Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virenüberprüfung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2013, 20:23   #1
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hallo,

als ich gerade eben auf einer "anrüchigen" Webseite auf meinem PC rumsurfte, kam plötzlich ein Pop-Up, wo ich sofort misstrauisch wurde, weil es so aussah, dass irgendein Programm geöffnet wird. (das Pop-Up-Fenster blieb blanko, aber ein neuer Tab (Windows-Leiste) öffnete sich, der mit dem typischen Anwendungs-Icon versehen war, aber es passierte nichts). Ich war mir sofort Klaren, dass irgendeine Anwendung (Virus) sich im Hintergrund geöffnet hat. Folglich habe ich sofort den PC heruntergefahren und bin nun am PC meiner Eltern.

Könnt ihr mir bitte sagen, wie ich nun einen Virenscan (bzw. mitw elchem Program) odurchführen soll bzw. was ich tun soll, um einen potenziellen Virus zu bekämpfen, ohne dass Schaden angerechnet wird?

Ich habe Windows 7 und G-Data als Virenscanner und Firewall.


Vielen Dank für die Hilfe!

Liebe Grüße
Yoshi08

Habe ich irgendeine Forenregel nicht beachtet? Weil ich bräuchte meinen PC ziemlich dringend zum Arbeiten..

Ich hätte den Betreff präzisieren können: "Angeblicher Virus durch Pop-Up"

Wenn ihr Informationen braucht, einfach sagen.

Vielen Dank nochmals!

Alt 02.01.2013, 15:02   #2
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



Hi
jeder der hier her kommt, benötigt seinen PC, keiner wird schneller bearbeitet als ein anderer, und, falls du es vergessen hast, gestern war ein Feiertag.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 02.01.2013, 18:46   #3
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Lieber markusg,

da hast Du völlig Recht, wir hatten schließlich Neujahr und man bekommt hier kostenlose Hilfe. Meine Ungeduld war wirklich in keinster Weise gerechtfertigt, es tut mir ernsthaft Leid.

Ich habe an meinem PC den Scan durchgeführt. (ich habe ihn ganz normal gestartet, also nicht im abgesicherten Modus, das Fritz-Wlan-Modem zur Sicherheit herausgesteckt, dass der PC keine Internetverbindung hat.)

Die LOP- und Purity-Prüfung sowie "Scanne alle Benutzer" habe ich aktiviert, da es so auf dem Bild des Trojaner-Boards stand. Ich hoffe, das war ok so.

Die "Extra-Registrierung", die ja wichtig ist, da sonst keine Extras.txt-Datei erstellt wird, wird jedoch immer beim Start automatisch auf "aus" gesetzt, wenn ich einen "Quick Scan" durchführe.

Deshalb habe ich mir erlaubt, einen normalen "Scan" durchzuführen. Ich hoffe, das ist ok so.

Liebe Grüße
Yoshi08

OTL-Logfile

Code:
ATTFilter
OTL logfile created on: 02.01.2013 19:41:18 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oliver\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 66,97% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 66,92 Gb Free Space | 14,37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 149,05 Gb Total Space | 3,96 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive F: | 1,85 Gb Total Space | 0,54 Gb Free Space | 29,10% Space Free | Partition Type: FAT
 
Computer Name: OLIVERPC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.02 18:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
PRC - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.03.15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009.03.15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009.03.15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.08 12:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.12.08 00:07:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.04.29 09:27:44 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.08 16:24:32 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.10.08 15:03:13 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.10.08 15:03:13 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.10.08 15:03:13 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.09.29 13:59:50 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.07.29 17:13:03 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 20:11:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.30 10:18:52 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.22 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.27 21:36:11 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.11.15 22:45:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 09:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.05.25 07:51:00 | 000,207,872 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.11.29 06:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.10.28 01:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.04.28 14:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.02.22 17:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2007.01.29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.06.24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.03.27 13:44:03 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.01 22:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 00:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.08 00:07:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.01 22:54:48 | 000,000,000 | ---D | M]
 
