Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.07.2012, 00:51   #1
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Icon32

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



hallo,
auch mich hat wohl der gvu-trojaner erwischt.
nun habe ich einen vollständigen systemcheck mit " Malwarebytes Anti-Malware " gemacht und dieser hat auch was gefunden, hier die log-datei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.10

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
S****u**M**** :: FBI [Administrator]

19.07.2012 17:26:41
mbam-log-2012-07-19 (18-51-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 615341
Laufzeit: 1 Stunde(n), 22 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 13
C:\Users\S****u**M****\AppData\Local\Temp\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\AppData\Roaming\Microsoft\Windows\Templates\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_bus-simulator-2012.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_bus-simulator-2012_32bitVersion.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_cinebench.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_editra.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_freepdf.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_totaledit.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\SoftonicDownloader_fuer_worm-wars.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\Downloads\advent\Havij 1.15 Free.exe (PUP.HackTool.Havis) -> Keine Aktion durchgeführt.
C:\Users\S****u**M****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
dabei sind mir zwei einträge besonders aufgefallen:

Code:
ATTFilter
C:\Users\S****u**M****\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.

C:\Users\S****u**M****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
         
was kann ich jetzt hier machen? wie werde ich den trojaner los?
ich habe bisher noch nichts gemacht, ausser das programm durchlaufen zu lassen.

schonmal im voraus, vielen dank!

Alt 20.07.2012, 18:07   #2
markusg
/// Malware-holic
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



hi, mach doch einfach *** anstelle so viele nutzlose zeichen :-)

lösche die funde mit malwarebytes.
danach:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 21.07.2012, 01:09   #3
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



danke für diese schnelle antwort.
haben nun einen scan mit OTL gemacht.
hier das ergebnis:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.07.2012 23:51:37 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 3,08 Gb Available Physical Memory | 83,73% Memory free
7,36 Gb Paging File | 6,79 Gb Available in Paging File | 92,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 163,00 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
 
Computer Name: FBI | User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SystemExplorerHelpService) -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (Mister Group)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (MatSvc) -- C:\Programme\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (DiskSec) -- C:\Windows\SysNative\drivers\disksec.sys (MAGIX)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (VirtualDisk_U) -- C:\Windows\SysNative\drivers\virtualdisk_u.sys (MAGIX)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\*****\Downloads\spiele\arma2__operation_arrowhead
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={EABDF0B7-1E39-4B8C-B800-94365A76A6DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "_blank"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=417&sr=0&q="
FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.11 23:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 05:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.16 21:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.16 21:25:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.16 21:25:51 | 000,000,000 | ---D | M]
 
[2012.02.07 23:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.07.16 15:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions
[2011.11.25 04:50:15 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.07.10 03:47:44 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012.07.01 00:08:28 | 000,000,000 | ---D | M] (PrivacySuite) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\abine@abine.com
[2012.02.17 23:20:45 | 000,000,000 | ---D | M] (BYTubeD - Bulk (Batch) YouTube video Downloader) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2011.07.07 14:37:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.19 01:41:58 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.07.04 14:01:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\firefox@ghostery.com
[2012.05.22 01:42:11 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\foxyproxy@eric.h.jung
[2012.05.22 02:04:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\foxyproxy-basic@eric.h.jung
[2012.05.17 01:41:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\ich@maltegoetz.de
[2011.10.08 04:40:11 | 000,002,503 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\dxdj0dd9.default\searchplugins\SearchResults.xml
[2012.05.09 13:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.09 13:59:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2011.11.09 13:58:54 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012.02.25 03:08:01 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2011.07.09 06:11:00 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.01.24 03:46:07 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.07.14 14:45:07 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.09.10 01:54:23 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.05.02 14:11:44 | 000,216,913 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI
[2011.11.14 05:35:08 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.06.23 05:12:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.12 11:47:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 05:12:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.11 13:53:01 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.23 05:12:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 05:12:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 05:12:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.08 04:40:11 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.23 05:12:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 05:12:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Web Developer = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Virtual Piano Black = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo\4_0\
CHR - Extension: FlashBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Disconnect = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.5.6_0\
CHR - Extension: Little Alchemy = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\
CHR - Extension: Zombie Pandemic = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\
CHR - Extension: Ghostery = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.02.07 23:04:27 | 000,441,186 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15163 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = x-akten
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D9C0F4-981B-434E-AF2D-271C857BFB60}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0dd7cd71-6238-11e0-9a29-1c7508345b36}\Shell - "" = AutoRun
O33 - MountPoints2\{0dd7cd71-6238-11e0-9a29-1c7508345b36}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{4ce1b4f3-dd85-11e0-93d8-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1b4f3-dd85-11e0-93d8-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4ce1b51a-dd85-11e0-93d8-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1b51a-dd85-11e0-93d8-18f46a74b161}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{853f01b0-af20-11e0-8c04-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{853f01b0-af20-11e0-8c04-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{853f01d8-af20-11e0-8c04-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{853f01d8-af20-11e0-8c04-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d0b0ed4b-4200-11e0-9568-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b0ed4b-4200-11e0-9568-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d0b0ed6b-4200-11e0-9568-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b0ed6b-4200-11e0-9568-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d36e7c13-42b2-11e0-bbc9-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d36e7c13-42b2-11e0-bbc9-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d36e7c16-42b2-11e0-bbc9-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d36e7c16-42b2-11e0-bbc9-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fb70e86f-b646-11e1-aa58-1c7508345b36}\Shell - "" = AutoRun
O33 - MountPoints2\{fb70e86f-b646-11e1-aa58-1c7508345b36}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BA17561-E6A1-7D59-BE48-7F547EA398AF} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4CABB4C4-F982-C1B2-31DB-CB8AE54CACD6} - Microsoft Windows Media Player 12.0
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8E82367E-E8F2-550A-CDF2-506C7411EF42} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - C:\PROGRA~2\ALDITA~1\ALDITA~2.EXE - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Eraser - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UVS11 Preload - hkey= - key= - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 23:19:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.07.19 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\maleware_logs
[2012.07.19 16:17:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.07.19 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.19 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 16:17:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.19 16:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 16:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.19 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\rettung
[2012.07.16 21:11:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.07.16 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.07.16 21:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2012.07.16 01:06:14 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\dayz_medien
[2012.07.14 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\eimkommenssteuer2011
[2012.07.13 23:19:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\DayZ-1.7.2
[2012.07.13 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\backup
[2012.07.13 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ArmA 2 OA
[2012.07.13 19:58:29 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\ArmA 2
[2012.07.13 18:29:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.07.13 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SIX_Projects
[2012.07.13 06:50:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\ArmA 2 Other Profiles
[2012.07.13 06:00:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\six-updater
[2012.07.13 06:00:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\six-zsync
[2012.07.13 05:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012.07.13 05:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
[2012.07.13 05:57:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Downloaded Installations
[2012.07.13 05:06:22 | 000,000,000 | RH-D | C] -- C:\Users\*****\AppData\Roaming\SecuROM
[2012.07.13 04:46:46 | 000,000,000 | ---D | C] -- C:\extrahierte_installationsdateien
[2012.07.13 00:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.07.12 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ArmA 2 Free
[2012.07.12 00:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012.07.12 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.07.11 05:14:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SniperV2
[2012.07.11 05:12:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SKIDROW
[2012.07.11 01:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012.07.11 01:39:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012.07.10 01:36:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\pixelio_de
[2012.07.09 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\ps_vergleich
[2012.07.08 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Adobe
[2012.07.08 17:04:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.08 16:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.07.08 16:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.08 16:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.07.08 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Adobe Photoshop CS6
[2012.07.08 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.06 23:36:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\My Cheat Tables
[2012.07.06 23:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2012.07.06 23:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.1
[2012.07.04 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\odgb201d_entpackt
[2012.07.04 03:35:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\fontconfig
[2012.07.04 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\gegl-0.2
[2012.07.04 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\*****\.gimp-2.8
[2012.07.04 03:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.02 01:12:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PunkBuster
[2012.07.01 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Battlefield Play4Free
[2012.07.01 20:46:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.07.01 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.06.25 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Pokki
[2012.06.25 05:26:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Need for Speed World
[2012.06.25 04:26:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Need for Speed World
[2012.06.25 04:01:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Electronic_Arts_Inc
[2012.06.25 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.06.25 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2012.06.24 23:04:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\simplitec
[2012.06.24 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2012.06.24 03:50:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Corel VideoStudio Pro
[2012.06.24 03:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012.06.24 03:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012.06.23 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2012.06.22 01:50:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\sonstiges
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 23:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 23:45:07 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 23:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.07.19 16:11:09 | 001,809,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.19 16:11:09 | 000,774,070 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.19 16:11:09 | 000,716,458 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.19 16:11:09 | 000,175,718 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.19 16:11:09 | 000,143,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 23:19:06 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MAGIX Autobackup Tray - MAGIX AG.job
[2012.07.18 23:17:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 23:15:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.18 22:42:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.18 20:44:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012.07.18 20:44:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012.07.18 19:56:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 19:56:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 03:51:43 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.07.17 04:52:00 | 000,051,636 | ---- | M] () -- C:\Users\*****\Desktop\484463_10150967502059584_1119167114_n.jpg
[2012.07.16 21:10:18 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.07.15 15:40:50 | 000,269,857 | ---- | M] () -- C:\Users\*****\Desktop\strafanzeige_esm_06jul2012open1.pdf
[2012.07.14 22:55:42 | 000,063,010 | ---- | M] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010
[2012.07.13 23:17:51 | 000,012,055 | ---- | M] () -- C:\Users\*****\Desktop\latest.torrent
[2012.07.11 21:43:46 | 005,073,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 23:20:38 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk
[2012.07.10 22:05:37 | 000,061,298 | ---- | M] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010_Backup
[2012.07.10 12:30:13 | 000,005,401 | ---- | M] () -- C:\Users\*****\Desktop\profilbutton_skaliert1.png
[2012.07.08 18:07:20 | 000,001,456 | ---- | M] () -- C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.08 17:27:44 | 000,007,598 | ---- | M] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012.07.08 16:35:56 | 000,001,079 | ---- | M] () -- C:\Users\*****\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2012.07.08 15:19:37 | 000,020,649 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2012.07.04 14:50:47 | 000,100,781 | ---- | M] () -- C:\Users\*****\Desktop\plug201d.zip
[2012.07.04 14:50:44 | 002,328,395 | ---- | M] () -- C:\Users\*****\Desktop\odbg201d.zip
[2012.07.04 01:41:48 | 000,001,664 | ---- | M] () -- C:\Users\*****\Desktop\Need for Speed World - Verknüpfung.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 01:13:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.02 01:13:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.01 20:46:29 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.25 04:00:24 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 23:13:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.17 04:52:05 | 000,051,636 | ---- | C] () -- C:\Users\*****\Desktop\484463_10150967502059584_1119167114_n.jpg
[2012.07.16 21:10:18 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.07.15 15:40:58 | 000,269,857 | ---- | C] () -- C:\Users\*****\Desktop\strafanzeige_esm_06jul2012open1.pdf
[2012.07.13 23:17:54 | 000,012,055 | ---- | C] () -- C:\Users\*****\Desktop\latest.torrent
[2012.07.13 05:58:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012.07.13 05:58:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012.07.10 23:20:38 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk
[2012.07.10 21:43:25 | 000,063,010 | ---- | C] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010
[2012.07.10 21:43:25 | 000,061,298 | ---- | C] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010_Backup
[2012.07.10 12:30:12 | 000,005,401 | ---- | C] () -- C:\Users\*****\Desktop\profilbutton_skaliert1.png
[2012.07.08 18:07:20 | 000,001,456 | ---- | C] () -- C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.08 17:06:21 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.07.08 16:35:56 | 000,001,079 | ---- | C] () -- C:\Users\*****\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2012.07.08 16:34:19 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.07.08 16:32:56 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012.07.08 16:32:09 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.07.08 16:28:52 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.07.08 16:28:42 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.07.08 15:19:37 | 000,020,649 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2012.07.04 14:50:49 | 000,100,781 | ---- | C] () -- C:\Users\*****\Desktop\plug201d.zip
[2012.07.04 14:00:47 | 002,328,395 | ---- | C] () -- C:\Users\*****\Desktop\odbg201d.zip
[2012.07.04 03:34:58 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.02 01:13:30 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.01 20:46:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.01 20:46:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.28 13:21:08 | 000,001,664 | ---- | C] () -- C:\Users\*****\Desktop\Need for Speed World - Verknüpfung.lnk
[2012.06.25 04:00:24 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2012.06.19 06:07:08 | 000,002,917 | ---- | C] () -- C:\Users\*****\AppData\Roaming\HP-15C.mem
[2012.05.01 16:03:50 | 000,000,000 | ---- | C] () -- C:\Users\*****\assoc
[2012.03.13 05:28:53 | 000,000,080 | ---- | C] () -- C:\Users\*****\AppData\Local\X-Plane Installer.prf
[2012.03.04 05:26:31 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2012.02.16 02:17:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.19 04:56:14 | 000,004,905 | ---- | C] () -- C:\ProgramData\rugqgaaw.ekm
[2011.10.20 01:28:38 | 000,000,014 | ---- | C] () -- C:\Windows\campaignsave.INI
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.03 04:45:48 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\MIDI Patch Names
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MediaFolder
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Master
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\Mail
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\Machines
[2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.07.17 23:44:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.07.17 23:44:28 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.07.17 22:45:47 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011.07.17 22:45:47 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011.07.09 03:48:24 | 000,000,182 | ---- | C] () -- C:\Windows\mailpeek.INI
[2011.06.22 13:26:49 | 000,000,046 | ---- | C] () -- C:\Windows\Datasaver.INI
[2011.04.19 23:32:37 | 000,000,558 | ---- | C] () -- C:\Windows\my.ini
[2011.03.29 05:45:46 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.03.28 01:54:19 | 000,001,099 | ---- | C] () -- C:\Users\*****\AppData\Roaming\ShiftN.ini
[2011.03.17 05:08:55 | 000,001,766 | ---- | C] () -- C:\Users\*****\.lmmsrc.xml
[2011.03.17 03:17:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.03.17 03:15:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.03.10 11:16:45 | 001,786,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.05 06:35:30 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol
[2011.03.01 23:58:13 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.02.28 23:25:51 | 000,000,046 | ---- | C] () -- C:\Windows\SPEED.INI
[2011.02.27 02:08:14 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011.02.27 02:08:14 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011.02.27 02:08:14 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011.02.27 02:08:14 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011.02.27 02:08:14 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011.02.27 02:08:14 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011.02.27 01:35:30 | 000,007,598 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011.02.26 23:33:44 | 000,009,216 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 23:21:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
 
