:22:49.0936 7048 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:49.0975 7048 AudioEndpointBuilder - ok
01:22:49.0980 7048 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:50.0020 7048 AudioSrv - ok
01:22:50.0079 7048 AVP (946d70667b0119f2beeae0849e1d46a2) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
01:22:50.0096 7048 AVP - ok
01:22:50.0120 7048 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:22:50.0141 7048 AxInstSV - ok
01:22:50.0174 7048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:22:50.0194 7048 b06bdrv - ok
01:22:50.0217 7048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:22:50.0236 7048 b57nd60a - ok
01:22:50.0254 7048 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:22:50.0271 7048 BDESVC - ok
01:22:50.0285 7048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:22:50.0320 7048 Beep - ok
01:22:50.0365 7048 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:22:50.0404 7048 BFE - ok
01:22:50.0443 7048 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
01:22:50.0486 7048 BITS - ok
01:22:50.0492 7048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:22:50.0510 7048 blbdrive - ok
01:22:50.0520 7048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:22:50.0536 7048 bowser - ok
01:22:50.0554 7048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:22:50.0573 7048 BrFiltLo - ok
01:22:50.0583 7048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:22:50.0602 7048 BrFiltUp - ok
01:22:50.0626 7048 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:22:50.0660 7048 Browser - ok
01:22:50.0688 7048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:22:50.0708 7048 Brserid - ok
01:22:50.0723 7048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:22:50.0744 7048 BrSerWdm - ok
01:22:50.0751 7048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:22:50.0770 7048 BrUsbMdm - ok
01:22:50.0778 7048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:22:50.0795 7048 BrUsbSer - ok
01:22:50.0816 7048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:22:50.0835 7048 BTHMODEM - ok
01:22:50.0851 7048 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:22:50.0887 7048 bthserv - ok
01:22:50.0893 7048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:50.0928 7048 cdfs - ok
01:22:50.0955 7048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:50.0974 7048 cdrom - ok
01:22:50.0988 7048 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:22:51.0023 7048 CertPropSvc - ok
01:22:51.0039 7048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:22:51.0061 7048 circlass - ok
01:22:51.0094 7048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:22:51.0113 7048 CLFS - ok
01:22:51.0206 7048 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
01:22:51.0234 7048 CLPSLS - ok
01:22:51.0307 7048 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:22:51.0322 7048 clr_optimization_v2.0.50727_32 - ok
01:22:51.0369 7048 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:22:51.0383 7048 clr_optimization_v2.0.50727_64 - ok
01:22:51.0420 7048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:22:51.0435 7048 clr_optimization_v4.0.30319_32 - ok
01:22:51.0477 7048 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:22:51.0492 7048 clr_optimization_v4.0.30319_64 - ok
01:22:51.0531 7048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:22:51.0548 7048 CmBatt - ok
01:22:51.0669 7048 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
01:22:51.0720 7048 cmdAgent - ok
01:22:51.0762 7048 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
01:22:51.0776 7048 cmderd - ok
01:22:51.0806 7048 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
01:22:51.0826 7048 cmdGuard - ok
01:22:51.0841 7048 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
01:22:51.0856 7048 cmdHlp - ok
01:22:51.0877 7048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:22:51.0892 7048 cmdide - ok
01:22:51.0936 7048 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
01:22:51.0961 7048 CNG - ok
01:22:51.0971 7048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:22:51.0986 7048 Compbatt - ok
01:22:52.0007 7048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:22:52.0026 7048 CompositeBus - ok
01:22:52.0029 7048 COMSysApp - ok
01:22:52.0062 7048 cpuz130 - ok
01:22:52.0065 7048 cpuz132 - ok
01:22:52.0079 7048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:22:52.0095 7048 crcdisk - ok
01:22:52.0118 7048 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:22:52.0136 7048 CryptSvc - ok
01:22:52.0169 7048 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:22:52.0190 7048 CSC - ok
01:22:52.0226 7048 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:22:52.0249 7048 CscService - ok
01:22:52.0309 7048 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) d:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
01:22:52.0322 7048 DAUpdaterSvc - ok
01:22:52.0358 7048 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:22:52.0400 7048 DcomLaunch - ok
01:22:52.0433 7048 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:22:52.0472 7048 defragsvc - ok
01:22:52.0500 7048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:22:52.0535 7048 DfsC - ok
01:22:52.0556 7048 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
01:22:52.0570 7048 dgderdrv - ok
01:22:52.0819 7048 dgdersvc (10b8f89d146d0e20b1284d47bb4ec6c9) C:\Windows\SysWOW64\dgdersvc.exe
01:22:52.0834 7048 dgdersvc - ok
01:22:52.0858 7048 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:22:52.0895 7048 Dhcp - ok
01:22:52.0905 7048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:22:52.0941 7048 discache - ok
01:22:52.0946 7048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:22:52.0962 7048 Disk - ok
01:22:52.0991 7048 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:22:53.0009 7048 Dnscache - ok
01:22:53.0034 7048 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:22:53.0069 7048 dot3svc - ok
01:22:53.0094 7048 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:22:53.0129 7048 DPS - ok
01:22:53.0153 7048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:22:53.0172 7048 drmkaud - ok
01:22:53.0227 7048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:53.0253 7048 DXGKrnl - ok
01:22:53.0280 7048 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:22:53.0316 7048 EapHost - ok
01:22:53.0446 7048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:22:53.0492 7048 ebdrv - ok
01:22:53.0555 7048 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:22:53.0573 7048 EFS - ok
01:22:53.0634 7048 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:22:53.0657 7048 ehRecvr - ok
01:22:53.0677 7048 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:22:53.0696 7048 ehSched - ok
01:22:53.0725 7048 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
01:22:53.0740 7048 ElbyCDFL - ok
01:22:53.0767 7048 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
01:22:53.0782 7048 ElbyCDIO - ok
01:22:53.0818 7048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:22:53.0839 7048 elxstor - ok
01:22:53.0858 7048 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
01:22:53.0873 7048 ENTECH64 - ok
01:22:53.0899 7048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:22:53.0917 7048 ErrDev - ok
01:22:53.0956 7048 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:22:53.0995 7048 EventSystem - ok
01:22:54.0018 7048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:22:54.0056 7048 exfat - ok