[2011.10.06 09:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions
[2012.12.01 00:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions
[2012.10.05 00:24:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.25 18:43:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.29 13:39:54 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\bjlhf82i.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2012.12.01 00:06:30 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\bjlhf82i.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.08 00:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.08 00:07:23 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.12.08 00:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.12.08 00:07:33 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.25 11:24:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 23:27:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 11:24:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 11:24:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 11:24:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 11:24:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.06 22:00:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A0A3DA-E17D-4D5E-9082-4E1681ADB89D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BBCBF1DE-CFC6-DE2F-DDDA-AACFC07ADEB4} - C:\Users\Oliver\AppData\Roaming\WinDefender.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Oliver\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.02 19:39:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
[2012.12.27 14:52:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.27 14:52:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.27 14:52:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.27 14:52:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.27 14:51:17 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.27 14:51:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.27 14:51:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.27 14:51:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.27 14:51:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.27 14:51:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.27 14:51:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.27 14:51:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.27 14:51:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.27 14:51:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.27 14:51:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.27 14:51:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.27 14:51:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.27 14:51:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.27 14:51:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.27 14:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.27 14:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.27 14:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.27 14:51:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.27 14:51:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.27 14:51:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.27 14:51:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.27 14:51:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.27 14:51:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.27 14:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.27 14:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.27 14:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.27 14:51:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.27 14:50:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.12.27 14:50:49 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.12.27 14:50:49 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.12.27 14:50:40 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.12.27 14:50:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.12.27 14:50:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.27 14:50:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.27 14:50:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.12.27 14:50:36 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.12.27 14:50:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.12.17 01:00:25 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\frisur
[2012.12.16 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Catullneuueste
[2012.12.08 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.02 18:49:29 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.02 18:49:29 | 000,645,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.02 18:49:29 | 000,607,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.02 18:49:29 | 000,126,904 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.02 18:49:29 | 000,104,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.02 18:36:26 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 18:36:26 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 18:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
[2013.01.02 18:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.02 18:28:51 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.01 20:27:36 | 000,648,474 | ---- | M] () -- C:\Users\Oliver\Desktop\standbild.png
[2012.12.29 04:54:05 | 000,932,469 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.12.29 04:54:05 | 000,050,597 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.12.28 18:24:27 | 000,312,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 19:06:16 | 000,195,524 | ---- | M] () -- C:\Users\Oliver\Documents\Handout.pdf
[2012.12.20 18:56:48 | 000,215,645 | ---- | M] () -- C:\Users\Oliver\Documents\feeeeeeeeeee.pdf
[2012.12.20 18:56:28 | 000,217,112 | ---- | M] () -- C:\feeeeeeeeeee.pdf
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.09 16:22:07 | 000,171,716 | ---- | M] () -- C:\Users\Oliver\Documents\Planungsmatrix.pdf
 