========== LOP Check ==========
 
[2012.06.16 23:37:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple
[2012.03.11 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AI Internet Solutions
[2012.05.08 14:21:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.03.08 03:53:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Alien Skin
[2012.03.24 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASCOMP Software
[2012.03.26 00:21:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo
[2012.06.23 23:40:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2012.03.17 03:39:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\avidemux
[2012.04.30 03:18:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BANDISOFT
[2011.09.11 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blender Foundation
[2012.04.26 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2012.05.30 00:42:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChemTable Software
[2011.11.11 23:55:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Cocoon Software
[2011.03.10 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CocoonSoftware
[2012.07.08 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.25 02:34:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Copernic
[2012.03.25 02:24:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Datarescue
[2012.01.12 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\enchant
[2012.06.12 22:24:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\eSobi
[2012.03.04 05:57:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Fenrir Inc
[2012.07.11 02:59:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.03.13 04:50:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org
[2012.03.13 04:33:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org
[2012.05.04 04:50:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeScreenToVideo
[2011.06.21 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2012.07.04 02:14:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2012.06.13 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2012.02.27 06:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit
[2012.04.26 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JAM Software
[2012.03.22 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JonDo
[2012.05.31 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice
[2012.01.21 01:38:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Likno Software
[2012.03.15 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lingo4u
[2012.06.25 00:48:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX
[2011.09.21 16:38:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAXON
[2012.03.23 01:56:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Maxthon3
[2012.06.25 04:26:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World
[2011.09.03 04:44:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nikon
[2012.01.24 01:12:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy
[2012.04.19 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2012.03.25 05:59:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PingPlotter Freeware
[2011.10.20 01:31:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst
[2011.07.22 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Program Files (x86)
[2011.11.19 04:55:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\psynetic-mapmaker
[2012.06.25 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2012.01.14 01:58:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Python-Eggs
[2011.06.21 23:36:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ra e Deutsche Gesetze
[2012.06.24 23:04:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\simplitec
[2012.07.13 18:10:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-updater
[2012.07.13 06:00:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-zsync
[2012.07.18 04:41:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2012.02.27 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SolarMax
[2012.06.25 01:35:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2012.07.08 17:04:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.27 06:19:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Stellarium
[2012.03.13 04:34:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion
[2012.03.24 06:50:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TamoSoft
[2012.01.25 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2011.07.09 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2011.03.10 11:17:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2012.05.03 02:19:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TrueCrypt
[2012.07.17 02:31:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.06.25 03:34:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2012.01.24 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue
[2012.07.13 23:25:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012.02.21 21:49:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Verbindungsassistent
[2012.07.02 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly
[2012.04.26 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinFAQ
[2012.03.23 22:56:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinPatrol
[2012.02.23 01:58:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XnView
[2012.07.18 23:19:06 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MAGIX Autobackup Tray - MAGIX AG.job
[2012.05.31 00:03:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.25 19:23:37 | 000,000,000 | ---D | M] -- C:\!KillBox
[2012.06.22 03:06:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.02.28 16:20:53 | 000,000,000 | ---D | M] -- C:\40d4c40f2880826579
[2012.02.27 15:49:12 | 000,000,000 | ---D | M] -- C:\907f9793ae1ec66b3c
[2012.05.02 02:53:18 | 000,000,000 | ---D | M] -- C:\anwendungen_ohne_installation
[2010.11.17 06:01:25 | 000,000,000 | ---D | M] -- C:\book
[2012.05.11 13:59:36 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2012.03.16 04:22:06 | 000,000,000 | ---D | M] -- C:\CFLog
[2011.09.21 16:36:14 | 000,000,000 | ---D | M] -- C:\cinebench__11_529
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.07.13 04:47:34 | 000,000,000 | ---D | M] -- C:\extrahierte_installationsdateien
[2012.03.05 04:10:38 | 000,000,000 | ---D | M] -- C:\Games
[2012.03.12 01:25:26 | 000,000,000 | ---D | M] -- C:\inetpub
[2010.11.17 05:55:04 | 000,000,000 | ---D | M] -- C:\Intel
[2011.06.09 01:34:31 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData
[2011.02.26 22:43:35 | 000,000,000 | -H-D | M] -- C:\OEM
[2011.06.10 04:30:37 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.09 04:08:03 | 000,000,000 | ---D | M] -- C:\PMAIL
[2012.06.12 22:56:00 | 000,000,000 | ---D | M] -- C:\PoW24
[2012.07.08 16:32:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.19 16:17:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.07.19 16:17:13 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.06 16:19:52 | 000,000,000 | ---D | M] -- C:\SG Interactive
[2011.02.27 02:11:50 | 000,000,000 | ---D | M] -- C:\SmartSound Software
[2012.04.25 02:54:22 | 000,000,000 | ---D | M] -- C:\Stranded II
[2012.07.17 15:11:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.13 00:13:46 | 000,000,000 | ---D | M] -- C:\systemrettungsdisks
[2011.09.20 03:54:29 | 000,000,000 | ---D | M] -- C:\tmp
[2011.07.19 23:22:23 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2012.05.31 01:43:17 | 000,000,000 | R--D | M] -- C:\Users
[2012.05.11 13:46:45 | 000,000,000 | ---D | M] -- C:\VueScan
[2012.07.20 23:45:07 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.20 05:36:21 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2012.02.15 00:36:34 | 000,004,608 | ---- | M] () MD5=181066E31AD20869CF049262A0DB0BC2 -- C:\Users\*****\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v049D98E1\Native\STUBEXE\@SYSTEM@\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.02.26 22:46:42 | 000,001,766 | ---- | M] () -- C:\Users\*****\.lmmsrc.xml
[2012.05.01 16:03:50 | 000,000,000 | ---- | M] () -- C:\Users\*****\assoc
[2012.07.21 00:28:27 | 011,796,480 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2012.07.21 00:28:27 | 000,262,144 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG1
[2011.02.26 22:41:48 | 000,000,000 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG2
[2011.02.26 23:06:58 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.02.26 23:06:58 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.02.26 23:06:58 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.02.11 05:22:54 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TM.blf
[2012.02.11 05:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TMContainer00000000000000000001.regtrans-ms
[2012.02.11 05:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TMContainer00000000000000000002.regtrans-ms
[2012.01.28 22:35:29 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TM.blf
[2012.01.28 22:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TMContainer00000000000000000001.regtrans-ms
[2012.01.28 22:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TMContainer00000000000000000002.regtrans-ms
[2012.03.04 06:27:44 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TM.blf
[2012.03.04 06:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TMContainer00000000000000000001.regtrans-ms
[2012.03.04 06:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TMContainer00000000000000000002.regtrans-ms
[2011.02.26 22:41:48 | 000,000,020 | -HS- | M] () -- C:\Users\*****\ntuser.ini
[2012.03.02 01:33:47 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
         