01:22:54.0078 7048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:22:54.0114 7048 fastfat - ok
01:22:54.0165 7048 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:22:54.0199 7048 Fax - ok
01:22:54.0213 7048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:22:54.0230 7048 fdc - ok
01:22:54.0247 7048 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:22:54.0282 7048 fdPHost - ok
01:22:54.0293 7048 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:22:54.0330 7048 FDResPub - ok
01:22:54.0344 7048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:22:54.0360 7048 FileInfo - ok
01:22:54.0375 7048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:22:54.0410 7048 Filetrace - ok
01:22:54.0417 7048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:22:54.0435 7048 flpydisk - ok
01:22:54.0448 7048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:22:54.0466 7048 FltMgr - ok
01:22:54.0539 7048 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:22:54.0565 7048 FontCache - ok
01:22:54.0644 7048 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:22:54.0658 7048 FontCache3.0.0.0 - ok
01:22:54.0672 7048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:22:54.0688 7048 FsDepends - ok
01:22:54.0709 7048 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:54.0725 7048 Fs_Rec - ok
01:22:54.0749 7048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:22:54.0769 7048 fvevol - ok
01:22:54.0780 7048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:22:54.0796 7048 gagp30kx - ok
01:22:54.0823 7048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:22:54.0836 7048 GEARAspiWDM - ok
01:22:54.0891 7048 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:22:54.0931 7048 gpsvc - ok
01:22:54.0985 7048 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:55.0002 7048 gupdate - ok
01:22:55.0005 7048 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:55.0020 7048 gupdatem - ok
01:22:55.0041 7048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:22:55.0058 7048 hcw85cir - ok
01:22:55.0086 7048 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:22:55.0108 7048 HdAudAddService - ok
01:22:55.0128 7048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:22:55.0148 7048 HDAudBus - ok
01:22:55.0168 7048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:22:55.0185 7048 HidBatt - ok
01:22:55.0204 7048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:22:55.0224 7048 HidBth - ok
01:22:55.0244 7048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:22:55.0264 7048 HidIr - ok
01:22:55.0281 7048 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:22:55.0317 7048 hidserv - ok
01:22:55.0346 7048 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:55.0364 7048 HidUsb - ok
01:22:55.0388 7048 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:22:55.0424 7048 hkmsvc - ok
01:22:55.0453 7048 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:22:55.0473 7048 HomeGroupListener - ok
01:22:55.0495 7048 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:22:55.0514 7048 HomeGroupProvider - ok
01:22:55.0537 7048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:22:55.0553 7048 HpSAMD - ok
01:22:55.0604 7048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:22:55.0644 7048 HTTP - ok
01:22:55.0648 7048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:22:55.0664 7048 hwpolicy - ok
01:22:55.0680 7048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:22:55.0697 7048 i8042prt - ok
01:22:55.0734 7048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:22:55.0753 7048 iaStorV - ok
01:22:55.0793 7048 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:22:55.0816 7048 idsvc - ok
01:22:55.0822 7048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:22:55.0838 7048 iirsp - ok
01:22:55.0889 7048 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:22:55.0930 7048 IKEEXT - ok
01:22:55.0962 7048 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
01:22:55.0978 7048 inspect - ok
01:22:55.0991 7048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:22:56.0006 7048 intelide - ok
01:22:56.0022 7048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:56.0041 7048 intelppm - ok
01:22:56.0048 7048 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:22:56.0086 7048 IPBusEnum - ok
01:22:56.0113 7048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:56.0147 7048 IpFilterDriver - ok
01:22:56.0192 7048 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:22:56.0231 7048 iphlpsvc - ok
01:22:56.0249 7048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:22:56.0267 7048 IPMIDRV - ok
01:22:56.0288 7048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:22:56.0324 7048 IPNAT - ok
01:22:56.0398 7048 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
01:22:56.0421 7048 iPod Service - ok
01:22:56.0434 7048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:22:56.0454 7048 IRENUM - ok
01:22:56.0471 7048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:22:56.0486 7048 isapnp - ok
01:22:56.0508 7048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:22:56.0527 7048 iScsiPrt - ok
01:22:56.0558 7048 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
01:22:56.0572 7048 ivusb - ok
01:22:56.0578 7048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:56.0594 7048 kbdclass - ok
01:22:56.0607 7048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:56.0625 7048 kbdhid - ok
01:22:56.0651 7048 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:56.0669 7048 KeyIso - ok
01:22:56.0695 7048 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
01:22:56.0713 7048 KL1 - ok
01:22:56.0735 7048 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
01:22:56.0749 7048 kl2 - ok
01:22:56.0780 7048 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
01:22:56.0799 7048 KLIF - ok
01:22:56.0818 7048 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
01:22:56.0831 7048 KLIM6 - ok
01:22:56.0848 7048 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
01:22:56.0862 7048 klmouflt - ok
01:22:56.0886 7048 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
01:22:56.0903 7048 KSecDD - ok
01:22:56.0929 7048 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
01:22:56.0946 7048 KSecPkg - ok
01:22:56.0969 7048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:22:57.0005 7048 ksthunk - ok
01:22:57.0033 7048 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:22:57.0072 7048 KtmRm - ok
01:22:57.0098 7048 L8042Kbd (7d80a55b6d0c2a54728158e846f4696d) C:\Windows\system32\DRIVERS\L8042Kbd.sys
01:22:57.0113 7048 L8042Kbd - ok
01:22:57.0139 7048 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:22:57.0176 7048 LanmanServer - ok
01:22:57.0199 7048 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:22:57.0236 7048 LanmanWorkstation - ok
01:22:57.0313 7048 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:22:57.0331 7048 LBTServ - ok
01:22:57.0350 7048 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:22:57.0365 7048 LHidFilt - ok
01:22:57.0397 7048 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
01:22:57.0412 7048 lirsgt - ok
01:22:57.0423 7048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:22:57.0458 7048 lltdio - ok
01:22:57.0489 7048 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:22:57.0526 7048 lltdsvc - ok
01:22:57.0542 7048 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:22:57.0577 7048 lmhosts - ok
01:22:57.0593 7048 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:22:57.0608 7048 LMouFilt - ok