--- --- ---


die auswgewählten eintrage von Malwarebytes habe ich mit einem neuen durchlauf gefixt.
__________________

Geändert von hilfe8545 (21.07.2012 um 01:16 Uhr)

Alt 22.07.2012, 16:31   #4
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



habe die sachen gelöscht. was muss ich jetzt noch machen?
habe windows bisher nicht mehr hochgefahren um kein risiko einzugehen.

Alt 24.07.2012, 20:34   #5
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



was muss ich nun noch machen?


Alt 26.07.2012, 19:21   #6
markusg
/// Malware-holic
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



hi
sorry für die wartezeit
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen

Alt 27.07.2012, 03:07   #7
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



hi,
habe das jetzt gemacht. die wartezeit ist kein problem, schliesslich opfert ihr ja eure freizeit.

hier der log:

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-27.02 - SonjaundMicha 26.07.2012  21:29:06.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3767.2988 [GMT 2:00]
ausgeführt von:: c:\users\SonjaundMicha\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\FullRemove.exe
c:\programdata\master
c:\users\***\4.0
c:\windows\My.ini
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48	203576	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-07-26 19:40 . 2012-07-26 19:40	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-19 14:17 . 2012-07-19 14:17	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-19 14:17 . 2012-07-19 14:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-19 14:17 . 2012-07-19 14:17	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 14:17 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-19 14:11 . 2012-07-19 14:11	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-07-18 16:02 . 2012-07-26 19:34	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{250F6933-5490-4A1D-9261-37CBDC8DDFEA}\offreg.dll
2012-07-17 13:12 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{250F6933-5490-4A1D-9261-37CBDC8DDFEA}\mpengine.dll
2012-07-16 19:11 . 2012-07-17 00:31	--------	d-----w-	c:\users\***\AppData\Roaming\TS3Client
2012-07-16 19:10 . 2012-07-16 19:10	--------	d-----w-	c:\program files (x86)\TeamSpeak 3 Client
2012-07-13 18:01 . 2012-07-18 18:49	--------	d-----w-	c:\users\***\AppData\Local\ArmA 2 OA
2012-07-13 14:38 . 2012-07-13 14:38	--------	d-----w-	c:\users\***\AppData\Local\SIX_Projects
2012-07-13 04:00 . 2012-07-13 16:10	--------	d-----w-	c:\users\***\AppData\Roaming\six-updater
2012-07-13 04:00 . 2012-07-13 04:00	--------	d-----w-	c:\users\***\AppData\Roaming\six-zsync
2012-07-13 03:58 . 2012-07-13 03:58	--------	d-----w-	c:\program files (x86)\SIX Projects
2012-07-13 03:57 . 2012-07-18 18:44	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
2012-07-13 03:06 . 2012-07-13 03:06	--------	d--h--r-	c:\users\***\AppData\Roaming\SecuROM
2012-07-13 02:46 . 2012-07-13 02:47	--------	d-----w-	C:\extrahierte_installationsdateien
2012-07-12 22:51 . 2012-07-12 22:58	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-07-11 22:39 . 2012-07-11 22:39	--------	d-----w-	c:\users\***\AppData\Local\ArmA 2 Free
2012-07-11 22:33 . 2012-07-13 17:42	--------	d-----w-	c:\program files (x86)\Bohemia Interactive
2012-07-11 22:30 . 2009-03-09 13:27	520544	----a-w-	c:\windows\system32\d3dx10_41.dll
2012-07-11 22:30 . 2009-03-09 13:27	453456	----a-w-	c:\windows\SysWow64\d3dx10_41.dll
2012-07-11 22:30 . 2009-03-09 13:27	2430312	----a-w-	c:\windows\system32\D3DCompiler_41.dll
2012-07-11 22:30 . 2009-03-09 13:27	1846632	----a-w-	c:\windows\SysWow64\D3DCompiler_41.dll
2012-07-11 22:30 . 2009-03-16 12:18	521560	----a-w-	c:\windows\system32\XAudio2_4.dll
2012-07-11 22:30 . 2009-03-16 12:18	517448	----a-w-	c:\windows\SysWow64\XAudio2_4.dll
2012-07-11 22:30 . 2009-03-09 13:27	5425496	----a-w-	c:\windows\system32\D3DX9_41.dll
2012-07-11 22:30 . 2009-03-09 13:27	4178264	----a-w-	c:\windows\SysWow64\D3DX9_41.dll
2012-07-11 16:33 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 13:41 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 13:40 . 2012-06-06 06:05	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 13:40 . 2012-06-06 06:05	1499136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 13:40 . 2012-06-06 05:05	1019904	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 13:40 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 13:40 . 2012-06-06 06:05	61440	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 13:40 . 2012-06-06 06:05	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 13:40 . 2012-06-06 06:02	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-07-11 13:40 . 2012-06-06 05:05	143360	----a-w-	c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 13:40 . 2012-06-06 05:05	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 13:40 . 2012-06-06 05:05	57344	----a-w-	c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 13:40 . 2012-06-06 05:05	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 13:40 . 2012-06-06 05:05	212992	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 13:40 . 2012-06-06 05:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-07-11 03:14 . 2012-07-11 03:17	--------	d-----w-	c:\users\***\AppData\Local\SniperV2
2012-07-11 03:12 . 2012-07-11 03:12	--------	d-----w-	c:\users\***\AppData\Local\SKIDROW
2012-07-10 23:40 . 2012-07-10 23:40	--------	d-----w-	c:\program files (x86)\uTorrent
2012-07-10 23:39 . 2012-07-13 21:25	--------	d-----w-	c:\users\***\AppData\Roaming\uTorrent
2012-07-08 15:38 . 2012-07-08 15:38	0	----a-w-	c:\windows\SysWow64\shoCEE6.tmp
2012-07-08 15:04 . 2012-07-08 15:04	--------	d-----w-	c:\users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-07-08 14:36 . 2012-07-08 14:36	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-07-08 14:32 . 2012-07-08 14:35	--------	d-----w-	c:\program files\Adobe
2012-07-08 14:26 . 2012-07-08 14:35	--------	d-----w-	c:\program files\Common Files\Adobe
2012-07-08 13:52 . 2012-07-08 13:52	--------	d-----w-	c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-06 21:36 . 2012-07-06 21:36	--------	d-----w-	c:\program files (x86)\Cheat Engine 6.1
2012-07-04 01:35 . 2012-07-04 01:35	--------	d-----w-	c:\users\***\AppData\Local\fontconfig
2012-07-04 01:35 . 2012-07-08 13:19	--------	d-----w-	c:\users\***\.gimp-2.8
2012-07-04 01:35 . 2012-07-04 01:35	--------	d-----w-	c:\users\***\AppData\Local\gegl-0.2
2012-07-04 01:33 . 2012-07-04 01:34	--------	d-----w-	c:\program files\GIMP 2
2012-07-02 01:29 . 2012-07-02 01:29	7992528	----a-w-	c:\users\***\AppData\Roaming\Microsoft\Windows\Templates\ca_setup.exe
2012-07-01 23:13 . 2012-07-01 23:13	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-07-01 23:12 . 2012-07-01 23:12	--------	d-----w-	c:\users\***\AppData\Local\PunkBuster
2012-07-01 18:46 . 2012-07-01 23:13	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-07-01 18:46 . 2012-07-01 18:46	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-07-01 18:06 . 2012-07-01 18:06	--------	d-----w-	c:\program files (x86)\EA Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 20:15 . 2012-03-11 23:26	393216	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-07-11 16:26 . 2011-03-16 22:05	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-21 04:19 . 2012-06-21 04:19	0	----a-w-	c:\windows\SysWow64\sho90EF.tmp
2012-06-12 16:34 . 2012-06-12 16:34	0	----a-w-	c:\windows\SysWow64\shoB7C3.tmp
2012-06-02 22:19 . 2012-06-21 10:05	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:06	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:06	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:06	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:05	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:06	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:05	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:05	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:05	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-03-20 22:00	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-14 03:30 . 2012-05-14 03:30	0	----a-w-	c:\windows\SysWow64\sho7789.tmp
2012-05-13 03:19 . 2012-05-13 03:19	0	----a-w-	c:\windows\SysWow64\sho12AE.tmp
2012-05-11 08:49 . 2012-04-06 10:27	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 08:49 . 2011-06-28 13:59	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 00:31 . 2012-03-24 18:56	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 00:31 . 2012-03-24 18:56	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 11:06 . 2012-06-14 17:47	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 17:47	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 17:47	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 14:11 . 2012-05-02 14:11	0	----a-w-	c:\windows\SysWow64\sho85E7.tmp
2012-05-01 05:40 . 2012-06-14 17:47	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 17:47	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-27 1620584]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 VirtualDisk_U;VirtualDisk driver;c:\windows\system32\drivers\virtualdisk_u.sys [2010-04-22 69152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
R3 X6va006;X6va006;c:\users\SONJAU~1\AppData\Local\Temp\0068B30.tmp [x]
R3 X6va007;X6va007;c:\users\SONJAU~1\AppData\Local\Temp\0078549.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2012-02-21 342984]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 18432]
R4 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-05-02 775128]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-10-28 24680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 02:22]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 02:22]
.
2012-07-18 c:\windows\Tasks\MAGIX Autobackup Tray - MAGIX AG.job
- c:\program files (x86)\MAGIX\Retten_Sie_Ihre_Notebook_Daten\tools\RSIND_mxcdr\MxBackupTray.exe [2010-10-08 08:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dxdj0dd9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - _blank
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=417&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\SONJAU~1\AppData\Local\Temp\0068B30.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\SONJAU~1\AppData\Local\Temp\0078549.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:77,98,74,34,f3,03,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-3043048249-594968161-3224245601-1001\Software\SecuROM\License information*]
"datasecu"=hex:cc,31,fc,10,fd,29,99,d0,2c,89,e9,ba,2b,01,d8,55,4f,62,03,54,c0,
   68,2d,4e,96,25,87,a8,2e,78,bd,aa,7c,42,f2,40,5c,9b,a3,e6,d7,86,10,40,03,24,\
"rkeysecu"=hex:21,46,09,14,28,c2,25,56,eb,21,4c,53,d7,f0,69,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-27  00:56:11
ComboFix-quarantined-files.txt  2012-07-26 22:56
.
Vor Suchlauf: 27 Verzeichnis(se), 174.855.368.704 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 174.571.204.608 Bytes frei
.
- - End Of File - - E435EDA3477D029BC4D4BC9561B98C05
         