01:22:57.0630 7048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:22:57.0646 7048 LSI_FC - ok
01:22:57.0666 7048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:22:57.0684 7048 LSI_SAS - ok
01:22:57.0703 7048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:22:57.0722 7048 LSI_SAS2 - ok
01:22:57.0730 7048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:22:57.0747 7048 LSI_SCSI - ok
01:22:57.0755 7048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:22:57.0791 7048 luafv - ok
01:22:57.0816 7048 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:22:57.0834 7048 Mcx2Svc - ok
01:22:57.0850 7048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:22:57.0866 7048 megasas - ok
01:22:57.0895 7048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:22:57.0913 7048 MegaSR - ok
01:22:57.0962 7048 Microsoft SharePoint Workspace Audit Service - ok
01:22:57.0974 7048 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:22:58.0011 7048 MMCSS - ok
01:22:58.0031 7048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:22:58.0065 7048 Modem - ok
01:22:58.0092 7048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:22:58.0112 7048 monitor - ok
01:22:58.0146 7048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:22:58.0161 7048 mouclass - ok
01:22:58.0176 7048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:22:58.0194 7048 mouhid - ok
01:22:58.0207 7048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:22:58.0223 7048 mountmgr - ok
01:22:58.0262 7048 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:22:58.0277 7048 MozillaMaintenance - ok
01:22:58.0310 7048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:22:58.0327 7048 mpio - ok
01:22:58.0341 7048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:22:58.0376 7048 mpsdrv - ok
01:22:58.0431 7048 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:22:58.0472 7048 MpsSvc - ok
01:22:58.0507 7048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:22:58.0529 7048 MRxDAV - ok
01:22:58.0547 7048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:22:58.0564 7048 mrxsmb - ok
01:22:58.0591 7048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:22:58.0610 7048 mrxsmb10 - ok
01:22:58.0621 7048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:22:58.0638 7048 mrxsmb20 - ok
01:22:58.0656 7048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:22:58.0672 7048 msahci - ok
01:22:58.0689 7048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:22:58.0705 7048 msdsm - ok
01:22:58.0731 7048 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:22:58.0752 7048 MSDTC - ok
01:22:58.0763 7048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:22:58.0798 7048 Msfs - ok
01:22:58.0809 7048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:22:58.0843 7048 mshidkmdf - ok
01:22:58.0863 7048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:22:58.0878 7048 msisadrv - ok
01:22:58.0908 7048 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:22:58.0945 7048 MSiSCSI - ok
01:22:58.0950 7048 msiserver - ok
01:22:58.0967 7048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:22:59.0003 7048 MSKSSRV - ok
01:22:59.0018 7048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:22:59.0056 7048 MSPCLOCK - ok
01:22:59.0064 7048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:22:59.0099 7048 MSPQM - ok
01:22:59.0135 7048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:22:59.0154 7048 MsRPC - ok
01:22:59.0169 7048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:22:59.0185 7048 mssmbios - ok
01:22:59.0239 7048 MSSQL$SQLEXPRESS - ok
01:22:59.0287 7048 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
01:22:59.0302 7048 MSSQLServerADHelper100 - ok
01:22:59.0307 7048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:22:59.0342 7048 MSTEE - ok
01:22:59.0353 7048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:22:59.0369 7048 MTConfig - ok
01:22:59.0396 7048 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
01:22:59.0410 7048 MTsensor - ok
01:22:59.0423 7048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:22:59.0439 7048 Mup - ok
01:22:59.0477 7048 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:22:59.0514 7048 napagent - ok
01:22:59.0541 7048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:22:59.0564 7048 NativeWifiP - ok
01:22:59.0658 7048 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
01:22:59.0680 7048 NBService - ok
01:22:59.0730 7048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:22:59.0756 7048 NDIS - ok
01:22:59.0771 7048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:22:59.0807 7048 NdisCap - ok
01:22:59.0820 7048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:22:59.0855 7048 NdisTapi - ok
01:22:59.0884 7048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:22:59.0918 7048 Ndisuio - ok
01:22:59.0942 7048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:22:59.0977 7048 NdisWan - ok
01:23:00.0000 7048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:23:00.0034 7048 NDProxy - ok
01:23:00.0041 7048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:23:00.0076 7048 NetBIOS - ok
01:23:00.0095 7048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:23:00.0130 7048 NetBT - ok
01:23:00.0155 7048 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:00.0173 7048 Netlogon - ok
01:23:00.0203 7048 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:23:00.0243 7048 Netman - ok
01:23:00.0316 7048 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0330 7048 NetMsmqActivator - ok
01:23:00.0334 7048 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0349 7048 NetPipeActivator - ok
01:23:00.0378 7048 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:23:00.0419 7048 netprofm - ok
01:23:00.0424 7048 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0439 7048 NetTcpActivator - ok
01:23:00.0444 7048 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0459 7048 NetTcpPortSharing - ok
01:23:00.0498 7048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:23:00.0514 7048 nfrd960 - ok
01:23:00.0547 7048 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:23:00.0584 7048 NlaSvc - ok
01:23:00.0627 7048 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
01:23:00.0642 7048 NMIndexingService - ok
01:23:00.0649 7048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:23:00.0685 7048 Npfs - ok
01:23:00.0710 7048 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:23:00.0747 7048 nsi - ok
01:23:00.0752 7048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:23:00.0788 7048 nsiproxy - ok
01:23:00.0858 7048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:23:00.0892 7048 Ntfs - ok
01:23:00.0965 7048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:23:01.0000 7048 Null - ok
01:23:01.0031 7048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:23:01.0048 7048 nvraid - ok
01:23:01.0070 7048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:23:01.0087 7048 nvstor - ok
01:23:01.0101 7048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:23:01.0118 7048 nv_agp - ok
01:23:01.0136 7048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:23:01.0154 7048 ohci1394 - ok
01:23:01.0196 7048 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:23:01.0211 7048 ose64 - ok
01:23:01.0390 7048 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:23:01.0465 7048 osppsvc - ok
01:23:01.0527 7048 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:01.0548 7048 p2pimsvc - ok
01:23:01.0574 7048 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:23:01.0595 7048 p2psvc - ok
01:23:01.0621 7048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:23:01.0639 7048 Parport - ok
01:23:01.0702 7048 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:23:01.0718 7048 partmgr - ok
01:23:01.0735 7048 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:23:01.0758 7048 PcaSvc - ok
01:23:01.0772 7048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:23:01.0789 7048 pci - ok
01:23:01.0804 7048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:23:01.0819 7048 pciide - ok
01:23:01.0857 7048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:23:01.0875 7048 pcmcia - ok
01:23:01.0882 7048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:23:01.0898 7048 pcw - ok
01:23:01.0936 7048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:23:01.0977 7048 PEAUTH - ok
01:23:02.0048 7048 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:23:02.0077 7048 PeerDistSvc - ok
01:23:02.0123 7048 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:23:02.0142 7048 PerfHost - ok
01:23:02.0254 7048 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:23:02.0301 7048 pla - ok
01:23:02.0358 7048 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
01:23:02.0364 7048 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
01:23:02.0365 7048 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
01:23:02.0438 7048 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:23:02.0460 7048 PlugPlay - ok
01:23:02.0480 7048 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:23:02.0499 7048 PNRPAutoReg - ok
01:23:02.0520 7048 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:02.0541 7048 PNRPsvc - ok
01:23:02.0578 7048 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:23:02.0617 7048 PolicyAgent - ok
01:23:02.0632 7048 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:23:02.0669 7048 Power - ok
01:23:02.0694 7048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:23:02.0729 7048 PptpMiniport - ok
01:23:02.0748 7048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:23:02.0767 7048 Processor - ok
01:23:02.0807 7048 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:23:02.0839 7048 ProfSvc - ok
01:23:02.0855 7048 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:02.0873 7048 ProtectedStorage - ok
01:23:02.0914 7048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:23:02.0949 7048 Psched - ok
01:23:02.0962 7048 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:23:02.0976 7048 PxHlpa64 - ok
01:23:03.0047 7048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:23:03.0082 7048 ql2300 - ok
01:23:03.0130 7048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:23:03.0146 7048 ql40xx - ok
01:23:03.0178 7048 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:23:03.0201 7048 QWAVE - ok
01:23:03.0221 7048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:23:03.0241 7048 QWAVEdrv - ok
01:23:03.0262 7048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:23:03.0298 7048 RasAcd - ok
01:23:03.0323 7048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:23:03.0359 7048 RasAgileVpn - ok
01:23:03.0388 7048 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:23:03.0425 7048 RasAuto - ok
01:23:03.0435 7048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:23:03.0471 7048 Rasl2tp - ok
01:23:03.0512 7048 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:23:03.0550 7048 RasMan - ok
01:23:03.0558 7048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:23:03.0594 7048 RasPppoe - ok
01:23:03.0602 7048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:23:03.0639 7048 RasSstp - ok
01:23:03.0663 7048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:23:03.0699 7048 rdbss - ok
01:23:03.0706 7048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:23:03.0726 7048 rdpbus - ok
01:23:03.0739 7048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:23:03.0773 7048 RDPCDD - ok
01:23:03.0802 7048 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:23:03.0820 7048 RDPDR - ok
01:23:03.0826 7048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:23:03.0861 7048 RDPENCDD - ok
01:23:03.0871 7048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:23:03.0907 7048 RDPREFMP - ok
01:23:03.0967 7048 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:23:03.0984 7048 RdpVideoMiniport - ok
01:23:04.0020 7048 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:23:04.0038 7048 RDPWD - ok
01:23:04.0065 7048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:23:04.0083 7048 rdyboost - ok
01:23:04.0114 7048 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:23:04.0150 7048 RemoteAccess - ok
01:23:04.0166 7048 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:23:04.0202 7048 RemoteRegistry - ok
01:23:04.0219 7048 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:23:04.0255 7048 RpcEptMapper - ok
01:23:04.0272 7048 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:23:04.0292 7048 RpcLocator - ok
01:23:04.0333 7048 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:23:04.0373 7048 RpcSs - ok
01:23:04.0402 7048 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
01:23:04.0420 7048 RsFx0103 - ok
01:23:04.0439 7048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:23:04.0477 7048 rspndr - ok
01:23:04.0503 7048 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:23:04.0520 7048 s3cap - ok
01:23:04.0547 7048 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:04.0564 7048 SamSs - ok
01:23:04.0588 7048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:23:04.0605 7048 sbp2port - ok
01:23:04.0637 7048 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:23:04.0675 7048 SCardSvr - ok
01:23:04.0695 7048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:23:04.0729 7048 scfilter - ok
01:23:04.0800 7048 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:23:04.0844 7048 Schedule - ok
01:23:04.0872 7048 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:23:04.0906 7048 SCPolicySvc - ok
01:23:04.0932 7048 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:23:04.0951 7048 SDRSVC - ok
01:23:04.0977 7048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:23:05.0012 7048 secdrv - ok
01:23:05.0030 7048 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:23:05.0064 7048 seclogon - ok
01:23:05.0084 7048 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:23:05.0121 7048 SENS - ok
01:23:05.0134 7048 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:23:05.0164 7048 SensrSvc - ok
01:23:05.0178 7048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:23:05.0195 7048 Serenum - ok
01:23:05.0219 7048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:23:05.0236 7048 Serial - ok
01:23:05.0273 7048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:23:05.0291 7048 sermouse - ok
01:23:05.0552 7048 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:23:05.0589 7048 SessionEnv - ok
01:23:05.0620 7048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:23:05.0640 7048 sffdisk - ok
01:23:05.0659 7048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:23:05.0679 7048 sffp_mmc - ok
01:23:05.0694 7048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:23:05.0714 7048 sffp_sd - ok
01:23:05.0726 7048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:23:05.0745 7048 sfloppy - ok
01:23:05.0797 7048 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:23:05.0836 7048 SharedAccess - ok