--- --- ---


was muss ich noch machen? kann ich meinen pc wieder benutzen?

grüße

Alt 28.07.2012, 00:05   #8
markusg
/// Malware-holic
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.07.2012, 02:24   #9
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



werde ich sofort machen.
wollte nur mal loswerden:
ich bin echt erstaunt, wie kompetent und kostenlos eure hilfe ist.
da gibt es so sonst keinen der einen direkt und problemlösend hilft.
finde ich wirklich sehr respektabel!

tdss killer log:

Code:
ATTFilter
02:31:32.0609 1988	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:31:32.0921 1988	============================================================
02:31:32.0921 1988	Current date / time: 2012/07/28 02:31:32.0921
02:31:32.0921 1988	SystemInfo:
02:31:32.0921 1988	
02:31:32.0921 1988	OS Version: 6.1.7601 ServicePack: 1.0
02:31:32.0921 1988	Product type: Workstation
02:31:32.0921 1988	ComputerName: FBI
02:31:32.0921 1988	UserName: ***
02:31:32.0921 1988	Windows directory: C:\Windows
02:31:32.0921 1988	System windows directory: C:\Windows
02:31:32.0921 1988	Running under WOW64
02:31:32.0921 1988	Processor architecture: Intel x64
02:31:32.0921 1988	Number of processors: 4
02:31:32.0921 1988	Page size: 0x1000
02:31:32.0921 1988	Boot type: Safe boot with network
02:31:32.0921 1988	============================================================
02:31:33.0810 1988	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:31:33.0810 1988	============================================================
02:31:33.0810 1988	\Device\Harddisk0\DR0:
02:31:33.0810 1988	MBR partitions:
02:31:33.0810 1988	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
02:31:33.0810 1988	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
02:31:33.0810 1988	============================================================
02:31:33.0842 1988	C: <-> \Device\Harddisk0\DR0\Partition1
02:31:33.0842 1988	============================================================
02:31:33.0842 1988	Initialize success
02:31:33.0842 1988	============================================================
02:32:18.0910 0996	============================================================
02:32:18.0910 0996	Scan started
02:32:18.0910 0996	Mode: Manual; SigCheck; TDLFS; 
02:32:18.0910 0996	============================================================
02:32:20.0704 0996	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:32:21.0125 0996	1394ohci - ok
02:32:21.0203 0996	ACDaemon - ok
02:32:21.0281 0996	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:32:21.0297 0996	ACPI - ok
02:32:21.0359 0996	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:32:21.0437 0996	AcpiPmi - ok
02:32:21.0609 0996	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:32:21.0703 0996	AdobeARMservice - ok
02:32:21.0781 0996	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:32:21.0827 0996	adp94xx - ok
02:32:21.0890 0996	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:32:21.0905 0996	adpahci - ok
02:32:21.0952 0996	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:32:21.0983 0996	adpu320 - ok
02:32:22.0030 0996	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:32:22.0171 0996	AeLookupSvc - ok
02:32:22.0249 0996	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:32:22.0342 0996	AFD - ok
02:32:22.0389 0996	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:32:22.0405 0996	agp440 - ok
02:32:22.0514 0996	ALDITALKVerbindungsassistent_Service (73350b0f3a59c52118137ebde11c2a5d) C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
02:32:22.0592 0996	ALDITALKVerbindungsassistent_Service - ok
02:32:22.0639 0996	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:32:22.0685 0996	ALG - ok
02:32:22.0732 0996	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:32:22.0748 0996	aliide - ok
02:32:22.0763 0996	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:32:22.0763 0996	amdide - ok
02:32:22.0826 0996	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:32:22.0888 0996	AmdK8 - ok
02:32:22.0888 0996	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:32:22.0904 0996	AmdPPM - ok
02:32:22.0982 0996	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:32:22.0982 0996	amdsata - ok
02:32:23.0044 0996	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:32:23.0060 0996	amdsbs - ok
02:32:23.0091 0996	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:32:23.0107 0996	amdxata - ok
02:32:23.0200 0996	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
02:32:23.0216 0996	AntiVirSchedulerService - ok
02:32:23.0278 0996	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
02:32:23.0278 0996	AntiVirService - ok
02:32:23.0356 0996	Apache2.2       (cc3d9c18128e1f53cb2c9a9219f9a517) c:\xampp\apache\bin\httpd.exe
02:32:23.0387 0996	Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
02:32:23.0387 0996	Apache2.2 - detected UnsignedFile.Multi.Generic (1)
02:32:23.0512 0996	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
02:32:23.0559 0996	AppHostSvc - ok
02:32:23.0637 0996	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:32:23.0809 0996	AppID - ok
02:32:23.0871 0996	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:32:23.0949 0996	AppIDSvc - ok
02:32:24.0027 0996	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:32:24.0089 0996	Appinfo - ok
02:32:24.0183 0996	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:32:24.0183 0996	arc - ok
02:32:24.0199 0996	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:32:24.0214 0996	arcsas - ok
02:32:24.0355 0996	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:32:24.0386 0996	aspnet_state - ok
02:32:24.0433 0996	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:32:24.0495 0996	AsyncMac - ok
02:32:24.0557 0996	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:32:24.0573 0996	atapi - ok
02:32:24.0698 0996	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:32:24.0854 0996	AudioEndpointBuilder - ok
02:32:24.0854 0996	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:32:24.0901 0996	AudioSrv - ok
02:32:24.0979 0996	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
02:32:25.0696 0996	avgntflt - ok
02:32:25.0774 0996	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
02:32:25.0774 0996	avipbb - ok
02:32:25.0805 0996	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
02:32:25.0821 0996	avkmgr - ok
02:32:25.0883 0996	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:32:25.0977 0996	AxInstSV - ok
02:32:26.0024 0996	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:32:26.0086 0996	b06bdrv - ok
02:32:26.0164 0996	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:32:26.0211 0996	b57nd60a - ok
02:32:26.0461 0996	BCM43XX         (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:32:26.0585 0996	BCM43XX - ok
02:32:26.0710 0996	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:32:26.0741 0996	BDESVC - ok
02:32:26.0819 0996	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:32:26.0882 0996	Beep - ok
02:32:26.0991 0996	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:32:27.0053 0996	BFE - ok
02:32:27.0131 0996	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:32:27.0443 0996	BITS - ok
02:32:27.0521 0996	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:32:27.0553 0996	blbdrive - ok
02:32:27.0599 0996	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:32:27.0662 0996	bowser - ok
02:32:27.0677 0996	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:32:27.0740 0996	BrFiltLo - ok
02:32:27.0755 0996	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:32:27.0787 0996	BrFiltUp - ok
02:32:27.0865 0996	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:32:27.0911 0996	BridgeMP - ok
02:32:28.0005 0996	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:32:28.0052 0996	Browser - ok
02:32:28.0099 0996	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:32:28.0161 0996	Brserid - ok
02:32:28.0161 0996	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:32:28.0192 0996	BrSerWdm - ok
02:32:28.0208 0996	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:32:28.0239 0996	BrUsbMdm - ok
02:32:28.0239 0996	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:32:28.0270 0996	BrUsbSer - ok
02:32:28.0286 0996	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:32:28.0317 0996	BTHMODEM - ok
02:32:28.0379 0996	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:32:28.0426 0996	bthserv - ok
02:32:28.0504 0996	Capture Device Service - ok
02:32:28.0535 0996	catchme - ok
02:32:28.0567 0996	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:32:28.0629 0996	cdfs - ok
02:32:28.0707 0996	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:32:28.0738 0996	cdrom - ok
02:32:28.0801 0996	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:32:28.0863 0996	CertPropSvc - ok
02:32:28.0894 0996	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:32:28.0925 0996	circlass - ok
02:32:28.0988 0996	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:32:29.0003 0996	CLFS - ok
02:32:29.0097 0996	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:32:29.0128 0996	clr_optimization_v2.0.50727_32 - ok
02:32:29.0175 0996	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:32:29.0191 0996	clr_optimization_v2.0.50727_64 - ok
02:32:29.0269 0996	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:32:29.0425 0996	clr_optimization_v4.0.30319_32 - ok
02:32:29.0534 0996	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:32:29.0627 0996	clr_optimization_v4.0.30319_64 - ok
02:32:29.0659 0996	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:32:29.0690 0996	CmBatt - ok
02:32:29.0721 0996	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:32:29.0737 0996	cmdide - ok
02:32:29.0799 0996	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
02:32:29.0861 0996	CNG - ok
02:32:29.0908 0996	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:32:29.0924 0996	Compbatt - ok
02:32:29.0955 0996	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:32:30.0002 0996	CompositeBus - ok
02:32:30.0002 0996	COMSysApp - ok
02:32:30.0127 0996	cpudrv64        (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
02:32:30.0127 0996	cpudrv64 - ok
02:32:30.0173 0996	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:32:30.0173 0996	crcdisk - ok
02:32:30.0251 0996	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:32:30.0298 0996	CryptSvc - ok
02:32:30.0345 0996	CV2K1 - ok
02:32:30.0485 0996	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:32:30.0517 0996	cvhsvc - ok
02:32:30.0610 0996	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:32:30.0673 0996	DcomLaunch - ok
02:32:30.0719 0996	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:32:30.0782 0996	defragsvc - ok
02:32:30.0875 0996	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:32:30.0907 0996	DfsC - ok
02:32:31.0078 0996	DfSdkS          (d51b32ba3897f630d99713b74b40d6a2) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
02:32:31.0125 0996	DfSdkS ( UnsignedFile.Multi.Generic ) - warning
02:32:31.0125 0996	DfSdkS - detected UnsignedFile.Multi.Generic (1)
02:32:31.0203 0996	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:32:31.0265 0996	Dhcp - ok
02:32:31.0297 0996	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:32:31.0328 0996	discache - ok
02:32:31.0359 0996	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:32:31.0375 0996	Disk - ok
02:32:31.0406 0996	DiskSec         (b9ba209e9d038a966f8547b3e0634626) C:\Windows\system32\drivers\DiskSec.sys
02:32:31.0406 0996	DiskSec - ok
02:32:31.0453 0996	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:32:31.0515 0996	Dnscache - ok
02:32:31.0577 0996	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:32:31.0624 0996	dot3svc - ok
02:32:31.0687 0996	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:32:31.0733 0996	DPS - ok
02:32:31.0765 0996	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:32:31.0796 0996	drmkaud - ok
02:32:31.0905 0996	DsiWMIService   (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
02:32:31.0921 0996	DsiWMIService - ok
02:32:32.0014 0996	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:32:32.0045 0996	DXGKrnl - ok
02:32:32.0108 0996	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:32:32.0155 0996	EapHost - ok
02:32:32.0342 0996	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:32:32.0467 0996	ebdrv - ok
02:32:32.0576 0996	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:32:32.0638 0996	EFS - ok
02:32:32.0747 0996	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:32:32.0794 0996	ehRecvr - ok
02:32:32.0857 0996	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:32:32.0903 0996	ehSched - ok
02:32:33.0028 0996	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:32:33.0044 0996	ElbyCDIO - ok
02:32:33.0091 0996	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:32:33.0122 0996	elxstor - ok
02:32:33.0278 0996	ePowerSvc       (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
02:32:33.0293 0996	ePowerSvc - ok
02:32:33.0434 0996	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:32:33.0449 0996	ErrDev - ok