01:23:05.0880 7048 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:23:05.0919 7048 ShellHWDetection - ok
01:23:05.0937 7048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:23:05.0953 7048 SiSRaid2 - ok
01:23:05.0979 7048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:23:05.0996 7048 SiSRaid4 - ok
01:23:06.0016 7048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:23:06.0051 7048 Smb - ok
01:23:06.0079 7048 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:23:06.0098 7048 SNMPTRAP - ok
01:23:06.0111 7048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:23:06.0127 7048 spldr - ok
01:23:06.0161 7048 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:23:06.0200 7048 Spooler - ok
01:23:06.0338 7048 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:23:06.0406 7048 sppsvc - ok
01:23:06.0475 7048 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:23:06.0513 7048 sppuinotify - ok
01:23:06.0573 7048 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
01:23:06.0598 7048 sptd - ok
01:23:06.0690 7048 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
01:23:06.0709 7048 SQLAgent$SQLEXPRESS - ok
01:23:06.0769 7048 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:23:06.0785 7048 SQLBrowser - ok
01:23:06.0831 7048 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:23:06.0847 7048 SQLWriter - ok
01:23:06.0905 7048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:23:06.0925 7048 srv - ok
01:23:06.0945 7048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:23:06.0966 7048 srv2 - ok
01:23:06.0978 7048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:23:06.0997 7048 srvnet - ok
01:23:07.0021 7048 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
01:23:07.0040 7048 ssadbus - ok
01:23:07.0053 7048 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
01:23:07.0071 7048 ssadmdfl - ok
01:23:07.0093 7048 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
01:23:07.0113 7048 ssadmdm - ok
01:23:07.0138 7048 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:23:07.0177 7048 SSDPSRV - ok
01:23:07.0199 7048 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:23:07.0238 7048 SstpSvc - ok
01:23:07.0254 7048 Steam Client Service - ok
01:23:07.0267 7048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:23:07.0284 7048 stexstor - ok
01:23:07.0323 7048 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:23:07.0351 7048 stisvc - ok
01:23:07.0371 7048 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:23:07.0387 7048 storflt - ok
01:23:07.0404 7048 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:23:07.0420 7048 storvsc - ok
01:23:07.0433 7048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:23:07.0449 7048 swenum - ok
01:23:07.0504 7048 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:23:07.0517 7048 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
01:23:07.0517 7048 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
01:23:07.0551 7048 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:23:07.0592 7048 swprv - ok
01:23:07.0599 7048 Synth3dVsc - ok
01:23:07.0696 7048 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:23:07.0734 7048 SysMain - ok
01:23:07.0767 7048 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:23:07.0790 7048 TabletInputService - ok
01:23:07.0821 7048 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:23:07.0860 7048 TapiSrv - ok
01:23:07.0874 7048 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:23:07.0911 7048 TBS - ok
01:23:07.0985 7048 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:23:08.0024 7048 Tcpip - ok
01:23:08.0128 7048 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:23:08.0166 7048 TCPIP6 - ok
01:23:08.0212 7048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:23:08.0247 7048 tcpipreg - ok
01:23:08.0272 7048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:23:08.0289 7048 TDPIPE - ok
01:23:08.0318 7048 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:23:08.0335 7048 TDTCP - ok
01:23:08.0376 7048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:23:08.0414 7048 tdx - ok
01:23:08.0422 7048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:23:08.0439 7048 TermDD - ok
01:23:08.0477 7048 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:23:08.0518 7048 TermService - ok
01:23:08.0542 7048 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
01:23:08.0557 7048 TFsExDisk - ok
01:23:08.0570 7048 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:23:08.0593 7048 Themes - ok
01:23:08.0624 7048 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:23:08.0661 7048 THREADORDER - ok
01:23:08.0681 7048 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:23:08.0719 7048 TrkWks - ok
01:23:08.0736 7048 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:23:08.0771 7048 TrustedInstaller - ok
01:23:08.0811 7048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:23:08.0845 7048 tssecsrv - ok
01:23:08.0868 7048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:23:08.0885 7048 TsUsbFlt - ok
01:23:08.0892 7048 tsusbhub - ok
01:23:09.0017 7048 TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
01:23:09.0055 7048 TuneUp.UtilitiesSvc - ok
01:23:09.0075 7048 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
01:23:09.0089 7048 TuneUpUtilitiesDrv - ok
01:23:09.0124 7048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:23:09.0159 7048 tunnel - ok
01:23:09.0179 7048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:23:09.0195 7048 uagp35 - ok
01:23:09.0227 7048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:23:09.0264 7048 udfs - ok
01:23:09.0290 7048 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:23:09.0310 7048 UI0Detect - ok
01:23:09.0328 7048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:23:09.0345 7048 uliagpkx - ok
01:23:09.0369 7048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:23:09.0387 7048 umbus - ok
01:23:09.0403 7048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:23:09.0421 7048 UmPass - ok
01:23:09.0451 7048 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:23:09.0472 7048 UmRdpService - ok
01:23:09.0507 7048 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:23:09.0546 7048 upnphost - ok
01:23:09.0569 7048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:23:09.0587 7048 usbccgp - ok
01:23:09.0625 7048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:23:09.0645 7048 usbcir - ok
01:23:09.0662 7048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:23:09.0680 7048 usbehci - ok
01:23:09.0698 7048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:23:09.0718 7048 usbhub - ok
01:23:09.0742 7048 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:23:09.0760 7048 usbohci - ok
01:23:09.0773 7048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:23:09.0795 7048 usbprint - ok
01:23:09.0819 7048 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:23:09.0839 7048 usbscan - ok
01:23:09.0865 7048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:09.0882 7048 USBSTOR - ok
01:23:09.0910 7048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
01:23:09.0926 7048 usbuhci - ok
01:23:09.0950 7048 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:23:09.0986 7048 UxSms - ok
01:23:10.0007 7048 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:10.0026 7048 VaultSvc - ok
01:23:10.0051 7048 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
01:23:10.0066 7048 VClone - ok
01:23:10.0074 7048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:23:10.0090 7048 vdrvroot - ok
01:23:10.0134 7048 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:23:10.0174 7048 vds - ok
01:23:10.0186 7048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:23:10.0205 7048 vga - ok
01:23:10.0218 7048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:23:10.0253 7048 VgaSave - ok
01:23:10.0260 7048 VGPU - ok
01:23:10.0295 7048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:23:10.0313 7048 vhdmp - ok
01:23:10.0337 7048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:23:10.0353 7048 viaide - ok
01:23:10.0367 7048 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:23:10.0385 7048 vmbus - ok
01:23:10.0403 7048 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:23:10.0420 7048 VMBusHID - ok
01:23:10.0431 7048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:23:10.0447 7048 volmgr - ok
01:23:10.0481 7048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:23:10.0501 7048 volmgrx - ok
01:23:10.0518 7048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:23:10.0537 7048 volsnap - ok
01:23:10.0759 7048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:23:10.0778 7048 vsmraid - ok
01:23:10.0901 7048 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
01:23:10.0915 7048 VSPerfDrv100 - ok
01:23:10.0987 7048 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:23:11.0036 7048 VSS - ok
01:23:11.0129 7048 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
01:23:11.0154 7048 vToolbarUpdater11.2.0 - ok
01:23:11.0233 7048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:23:11.0252 7048 vwifibus - ok
01:23:11.0292 7048 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:23:11.0330 7048 W32Time - ok
01:23:11.0350 7048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:23:11.0369 7048 WacomPen - ok
01:23:11.0386 7048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:11.0420 7048 WANARP - ok
01:23:11.0427 7048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:11.0461 7048 Wanarpv6 - ok
01:23:11.0535 7048 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:23:11.0566 7048 wbengine - ok
01:23:11.0610 7048 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:23:11.0635 7048 WbioSrvc - ok
01:23:11.0659 7048 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:23:11.0684 7048 wcncsvc - ok
01:23:11.0697 7048 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:23:11.0729 7048 WcsPlugInService - ok
01:23:11.0754 7048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:23:11.0770 7048 Wd - ok
01:23:11.0808 7048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:23:11.0831 7048 Wdf01000 - ok
01:23:11.0854 7048 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:11.0878 7048 WdiServiceHost - ok
01:23:11.0885 7048 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:11.0909 7048 WdiSystemHost - ok
01:23:11.0939 7048 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:23:11.0964 7048 WebClient - ok
01:23:11.0996 7048 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:23:12.0034 7048 Wecsvc - ok
01:23:12.0057 7048 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:23:12.0095 7048 wercplsupport - ok
01:23:12.0117 7048 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:23:12.0157 7048 WerSvc - ok
01:23:12.0173 7048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:23:12.0209 7048 WfpLwf - ok
01:23:12.0228 7048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:23:12.0244 7048 WIMMount - ok
01:23:12.0252 7048 WinDefend - ok
01:23:12.0272 7048 WinHttpAutoProxySvc - ok
01:23:12.0341 7048 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:23:12.0378 7048 Winmgmt - ok
01:23:12.0473 7048 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:23:12.0526 7048 WinRM - ok
01:23:12.0607 7048 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:23:12.0627 7048 WinUsb - ok
01:23:12.0683 7048 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:23:12.0713 7048 Wlansvc - ok
01:23:12.0731 7048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:23:12.0748 7048 WmiAcpi - ok
01:23:12.0787 7048 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:23:12.0807 7048 wmiApSrv - ok
01:23:12.0820 7048 WMPNetworkSvc - ok
01:23:12.0837 7048 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:23:12.0857 7048 WPCSvc - ok
01:23:12.0882 7048 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:23:12.0903 7048 WPDBusEnum - ok
01:23:12.0938 7048 WPFFontCache_v0400 - ok
01:23:12.0957 7048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:23:12.0994 7048 ws2ifsl - ok
01:23:13.0017 7048 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
01:23:13.0041 7048 wscsvc - ok
01:23:13.0049 7048 WSearch - ok
01:23:13.0177 7048 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:23:13.0223 7048 wuauserv - ok
01:23:13.0283 7048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:23:13.0318 7048 WudfPf - ok
01:23:13.0344 7048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:23:13.0380 7048 WUDFRd - ok
01:23:13.0393 7048 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:23:13.0430 7048 wudfsvc - ok
01:23:13.0455 7048 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:23:13.0479 7048 WwanSvc - ok
01:23:13.0528 7048 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
01:23:13.0561 7048 yukonw7 - ok
01:23:13.0575 7048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:23:13.0825 7048 \Device\Harddisk0\DR0 - ok
01:23:14.0386 7048 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
01:23:14.0454 7048 \Device\Harddisk1\DR1 - ok
01:23:14.0456 7048 Boot (0x1200) (8b5a34ebe9d99b0c4d314aef9413df4c) \Device\Harddisk0\DR0\Partition0
01:23:14.0457 7048 \Device\Harddisk0\DR0\Partition0 - ok
01:23:14.0463 7048 Boot (0x1200) (b8cc99e2a928b98ad2ba0031f6ac398c) \Device\Harddisk0\DR0\Partition1
01:23:14.0464 7048 \Device\Harddisk0\DR0\Partition1 - ok
01:23:14.0472 7048 Boot (0x1200) (afe4928df62ef707e48aeda5e3b390f2) \Device\Harddisk0\DR0\Partition2
01:23:14.0474 7048 \Device\Harddisk0\DR0\Partition2 - ok
01:23:14.0489 7048 Boot (0x1200) (adce4d9f1b2212db9cac9c1a3c5c6309) \Device\Harddisk0\DR0\Partition3
01:23:14.0490 7048 \Device\Harddisk0\DR0\Partition3 - ok
01:23:14.0492 7048 Boot (0x1200) (ab8649a553ec7da82db52ad79994770a) \Device\Harddisk1\DR1\Partition0
01:23:14.0493 7048 \Device\Harddisk1\DR1\Partition0 - ok
01:23:14.0494 7048 ============================================================
01:23:14.0494 7048 Scan finished
01:23:14.0494 7048 ============================================================
01:23:14.0500 2696 Detected object count: 2
01:23:14.0500 2696 Actual detected object count: 2
01:24:12.0431 2696 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:24:12.0431 2696 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:24:12.0433 2696 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
01:24:12.0433 2696 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:24:14.0572 0236 Deinitialize success
nach dem ich wieder zu hause war und den rechner angeschaltet habe wurde vom system aus ScanDisk ausgeführt. -schwarzer Screen -ScanDisk Fortschritt wurde angezeigt -danach hat der Rechner ganz normal wieder hochgefahren wo finde ich die Logs von diesem Scan? Damit ich den posten kann falls er relevant ist. Geändert von Seraphim137 (22.07.2012 um 18:03 Uhr) |
|
24.07.2012, 00:47
| #17 |
| /// Helfer-Team  | Battle.net-Acc wurde gehackt nach Echtgeldeinkauf CustomScan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
24.07.2012, 11:43
| #18 |
| | Battle.net-Acc wurde gehackt nach Echtgeldeinkauf so hier is es.