02:32:33.0512 0996	ETD             (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
02:32:33.0527 0996	ETD - ok
02:32:33.0574 0996	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:32:33.0637 0996	EventSystem - ok
02:32:33.0699 0996	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:32:33.0746 0996	exfat - ok
02:32:33.0855 0996	Fabs - ok
02:32:33.0886 0996	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:32:33.0949 0996	fastfat - ok
02:32:34.0058 0996	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:32:34.0105 0996	Fax - ok
02:32:34.0151 0996	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:32:34.0183 0996	fdc - ok
02:32:34.0214 0996	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:32:34.0276 0996	fdPHost - ok
02:32:34.0292 0996	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:32:34.0339 0996	FDResPub - ok
02:32:34.0370 0996	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:32:34.0385 0996	FileInfo - ok
02:32:34.0417 0996	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:32:34.0463 0996	Filetrace - ok
02:32:34.0604 0996	FileZilla Server (e3a0cc636f313cb34867123539691dd5) c:\xampp\FileZillaFTP\FileZillaServer.exe
02:32:34.0635 0996	FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
02:32:34.0635 0996	FileZilla Server - detected UnsignedFile.Multi.Generic (1)
02:32:34.0885 0996	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
02:32:35.0009 0996	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
02:32:35.0009 0996	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
02:32:35.0134 0996	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:32:35.0165 0996	FLEXnet Licensing Service - ok
02:32:35.0306 0996	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:32:35.0321 0996	flpydisk - ok
02:32:35.0368 0996	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:32:35.0399 0996	FltMgr - ok
02:32:35.0462 0996	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:32:35.0524 0996	FontCache - ok
02:32:35.0618 0996	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:32:35.0618 0996	FontCache3.0.0.0 - ok
02:32:35.0680 0996	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:32:35.0696 0996	FsDepends - ok
02:32:35.0711 0996	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:32:35.0727 0996	Fs_Rec - ok
02:32:35.0852 0996	ftpsvc          (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
02:32:35.0914 0996	ftpsvc - ok
02:32:36.0008 0996	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:32:36.0023 0996	fvevol - ok
02:32:36.0086 0996	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:32:36.0086 0996	gagp30kx - ok
02:32:36.0179 0996	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:32:36.0242 0996	gpsvc - ok
02:32:36.0320 0996	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
02:32:36.0320 0996	GREGService - ok
02:32:36.0413 0996	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:32:36.0429 0996	gupdate - ok
02:32:36.0445 0996	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:32:36.0445 0996	gupdatem - ok
02:32:36.0491 0996	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:32:36.0538 0996	hcw85cir - ok
02:32:36.0585 0996	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:32:36.0632 0996	HdAudAddService - ok
02:32:36.0679 0996	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:32:36.0710 0996	HDAudBus - ok
02:32:36.0757 0996	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
02:32:36.0772 0996	HECIx64 - ok
02:32:36.0819 0996	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:32:36.0835 0996	HidBatt - ok
02:32:36.0835 0996	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:32:36.0866 0996	HidBth - ok
02:32:36.0897 0996	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:32:36.0959 0996	HidIr - ok
02:32:36.0991 0996	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:32:37.0037 0996	hidserv - ok
02:32:37.0084 0996	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
02:32:37.0100 0996	HidUsb - ok
02:32:37.0147 0996	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:32:37.0193 0996	hkmsvc - ok
02:32:37.0240 0996	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:32:37.0303 0996	HomeGroupListener - ok
02:32:37.0349 0996	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:32:37.0381 0996	HomeGroupProvider - ok
02:32:37.0412 0996	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:32:37.0412 0996	HpSAMD - ok
02:32:37.0505 0996	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:32:37.0583 0996	HTTP - ok
02:32:37.0646 0996	hwdatacard      (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
02:32:37.0693 0996	hwdatacard - ok
02:32:37.0739 0996	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:32:37.0739 0996	hwpolicy - ok
02:32:37.0786 0996	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:32:37.0802 0996	i8042prt - ok
02:32:37.0864 0996	iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
02:32:37.0880 0996	iaStor - ok
02:32:37.0989 0996	IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:32:37.0989 0996	IAStorDataMgrSvc - ok
02:32:38.0067 0996	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:32:38.0098 0996	iaStorV - ok
02:32:38.0239 0996	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:32:38.0254 0996	IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:32:38.0254 0996	IDriverT - detected UnsignedFile.Multi.Generic (1)
02:32:38.0395 0996	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:32:38.0426 0996	idsvc - ok
02:32:39.0081 0996	igfx            (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:32:39.0424 0996	igfx - ok
02:32:39.0565 0996	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:32:39.0565 0996	iirsp - ok
02:32:39.0627 0996	IISADMIN        (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
02:32:39.0658 0996	IISADMIN - ok
02:32:39.0736 0996	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:32:39.0799 0996	IKEEXT - ok
02:32:39.0845 0996	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
02:32:39.0877 0996	Impcd - ok
02:32:40.0033 0996	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
02:32:40.0126 0996	IntcAzAudAddService - ok
02:32:40.0251 0996	IntcDAud        (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:32:40.0313 0996	IntcDAud - ok
02:32:40.0329 0996	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:32:40.0345 0996	intelide - ok
02:32:40.0391 0996	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:32:40.0407 0996	intelppm - ok
02:32:40.0454 0996	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:32:40.0485 0996	IPBusEnum - ok
02:32:40.0532 0996	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:32:40.0594 0996	IpFilterDriver - ok
02:32:40.0657 0996	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:32:40.0735 0996	iphlpsvc - ok
02:32:40.0781 0996	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:32:40.0813 0996	IPMIDRV - ok
02:32:40.0844 0996	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:32:40.0891 0996	IPNAT - ok
02:32:40.0922 0996	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:32:40.0953 0996	IRENUM - ok
02:32:40.0984 0996	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:32:41.0000 0996	isapnp - ok
02:32:41.0062 0996	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:32:41.0078 0996	iScsiPrt - ok
02:32:41.0140 0996	k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
02:32:41.0156 0996	k57nd60a - ok
02:32:41.0203 0996	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:32:41.0203 0996	kbdclass - ok
02:32:41.0249 0996	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:32:41.0281 0996	kbdhid - ok
02:32:41.0312 0996	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:41.0312 0996	KeyIso - ok
02:32:41.0359 0996	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
02:32:41.0374 0996	KSecDD - ok
02:32:41.0390 0996	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
02:32:41.0405 0996	KSecPkg - ok
02:32:41.0437 0996	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:32:41.0499 0996	ksthunk - ok
02:32:41.0546 0996	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:32:41.0593 0996	KtmRm - ok
02:32:41.0655 0996	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:32:41.0717 0996	LanmanServer - ok
02:32:41.0764 0996	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:32:41.0827 0996	LanmanWorkstation - ok
02:32:41.0889 0996	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:32:41.0936 0996	lltdio - ok
02:32:41.0983 0996	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:32:42.0045 0996	lltdsvc - ok
02:32:42.0061 0996	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:32:42.0107 0996	lmhosts - ok
02:32:42.0217 0996	LMS             (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:32:42.0232 0996	LMS - ok
02:32:42.0279 0996	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:32:42.0295 0996	LSI_FC - ok
02:32:42.0295 0996	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:32:42.0310 0996	LSI_SAS - ok
02:32:42.0326 0996	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:32:42.0341 0996	LSI_SAS2 - ok
02:32:42.0341 0996	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:32:42.0357 0996	LSI_SCSI - ok
02:32:42.0388 0996	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:32:42.0435 0996	luafv - ok
02:32:42.0482 0996	massfilter - ok
02:32:42.0575 0996	MatSvc          (ec470d91ef06a59397edc18d48899cc5) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
02:32:42.0591 0996	MatSvc - ok
02:32:42.0653 0996	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:32:42.0669 0996	Mcx2Svc - ok
02:32:42.0716 0996	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:32:42.0716 0996	megasas - ok
02:32:42.0731 0996	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:32:42.0747 0996	MegaSR - ok
02:32:42.0794 0996	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:32:42.0841 0996	MMCSS - ok
02:32:42.0856 0996	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:32:42.0903 0996	Modem - ok
02:32:42.0934 0996	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:32:42.0981 0996	monitor - ok
02:32:43.0012 0996	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
02:32:43.0028 0996	mouclass - ok
02:32:43.0075 0996	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:32:43.0075 0996	mouhid - ok
02:32:43.0137 0996	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:32:43.0153 0996	mountmgr - ok
02:32:43.0262 0996	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:32:43.0277 0996	MozillaMaintenance - ok
02:32:43.0324 0996	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:32:43.0340 0996	mpio - ok
02:32:43.0387 0996	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:32:43.0433 0996	mpsdrv - ok
02:32:43.0511 0996	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:32:43.0574 0996	MpsSvc - ok
02:32:43.0636 0996	MQAC            (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
02:32:43.0683 0996	MQAC - ok
02:32:43.0714 0996	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:32:43.0745 0996	MRxDAV - ok
02:32:43.0792 0996	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:32:43.0808 0996	mrxsmb - ok
02:32:43.0855 0996	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:32:43.0886 0996	mrxsmb10 - ok
02:32:43.0917 0996	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:32:43.0948 0996	mrxsmb20 - ok
02:32:43.0995 0996	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:32:44.0011 0996	msahci - ok
02:32:44.0042 0996	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:32:44.0057 0996	msdsm - ok
02:32:44.0089 0996	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:32:44.0104 0996	MSDTC - ok
02:32:44.0135 0996	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:32:44.0167 0996	Msfs - ok
02:32:44.0182 0996	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:32:44.0245 0996	mshidkmdf - ok
02:32:44.0276 0996	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:32:44.0276 0996	msisadrv - ok
02:32:44.0323 0996	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:32:44.0385 0996	MSiSCSI - ok
02:32:44.0385 0996	msiserver - ok
02:32:44.0447 0996	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:32:44.0494 0996	MSKSSRV - ok
02:32:44.0510 0996	MSMQ            (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
02:32:44.0525 0996	MSMQ - ok
02:32:44.0588 0996	MSMQTriggers    (59ed174fd4314b0218dc91f9bfa6cd3d) C:\Windows\system32\mqtgsvc.exe
02:32:44.0635 0996	MSMQTriggers - ok
02:32:44.0666 0996	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:32:44.0697 0996	MSPCLOCK - ok
02:32:44.0697 0996	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:32:44.0744 0996	MSPQM - ok
02:32:44.0806 0996	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:32:44.0822 0996	MsRPC - ok
02:32:44.0869 0996	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:32:44.0869 0996	mssmbios - ok
02:32:44.0900 0996	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:32:44.0947 0996	MSTEE - ok
02:32:44.0993 0996	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:32:45.0009 0996	MTConfig - ok
02:32:45.0040 0996	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:32:45.0040 0996	Mup - ok
02:32:45.0087 0996	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
02:32:45.0087 0996	mwlPSDFilter - ok
02:32:45.0103 0996	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
02:32:45.0118 0996	mwlPSDNServ - ok
02:32:45.0134 0996	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
02:32:45.0134 0996	mwlPSDVDisk - ok
02:32:45.0227 0996	MWLService      (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
02:32:45.0259 0996	MWLService - ok
02:32:45.0352 0996	mysql - ok
02:32:45.0415 0996	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:32:45.0477 0996	napagent - ok
02:32:45.0555 0996	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:32:45.0586 0996	NativeWifiP - ok
02:32:45.0680 0996	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:32:45.0711 0996	NDIS - ok
02:32:45.0758 0996	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:32:45.0789 0996	NdisCap - ok
02:32:45.0805 0996	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:32:45.0851 0996	NdisTapi - ok
02:32:45.0914 0996	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:32:45.0961 0996	Ndisuio - ok
02:32:46.0007 0996	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:32:46.0054 0996	NdisWan - ok
02:32:46.0101 0996	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:32:46.0148 0996	NDProxy - ok
02:32:46.0226 0996	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:32:46.0273 0996	NetBIOS - ok
02:32:46.0335 0996	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:32:46.0397 0996	NetBT - ok
02:32:46.0429 0996	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:46.0444 0996	Netlogon - ok
02:32:46.0507 0996	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:32:46.0569 0996	Netman - ok
02:32:46.0663 0996	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0694 0996	NetMsmqActivator - ok
02:32:46.0694 0996	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0709 0996	NetPipeActivator - ok
02:32:46.0756 0996	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:32:46.0819 0996	netprofm - ok
02:32:46.0865 0996	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0865 0996	NetTcpActivator - ok
02:32:46.0865 0996	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:46.0881 0996	NetTcpPortSharing - ok
02:32:46.0943 0996	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:32:46.0959 0996	nfrd960 - ok
02:32:47.0021 0996	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:32:47.0084 0996	NlaSvc - ok
02:32:47.0302 0996	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
02:32:47.0396 0996	NOBU - ok
02:32:47.0536 0996	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:32:47.0583 0996	Npfs - ok
02:32:47.0614 0996	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:32:47.0661 0996	nsi - ok
02:32:47.0692 0996	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:32:47.0755 0996	nsiproxy - ok
02:32:47.0879 0996	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:32:47.0942 0996	Ntfs - ok
02:32:48.0082 0996	NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
02:32:48.0082 0996	NTI IScheduleSvc - ok
02:32:48.0254 0996	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
02:32:48.0254 0996	NTIDrvr - ok
02:32:48.0269 0996	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:32:48.0301 0996	Null - ok
02:32:48.0925 0996	nvlddmkm        (5c3416c9f61809bbdffe6fac0c252520) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:32:49.0268 0996	nvlddmkm - ok
02:32:49.0424 0996	nvpciflt        (10ea8a8bb2978c510f5892fcce62b00d) C:\Windows\system32\DRIVERS\nvpciflt.sys
02:32:49.0439 0996	nvpciflt - ok
02:32:49.0486 0996	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:32:49.0502 0996	nvraid - ok
02:32:49.0517 0996	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:32:49.0533 0996	nvstor - ok
02:32:49.0595 0996	nvsvc           (d9617ef20708dcee76828865122b560f) C:\Windows\system32\nvvsvc.exe
02:32:49.0611 0996	nvsvc - ok
02:32:49.0767 0996	nvUpdatusService (2848e9b51c7a5d3efad44de9834c1d74) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:32:49.0829 0996	nvUpdatusService - ok
02:32:50.0001 0996	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:32:50.0017 0996	nv_agp - ok
02:32:50.0063 0996	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:32:50.0079 0996	ohci1394 - ok
02:32:50.0204 0996	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:32:50.0219 0996	ose - ok
02:32:50.0500 0996	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:32:50.0656 0996	osppsvc - ok
02:32:50.0765 0996	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:32:50.0859 0996	p2pimsvc - ok
02:32:50.0906 0996	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:32:50.0937 0996	p2psvc - ok
02:32:51.0015 0996	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:32:51.0031 0996	Parport - ok
02:32:51.0077 0996	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:32:51.0093 0996	partmgr - ok
02:32:51.0124 0996	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:32:51.0155 0996	PcaSvc - ok
02:32:51.0202 0996	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:32:51.0202 0996	pci - ok
02:32:51.0249 0996	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:32:51.0249 0996	pciide - ok
02:32:51.0280 0996	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:32:51.0296 0996	pcmcia - ok
02:32:51.0311 0996	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:32:51.0327 0996	pcw - ok
02:32:51.0374 0996	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:32:51.0436 0996	PEAUTH - ok
02:32:51.0530 0996	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:32:51.0717 0996	PerfHost - ok
02:32:51.0920 0996	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:32:51.0998 0996	pla - ok
02:32:52.0060 0996	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:32:52.0107 0996	PlugPlay - ok
02:32:52.0138 0996	PnkBstrA - ok
02:32:52.0169 0996	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:32:52.0185 0996	PNRPAutoReg - ok
02:32:52.0216 0996	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:32:52.0232 0996	PNRPsvc - ok
02:32:52.0294 0996	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:32:52.0341 0996	PolicyAgent - ok
02:32:52.0403 0996	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:32:52.0435 0996	Power - ok
02:32:52.0528 0996	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:32:52.0575 0996	PptpMiniport - ok
02:32:52.0622 0996	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:32:52.0637 0996	Processor - ok
02:32:52.0700 0996	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:32:52.0762 0996	ProfSvc - ok
02:32:52.0825 0996	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:52.0825 0996	ProtectedStorage - ok
02:32:52.0887 0996	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:32:52.0949 0996	Psched - ok
02:32:53.0059 0996	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:32:53.0121 0996	ql2300 - ok
02:32:53.0261 0996	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:32:53.0277 0996	ql40xx - ok
02:32:53.0324 0996	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:32:53.0339 0996	QWAVE - ok
02:32:53.0386 0996	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:32:53.0417 0996	QWAVEdrv - ok
02:32:53.0433 0996	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:32:53.0480 0996	RasAcd - ok
02:32:53.0527 0996	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:32:53.0589 0996	RasAgileVpn - ok
02:32:53.0636 0996	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:32:53.0683 0996	RasAuto - ok
02:32:53.0745 0996	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:32:53.0792 0996	Rasl2tp - ok
02:32:53.0839 0996	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:32:53.0917 0996	RasMan - ok
02:32:53.0948 0996	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:32:53.0979 0996	RasPppoe - ok
02:32:54.0026 0996	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:32:54.0073 0996	RasSstp - ok
02:32:54.0119 0996	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:32:54.0182 0996	rdbss - ok
02:32:54.0197 0996	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:32:54.0197 0996	rdpbus - ok
02:32:54.0213 0996	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:32:54.0260 0996	RDPCDD - ok
02:32:54.0307 0996	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:32:54.0353 0996	RDPENCDD - ok
02:32:54.0385 0996	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:32:54.0431 0996	RDPREFMP - ok
02:32:54.0478 0996	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:32:54.0525 0996	RDPWD - ok
02:32:54.0603 0996	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:32:54.0634 0996	rdyboost - ok
02:32:54.0681 0996	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:32:54.0728 0996	RemoteAccess - ok
02:32:54.0775 0996	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:32:54.0837 0996	RemoteRegistry - ok
02:32:54.0899 0996	RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
02:32:54.0946 0996	RMCAST - ok
02:32:54.0962 0996	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:32:55.0009 0996	RpcEptMapper - ok
02:32:55.0024 0996	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:32:55.0040 0996	RpcLocator - ok
02:32:55.0133 0996	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:32:55.0180 0996	RpcSs - ok
02:32:55.0196 0996	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:32:55.0243 0996	rspndr - ok
02:32:55.0305 0996	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
02:32:55.0321 0996	RSUSBSTOR - ok
02:32:55.0352 0996	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:55.0367 0996	SamSs - ok
02:32:55.0414 0996	SANDRA - ok
02:32:55.0445 0996	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:32:55.0461 0996	sbp2port - ok
02:32:55.0617 0996	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
02:32:55.0664 0996	SBSDWSCService - ok
02:32:55.0695 0996	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:32:55.0742 0996	SCardSvr - ok
02:32:55.0789 0996	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:32:55.0851 0996	scfilter - ok
02:32:55.0945 0996	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:32:56.0023 0996	Schedule - ok
02:32:56.0054 0996	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:32:56.0101 0996	SCPolicySvc - ok
02:32:56.0147 0996	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:32:56.0163 0996	SDRSVC - ok
02:32:56.0241 0996	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:32:56.0272 0996	secdrv - ok
02:32:56.0335 0996	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:32:56.0381 0996	seclogon - ok
02:32:56.0428 0996	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:32:56.0459 0996	SENS - ok
02:32:56.0491 0996	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:32:56.0522 0996	SensrSvc - ok
02:32:56.0553 0996	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:32:56.0584 0996	Serenum - ok
02:32:56.0631 0996	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:32:56.0647 0996	Serial - ok
02:32:56.0678 0996	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:32:56.0693 0996	sermouse - ok
02:32:56.0740 0996	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:32:56.0803 0996	SessionEnv - ok
02:32:56.0834 0996	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:32:56.0881 0996	sffdisk - ok
02:32:56.0896 0996	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:32:56.0912 0996	sffp_mmc - ok
02:32:56.0943 0996	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:32:56.0959 0996	sffp_sd - ok
02:32:56.0990 0996	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:32:57.0021 0996	sfloppy - ok
02:32:57.0115 0996	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
02:32:57.0146 0996	Sftfs - ok
02:32:57.0271 0996	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
02:32:57.0302 0996	sftlist - ok
02:32:57.0458 0996	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:32:57.0473 0996	Sftplay - ok
02:32:57.0520 0996	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:32:57.0520 0996	Sftredir - ok
02:32:57.0551 0996	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
02:32:57.0551 0996	Sftvol - ok
02:32:57.0629 0996	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
02:32:57.0645 0996	sftvsa - ok
02:32:57.0692 0996	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:32:57.0754 0996	SharedAccess - ok
02:32:57.0817 0996	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:32:57.0879 0996	ShellHWDetection - ok
02:32:57.0895 0996	simptcp         (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
02:32:57.0910 0996	simptcp - ok
02:32:57.0941 0996	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:32:57.0957 0996	SiSRaid2 - ok
02:32:57.0957 0996	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:32:57.0973 0996	SiSRaid4 - ok
02:32:57.0988 0996	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:32:58.0035 0996	Smb - ok
02:32:58.0097 0996	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:32:58.0129 0996	SNMPTRAP - ok
02:32:58.0144 0996	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:32:58.0144 0996	spldr - ok
02:32:58.0222 0996	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:32:58.0269 0996	Spooler - ok
02:32:58.0472 0996	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:32:58.0597 0996	sppsvc - ok