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.07.2012 12:14:19 - Run 5 OTL by OldTimer - Version 3.2.54.1 Folder = E:\Eigene Dateien\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,47% Memory free 8,00 Gb Paging File | 5,78 Gb Available in Paging File | 72,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 18,70 Gb Free Space | 19,17% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS Drive E: | 1006,64 Gb Total Space | 941,92 Gb Free Space | 93,57% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 191,33 Gb Free Space | 20,54% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (DAUpdaterSvc) -- d:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 75 1C AA 2E 96 CA 01 [binary data] IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.31 00:47:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 20:57:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:35:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 20:38:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.09.22 17:11:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:35:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M] [2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.19 10:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions [2012.07.15 22:34:06 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e} [2012.04.26 22:12:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.04.11 16:58:54 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\4f8550d2151bf@4f8550d2151c1.info [2010.04.03 21:35:58 | 000,002,055 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\daemon-search.xml [2012.07.22 23:25:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-1.xml [2010.10.31 13:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-2.xml [2010.12.11 21:33:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-3.xml [2011.01.09 21:05:19 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-4.xml [2011.03.05 18:26:32 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-5.xml [2011.03.25 08:46:28 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-6.xml [2011.04.16 11:50:18 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-7.xml [2011.06.11 00:31:16 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-8.xml [2011.06.24 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin.xml [2012.06.21 01:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.24 00:56:08 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.08.19 05:58:00 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\mozilla firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} [2012.06.21 01:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2010.09.25 11:51:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2012.06.06 07:05:45 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI [2011.04.16 12:07:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI [2012.05.24 22:38:37 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI [2012.07.18 16:35:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.10.11 20:48:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.11 20:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.11 20:48:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.11 20:48:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 20:48:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 20:48:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011.01.31 01:33:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO) O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found O4 - HKU\S-1-5-18..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3969835353-475460927-3880056956-1000..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe ( ) O4 - HKU\S-1-5-21-3969835353-475460927-3880056956-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO) SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO) SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.20 23:14:28 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- E:\Eigene Dateien\Desktop\TDSSKiller.exe [2012.07.19 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.19 22:03:24 | 002,322,184 | ---- | C] (ESET) -- E:\Eigene Dateien\Desktop\esetsmartinstaller_enu.exe [2012.07.19 10:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.07.19 10:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.07.19 10:41:10 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Anti-Malware [2012.07.19 10:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.07.18 14:07:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\otl stand 1405 [2012.07.18 13:52:26 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Otl stand vor 1350 [2012.07.17 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.17 20:54:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.17 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.17 20:35:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2012.07.17 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.07.06 23:02:33 | 000,000,000 | ---D | C] -- C:\tmp [2012.07.02 16:48:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Eigene G700-Profile [2012.07.02 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logishrd [2012.07.02 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.07.02 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.07.02 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.07.02 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.07.02 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2012.07.02 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Logishrd [2012.06.27 03:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2012.06.27 03:41:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Trine2 [2012.06.27 03:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte [2012.06.27 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11 [2012.06.27 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ABBYY [2012.06.27 00:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2012.06.27 00:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11 [2012.06.25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\COMODO ========== Files - Modified Within 30 Days ========== [2012.07.24 12:02:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2012.07.22 18:56:46 | 000,133,241 | ---- | M] () -- E:\Eigene Dateien\Desktop\TDSSKiller.2.7.46.0_20.07.2012_23.15.03_log-2.rar [2012.07.22 18:43:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 18:43:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 18:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 18:38:13 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012.07.21 01:24:07 | 000,129,946 | ---- | M] () -- E:\Eigene Dateien\Desktop\1234567.PNG [2012.07.21 00:57:45 | 000,567,820 | ---- | M] () -- E:\Eigene Dateien\Desktop\12345.PNG [2012.07.21 00:56:45 | 000,148,908 | ---- | M] () -- E:\Eigene Dateien\Desktop\1.PNG [2012.07.21 00:55:47 | 000,455,273 | ---- | M] () -- E:\Eigene Dateien\Desktop\12.PNG [2012.07.21 00:54:53 | 000,597,179 | ---- | M] () -- E:\Eigene Dateien\Desktop\123456.PNG [2012.07.21 00:53:16 | 000,114,678 | ---- | M] () -- E:\Eigene Dateien\Desktop\1234.PNG [2012.07.21 00:52:47 | 000,126,335 | ---- | M] () -- E:\Eigene Dateien\Desktop\123.PNG [2012.07.20 15:11:48 | 001,808,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.20 15:11:48 | 000,765,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.20 15:11:48 | 000,721,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.20 15:11:48 | 000,174,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.20 15:11:48 | 000,147,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.20 09:31:35 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.07.19 22:03:26 | 002,322,184 | ---- | M] (ESET) -- E:\Eigene Dateien\Desktop\esetsmartinstaller_enu.exe [2012.07.19 10:41:26 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.07.18 16:49:11 | 000,624,883 | ---- | M] () -- E:\Eigene Dateien\Desktop\adwcleaner.exe [2012.07.18 15:34:22 | 000,013,149 | ---- | M] () -- E:\Eigene Dateien\Desktop\hijackthis2 [2012.07.18 13:03:11 | 000,115,735 | ---- | M] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG [2012.07.17 20:42:00 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable [2012.07.17 20:12:57 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe [2012.07.16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- E:\Eigene Dateien\Desktop\TDSSKiller.exe [2012.07.16 17:46:11 | 000,010,545 | ---- | M] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg [2012.07.12 07:27:14 | 004,991,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.05 14:07:13 | 000,522,059 | ---- | M] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg [2012.07.05 14:03:56 | 000,392,357 | ---- | M] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg [2012.07.05 14:01:57 | 000,033,242 | ---- | M] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg [2012.07.04 14:47:39 | 000,081,278 | ---- | M] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.27 19:29:54 | 000,002,727 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel [2012.06.27 03:31:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk [2012.06.27 03:17:49 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2012.06.27 00:10:59 | 374,873,708 | ---- | M] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe ========== Files Created - No Company Name ========== [2012.07.22 18:57:05 | 000,133,241 | ---- | C] () -- E:\Eigene Dateien\Desktop\TDSSKiller.2.7.46.0_20.07.2012_23.15.03_log-2.rar [2012.07.21 01:24:07 | 000,129,946 | ---- | C] () -- E:\Eigene Dateien\Desktop\1234567.PNG [2012.07.21 00:57:45 | 000,567,820 | ---- | C] () -- E:\Eigene Dateien\Desktop\12345.PNG [2012.07.21 00:56:45 | 000,148,908 | ---- | C] () -- E:\Eigene Dateien\Desktop\1.PNG [2012.07.21 00:55:46 | 000,455,273 | ---- | C] () -- E:\Eigene Dateien\Desktop\12.PNG [2012.07.21 00:54:53 | 000,597,179 | ---- | C] () -- E:\Eigene Dateien\Desktop\123456.PNG [2012.07.21 00:53:16 | 000,114,678 | ---- | C] () -- E:\Eigene Dateien\Desktop\1234.PNG [2012.07.21 00:52:47 | 000,126,335 | ---- | C] () -- E:\Eigene Dateien\Desktop\123.PNG [2012.07.19 10:41:25 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.07.18 16:49:10 | 000,624,883 | ---- | C] () -- E:\Eigene Dateien\Desktop\adwcleaner.exe [2012.07.18 15:34:22 | 000,013,149 | ---- | C] () -- E:\Eigene Dateien\Desktop\hijackthis2 [2012.07.18 13:03:11 | 000,115,735 | ---- | C] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG [2012.07.17 20:42:00 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable [2012.07.17 20:12:56 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe [2012.07.16 17:46:10 | 000,010,545 | ---- | C] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg [2012.07.05 14:07:12 | 000,522,059 | ---- | C] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg [2012.07.05 14:03:55 | 000,392,357 | ---- | C] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg [2012.07.05 14:01:51 | 000,033,242 | ---- | C] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg [2012.07.04 14:47:34 | 000,081,278 | ---- | C] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg [2012.06.27 19:29:54 | 000,002,727 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel [2012.06.27 03:31:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk [2012.06.27 03:17:49 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2012.06.27 00:10:59 | 