02:32:58.0706 0996	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:32:58.0753 0996	sppuinotify - ok
02:32:58.0831 0996	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:32:58.0877 0996	srv - ok
02:32:58.0940 0996	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:32:58.0987 0996	srv2 - ok
02:32:59.0002 0996	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:32:59.0018 0996	srvnet - ok
02:32:59.0080 0996	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:32:59.0143 0996	SSDPSRV - ok
02:32:59.0143 0996	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:32:59.0189 0996	SstpSvc - ok
02:32:59.0221 0996	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:32:59.0236 0996	stexstor - ok
02:32:59.0314 0996	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:32:59.0361 0996	stisvc - ok
02:32:59.0392 0996	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:32:59.0408 0996	swenum - ok
02:32:59.0626 0996	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:32:59.0689 0996	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
02:32:59.0689 0996	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
02:32:59.0751 0996	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:32:59.0845 0996	swprv - ok
02:32:59.0985 0996	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:33:00.0079 0996	SysMain - ok
02:33:00.0219 0996	SystemExplorerHelpService (2ba0aa235e90cc14c2612ffc31ff686e) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
02:33:00.0250 0996	SystemExplorerHelpService - ok
02:33:00.0375 0996	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:33:00.0406 0996	TabletInputService - ok
02:33:00.0469 0996	tandpl - ok
02:33:00.0547 0996	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:33:00.0625 0996	TapiSrv - ok
02:33:00.0640 0996	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:33:00.0687 0996	TBS - ok
02:33:00.0859 0996	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:33:00.0921 0996	Tcpip - ok
02:33:01.0171 0996	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:33:01.0217 0996	TCPIP6 - ok
02:33:01.0311 0996	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:33:01.0358 0996	tcpipreg - ok
02:33:01.0389 0996	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:33:01.0420 0996	TDPIPE - ok
02:33:01.0451 0996	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:33:01.0483 0996	TDTCP - ok
02:33:01.0514 0996	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:33:01.0576 0996	tdx - ok
02:33:01.0607 0996	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:33:01.0623 0996	TermDD - ok
02:33:01.0701 0996	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:33:01.0779 0996	TermService - ok
02:33:01.0810 0996	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:33:01.0826 0996	Themes - ok
02:33:01.0857 0996	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:33:01.0888 0996	THREADORDER - ok
02:33:01.0919 0996	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:33:01.0951 0996	TrkWks - ok
02:33:02.0029 0996	truecrypt       (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
02:33:02.0044 0996	truecrypt - ok
02:33:02.0122 0996	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:33:02.0185 0996	TrustedInstaller - ok
02:33:02.0216 0996	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:33:02.0263 0996	tssecsrv - ok
02:33:02.0341 0996	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:33:02.0372 0996	TsUsbFlt - ok
02:33:02.0419 0996	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:33:02.0481 0996	tunnel - ok
02:33:02.0512 0996	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:33:02.0528 0996	uagp35 - ok
02:33:02.0559 0996	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
02:33:02.0559 0996	UBHelper - ok
02:33:02.0621 0996	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:33:02.0684 0996	udfs - ok
02:33:02.0731 0996	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:33:02.0746 0996	UI0Detect - ok
02:33:02.0809 0996	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:33:02.0809 0996	uliagpkx - ok
02:33:02.0887 0996	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:33:02.0902 0996	umbus - ok
02:33:02.0949 0996	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:33:02.0965 0996	UmPass - ok
02:33:03.0167 0996	UNS             (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:33:03.0245 0996	UNS - ok
02:33:03.0355 0996	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
02:33:03.0370 0996	Updater Service - ok
02:33:03.0526 0996	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:33:03.0573 0996	upnphost - ok
02:33:03.0635 0996	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:33:03.0651 0996	usbccgp - ok
02:33:03.0682 0996	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:33:03.0713 0996	usbcir - ok
02:33:03.0729 0996	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:33:03.0745 0996	usbehci - ok
02:33:03.0823 0996	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:33:03.0901 0996	usbhub - ok
02:33:03.0916 0996	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:33:03.0932 0996	usbohci - ok
02:33:03.0994 0996	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:33:04.0025 0996	usbprint - ok
02:33:04.0088 0996	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:33:04.0088 0996	usbscan - ok
02:33:04.0135 0996	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:33:04.0150 0996	USBSTOR - ok
02:33:04.0166 0996	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:33:04.0197 0996	usbuhci - ok
02:33:04.0259 0996	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:33:04.0291 0996	usbvideo - ok
02:33:04.0322 0996	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:33:04.0353 0996	UxSms - ok
02:33:04.0415 0996	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:33:04.0431 0996	VaultSvc - ok
02:33:04.0509 0996	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
02:33:04.0525 0996	VClone - ok
02:33:04.0571 0996	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:33:04.0587 0996	vdrvroot - ok
02:33:04.0696 0996	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:33:04.0759 0996	vds - ok
02:33:04.0790 0996	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:33:04.0805 0996	vga - ok
02:33:04.0837 0996	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:33:04.0868 0996	VgaSave - ok
02:33:04.0915 0996	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:33:04.0946 0996	vhdmp - ok
02:33:04.0977 0996	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:33:04.0993 0996	viaide - ok
02:33:05.0039 0996	VirtualDisk_U   (cd367c435d46a00212b13dac56372741) C:\Windows\system32\drivers\virtualdisk_u.sys
02:33:05.0039 0996	VirtualDisk_U - ok
02:33:05.0055 0996	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:33:05.0071 0996	volmgr - ok
02:33:05.0133 0996	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:33:05.0164 0996	volmgrx - ok
02:33:05.0195 0996	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:33:05.0211 0996	volsnap - ok
02:33:05.0258 0996	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:33:05.0273 0996	vsmraid - ok
02:33:05.0414 0996	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:33:05.0507 0996	VSS - ok
02:33:05.0648 0996	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:33:05.0679 0996	vwifibus - ok
02:33:05.0726 0996	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:33:05.0757 0996	vwififlt - ok
02:33:05.0819 0996	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:33:05.0866 0996	W32Time - ok
02:33:05.0975 0996	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
02:33:06.0007 0996	W3SVC - ok
02:33:06.0022 0996	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:33:06.0053 0996	WacomPen - ok
02:33:06.0131 0996	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:33:06.0178 0996	WANARP - ok
02:33:06.0194 0996	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:33:06.0225 0996	Wanarpv6 - ok
02:33:06.0272 0996	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
02:33:06.0272 0996	WAS - ok
02:33:06.0412 0996	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:33:06.0459 0996	WatAdminSvc - ok
02:33:06.0568 0996	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:33:06.0646 0996	wbengine - ok
02:33:06.0771 0996	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:33:06.0802 0996	WbioSrvc - ok
02:33:06.0865 0996	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:33:06.0911 0996	wcncsvc - ok
02:33:06.0911 0996	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:33:06.0943 0996	WcsPlugInService - ok
02:33:07.0021 0996	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:33:07.0021 0996	Wd - ok
02:33:07.0083 0996	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:33:07.0099 0996	Wdf01000 - ok
02:33:07.0114 0996	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:33:07.0192 0996	WdiServiceHost - ok
02:33:07.0192 0996	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:33:07.0208 0996	WdiSystemHost - ok
02:33:07.0270 0996	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:33:07.0301 0996	WebClient - ok
02:33:07.0333 0996	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:33:07.0395 0996	Wecsvc - ok
02:33:07.0426 0996	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:33:07.0473 0996	wercplsupport - ok
02:33:07.0504 0996	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:33:07.0567 0996	WerSvc - ok
02:33:07.0629 0996	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:33:07.0676 0996	WfpLwf - ok
02:33:07.0676 0996	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:33:07.0691 0996	WIMMount - ok
02:33:07.0785 0996	WinDefend - ok
02:33:07.0785 0996	WinHttpAutoProxySvc - ok
02:33:07.0863 0996	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:33:07.0910 0996	Winmgmt - ok
02:33:08.0066 0996	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:33:08.0159 0996	WinRM - ok
02:33:08.0331 0996	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:33:08.0347 0996	WinUsb - ok
02:33:08.0425 0996	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:33:08.0440 0996	Wlansvc - ok
02:33:08.0503 0996	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:33:08.0503 0996	WmiAcpi - ok
02:33:08.0581 0996	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:33:08.0612 0996	wmiApSrv - ok
02:33:08.0690 0996	WMPNetworkSvc - ok
02:33:08.0721 0996	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:33:08.0752 0996	WPCSvc - ok
02:33:08.0799 0996	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:33:08.0815 0996	WPDBusEnum - ok
02:33:08.0830 0996	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:33:08.0877 0996	ws2ifsl - ok
02:33:08.0908 0996	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:33:08.0924 0996	wscsvc - ok
02:33:08.0924 0996	WSearch - ok
02:33:09.0095 0996	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:33:09.0205 0996	wuauserv - ok
02:33:09.0361 0996	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:33:09.0407 0996	WudfPf - ok
02:33:09.0439 0996	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:33:09.0501 0996	WUDFRd - ok
02:33:09.0548 0996	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:33:09.0579 0996	wudfsvc - ok
02:33:09.0626 0996	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:33:09.0657 0996	WwanSvc - ok
02:33:09.0782 0996	X6va006 - ok
02:33:09.0813 0996	X6va007 - ok
02:33:09.0891 0996	X6va008 - ok
02:33:09.0922 0996	ZTEusbmdm6k - ok
02:33:09.0922 0996	ZTEusbnmea - ok
02:33:09.0953 0996	ZTEusbser6k - ok
02:33:09.0969 0996	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:33:10.0343 0996	\Device\Harddisk0\DR0 - ok
02:33:10.0359 0996	Boot (0x1200)   (4f0561195422c4d5fffc1e9e808efec1) \Device\Harddisk0\DR0\Partition0
02:33:10.0359 0996	\Device\Harddisk0\DR0\Partition0 - ok
02:33:10.0390 0996	Boot (0x1200)   (80f3810c932c7533fa9b7ce636651fba) \Device\Harddisk0\DR0\Partition1
02:33:10.0390 0996	\Device\Harddisk0\DR0\Partition1 - ok
02:33:10.0390 0996	============================================================
02:33:10.0390 0996	Scan finished
02:33:10.0390 0996	============================================================
02:33:10.0406 1132	Detected object count: 6
02:33:10.0406 1132	Actual detected object count: 6
02:35:14.0036 1132	Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0036 1132	Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:35:14.0052 1132	DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0052 1132	DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:35:14.0067 1132	FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0067 1132	FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:35:14.0083 1132	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0083 1132	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:35:14.0098 1132	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0098 1132	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:35:14.0145 1132	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
02:35:14.0145 1132	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.08.2012, 22:39   #10
hilfe8545
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



wie sieht es aus?
was muss ich nun noch machen?

Alt 08.08.2012, 18:24   #11
markusg
/// Malware-holic
 
windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - Standard

windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen



sieht gut aus.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen
administrator, aktion, anti-malware, appdata, autostart, code, ctfmon.lnk, dateien, downloads, einträge, explorer, gvu-trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, log-datei, malwarebytes, microsoft, minute, nichts, programm, pup.hacktool.havis, pup.passwordtool, registrierung, roaming, service, speicher, startup, temp, version, webcam, windows, windows 7



Ähnliche Themen: windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen


  1. GVU Trojaner - Trojan.Ransom.RRE
    Log-Analyse und Auswertung - 13.05.2013 (19)
  2. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  3. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  4. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  5. GVU Trojaner mit Webcam Win7 Trojan.Ransom.FGen
    Plagegeister aller Art und deren Bekämpfung - 24.12.2012 (30)
  6. Polizei Österreich Trojaner (Trojan.Reveton und Trojan.Ransom)
    Log-Analyse und Auswertung - 22.12.2012 (13)
  7. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  8. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (31)
  9. GVU Trojaner 2.07/Trojan.Ransom/Windows 7 - wie werde ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  10. GVU-Trojaner: Trojan.Ransom.Gen
    Log-Analyse und Auswertung - 01.10.2012 (9)
  11. Trojaner-Infektion auf Windows Vista (Exploit.Drop, Trojan.Ransom.Gen...)
    Log-Analyse und Auswertung - 30.08.2012 (3)
  12. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  13. GVU-Trojaner WEbcam /Trojan.Ransom.Gen sicher und endgültig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (18)
  14. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  15. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  16. DVU Trojaner auf eeePC/Windows 7 Starter (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 19.07.2012 (5)
  17. Trojaner , Trojan:Win32/Ransom.EJ auf dem Netbook. Windows Version blockiert.
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (1)

Zum Thema windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen - hallo, auch mich hat wohl der gvu-trojaner erwischt. nun habe ich einen vollständigen systemcheck mit " Malwarebytes Anti-Malware " gemacht und dieser hat auch was gefunden, hier die log-datei: Code: - windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen...
Archiv
Du betrachtest: windows 7 / GVU-trojaner mit webcam / Trojan.Ransom.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.