374,873,708 | ---- | C] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe [2011.12.21 20:00:48 | 000,001,044 | ---- | C] () -- C:\Users\Andreas\SciTE.session [2011.11.27 21:39:21 | 086,933,066 | ---- | C] () -- C:\Users\Andreas\stricheSymetrisch.xcf [2011.11.20 17:04:58 | 049,994,484 | ---- | C] () -- C:\Users\Andreas\Kreis6Abstract.xcf [2011.07.24 17:40:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\SuhfhvvMxq455337.dat [2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\ShvwxduvMxq455337.dat [2011.03.28 15:52:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.06 15:22:46 | 000,001,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.02.05 02:41:03 | 000,000,132 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.31 21:51:25 | 000,000,062 | ---- | C] () -- C:\Windows\Contribute.INI [2011.01.16 17:29:49 | 000,000,938 | ---- | C] () -- C:\Windows\page.ini [2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.09.28 20:39:33 | 000,019,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\WebpageIcons.db [2010.09.28 20:09:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.09.28 20:09:38 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.09.28 20:09:38 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.08.10 02:29:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.03.10 10:39:38 | 000,007,597 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg [2010.01.21 14:13:11 | 000,217,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon [2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor [2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games [2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder [2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation [2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules [2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer [2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro [2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre [2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design [2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe [2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite [2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro [2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON [2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla [2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ [2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn [2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView [2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media [2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder [2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy [2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg [2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball [2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++ [2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu [2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC [2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder [2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung [2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite [2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player [2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2 [2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software [2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft [2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool [2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd [2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de [2012.01.10 21:56:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon [2011.02.06 15:37:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe [2011.10.07 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ahead [2010.06.28 11:25:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer [2010.01.16 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ATI [2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor [2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games [2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder [2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation [2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules [2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer [2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro [2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre [2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design [2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe [2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite [2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro [2010.05.25 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DivX [2012.06.05 01:19:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVD Flick [2012.06.20 06:54:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\dvdcss [2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON [2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla [2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ [2010.01.15 23:41:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities [2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn [2010.01.22 03:52:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\InstallShield [2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView [2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media [2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2012.07.02 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logishrd [2012.07.02 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logitech [2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder [2010.01.15 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia [2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy [2012.07.17 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs [2012.06.22 02:46:17 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft [2011.03.05 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft Corporation [2010.01.16 00:08:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla [2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg [2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball [2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++ [2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu [2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC [2011.02.17 08:55:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RealWorld [2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder [2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung [2010.01.19 16:12:12 | 000,000,000 | RH-D | M] -- C:\Users\Andreas\AppData\Roaming\SecuROM [2011.09.05 01:17:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype [2011.07.26 16:40:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM [2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite [2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player [2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2 [2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software [2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft [2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool [2012.07.11 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\vlc [2011.02.28 03:54:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Winamp [2010.01.16 07:06:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WinRAR [2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd [2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de [2010.08.10 02:28:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2010.05.11 02:01:36 | 000,272,384 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe [2011.01.31 00:41:19 | 000,010,134 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe [2011.10.23 17:06:49 | 000,088,102 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{0507A8FD-AA20-7691-C2AA-CDE6B5182675}\ARPPRODUCTICON.exe [2011.02.17 08:55:29 | 000,124,902 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe [2011.02.17 08:55:29 | 000,009,062 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe [2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe [2011.02.17 08:55:29 | 000,124,902 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe [2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe [2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe [2010.02.01 03:25:53 | 000,010,134 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.04.13 15:48:33 | 000,188,152 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\FlashGot.exe [2010.11.09 05:12:22 | 000,266,552 | ---- | M] (ml) -- C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
25.07.2012, 00:19
| #19 |
| /// Helfer-Team | Battle.net-Acc wurde gehackt nach Echtgeldeinkauf Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-18..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
:Files
C:\Windows\SysWow64\ff_vfw.dll
C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
25.07.2012, 10:46
| #20 |
| | Battle.net-Acc wurde gehackt nach Echtgeldeinkauf heute um 11:45 durchgefürht: Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Program Files was found!
Service vToolbarUpdater11.2.0 stopped successfully!
Service vToolbarUpdater11.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Steam not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS deleted successfully.
C:\Windows\SysWOW64\ff_vfw.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysWow64\ff_vfw.dll not found.
C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe moved successfully.
C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
E:\Eigene Dateien\Desktop\cmd.bat deleted successfully.
E:\Eigene Dateien\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andreas
->Temp folder emptied: 2670033 bytes
->Temporary Internet Files folder emptied: 2773777 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130014702 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4941 bytes
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10291478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66617 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 139,00 mb
[EMPTYFLASH]
User: All Users
User: Andreas
->Flash cache emptied: 0 bytes
User: AppData
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.1 log created on 07252012_113941
Files\Folders moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Geändert von Seraphim137 (25.07.2012 um 11:15 Uhr) |
|
31.07.2012, 16:13
| #21 | |
| /// Helfer-Team | Battle.net-Acc wurde gehackt nach EchtgeldeinkaufZitat:
Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ --> Battle.net-Acc wurde gehackt nach Echtgeldeinkauf |
|
21.08.2012, 03:39
| #22 |
| /// Helfer-Team | Battle.net-Acc wurde gehackt nach Echtgeldeinkauf Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Battle.net-Acc wurde gehackt nach Echtgeldeinkauf |
| akamai, alternate, avg secure search, avg security toolbar, avp, battle.net, bho, bonjour, browser, codecv, cursor, device driver, document, downloader, error, excel, firefox, flash player, google earth, heuristiks/extra, heuristiks/shuriken, hijackthis, hkus\s-1-5-18, install.exe, jdownloader, kaspersky, langs, logfile, microsoft office word, msiinstaller, ntdll.dll, object, plug-in, problem, registry, required, richtlinie, searchscopes, secure search, security, senden, software, super, svchost.exe, tastatur, teamspeak, visual studio, vtoolbarupdater, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