========== Files Created - No Company Name ==========
 
[2013.01.01 20:27:36 | 000,648,474 | ---- | C] () -- C:\Users\Oliver\Desktop\standbild.png
[2012.12.20 19:06:14 | 000,195,524 | ---- | C] () -- C:\Users\Oliver\Documents\Handout.pdf
[2012.12.20 18:56:48 | 000,215,645 | ---- | C] () -- C:\Users\Oliver\Documents\feeeeeeeeeee.pdf
[2012.12.20 18:56:28 | 000,217,112 | ---- | C] () -- C:\feeeeeeeeeee.pdf
[2012.12.09 16:22:06 | 000,171,716 | ---- | C] () -- C:\Users\Oliver\Documents\Planungsmatrix.pdf
[2012.11.11 17:15:22 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.11.11 17:15:22 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.09.29 14:02:38 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.22 17:28:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable
[2011.10.03 09:21:36 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.06 21:49:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.06 21:49:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.06 21:49:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.06 21:49:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.06 21:49:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.01 09:32:57 | 000,932,469 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.06.27 19:21:28 | 000,000,838 | ---- | C] () -- C:\Users\Oliver\.recently-used.xbel
[2011.06.01 22:50:09 | 000,176,186 | ---- | C] () -- C:\Windows\hphins27.dat
[2011.06.01 22:50:09 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.04.03 18:51:45 | 000,024,576 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 14:20:58 | 000,007,598 | ---- | C] () -- C:\Users\Oliver\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.02.07 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Canneverbe Limited
[2012.09.11 18:40:19 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DAEMON Tools Lite
[2010.03.24 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Design Science
[2012.05.29 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Downloaded Installations
[2010.10.05 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.29 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FileOpen
[2012.05.29 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FreePDF
[2011.04.10 18:04:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\gtk-2.0
[2012.12.23 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ICQ
[2012.03.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\IrfanView
[2009.12.06 14:12:13 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Leadertech
[2010.06.29 15:59:53 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mobipocket
[2012.02.29 21:00:01 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Need for Speed World
[2012.06.03 15:12:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nitro PDF
[2010.04.13 16:19:01 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\pokerth
[2009.12.06 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\smc
[2010.12.04 14:16:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TeamViewer
[2009.12.06 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TrueCrypt
[2010.09.28 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Video DVD Maker FREE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.07.06 22:00:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.12.19 20:16:45 | 000,000,000 | ---D | M] -- C:\Aniem mix
[2010.01.15 16:00:48 | 000,000,000 | ---D | M] -- C:\ATI
[2011.09.28 15:05:11 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.14 10:56:06 | 000,000,000 | ---D | M] -- C:\CoD MW3
[2012.11.12 01:29:28 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.17 15:51:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.02.03 18:22:45 | 000,000,000 | ---D | M] -- C:\Filme
[2010.10.10 12:46:52 | 000,000,000 | ---D | M] -- C:\ISOs
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.11.07 17:42:34 | 000,000,000 | ---D | M] -- C:\Pics
[2010.10.03 14:32:09 | 000,000,000 | ---D | M] -- C:\PKMN
[2012.11.04 12:27:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.09 01:04:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.09.30 13:34:48 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.09.17 15:51:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.06 22:04:09 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.12.06 14:31:00 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.02.03 12:26:21 | 000,000,000 | ---D | M] -- C:\Spiele
[2009.10.30 20:54:23 | 000,000,000 | ---D | M] -- C:\SUPERPUTT
[2013.01.02 19:42:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.17 15:23:20 | 000,000,000 | ---D | M] -- C:\Team17
[2011.02.22 13:54:06 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.26 13:28:13 | 000,000,000 | ---D | M] -- C:\Windows
[2012.02.03 11:47:41 | 000,000,000 | ---D | M] -- C:\ZOliver
[2011.07.05 16:31:25 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.06.27 19:21:28 | 000,000,838 | ---- | M] () -- C:\Users\Oliver\.recently-used.xbel
[2012.02.22 17:28:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable
[2013.01.02 19:43:10 | 004,194,304 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT
[2013.01.02 19:43:10 | 000,262,144 | -HS- | M] () -- C:\Users\Oliver\ntuser.dat.LOG1
[2009.12.06 14:04:17 | 000,000,000 | -HS- | M] () -- C:\Users\Oliver\ntuser.dat.LOG2
[2009.12.06 14:04:19 | 000,065,536 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.06 14:04:19 | 000,524,288 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.06 14:04:19 | 000,524,288 | -HS- | M] () -- C:\Users\Oliver\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.12.06 14:31:04 | 000,000,020 | -HS- | M] () -- C:\Users\Oliver\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2012.05.27 12:47:05 | 000,024,064 | ---- | M] ()(C:\Users\Oliver\Desktop\?e??µta?t???e???s??.doc) -- C:\Users\Oliver\Desktop\λεοψμταλτγριεψηισψη.doc
[2012.05.27 11:46:45 | 000,024,064 | ---- | C] ()(C:\Users\Oliver\Desktop\?e??µta?t???e???s??.doc) -- C:\Users\Oliver\Desktop\λεοψμταλτγριεψηισψη.doc

< End of report >
         
Extras-Logfile

Code:
ATTFilter
OTL Extras logfile created on: 02.01.2013 19:41:18 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oliver\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 66,97% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 66,92 Gb Free Space | 14,37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 149,05 Gb Total Space | 3,96 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive F: | 1,85 Gb Total Space | 0,54 Gb Free Space | 29,10% Space Free | Partition Type: FAT
 
Computer Name: OLIVERPC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Oliver\AppData\Roaming\WinDefender.exe" = C:\Users\Oliver\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger
"C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe" = C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe:*:Enabled:Windows Messanger
"C:\Users\Oliver\AppData\Roaming\WinDefender.exe" = C:\Users\Oliver\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger
"C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe" = C:\Users\Oliver\Downloads\1295313830-NFSHP16TrainerLinGon\NFSHP+16-Trainer-LinGon.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{40CE1310-F6C5-4E67-9B24-08E98CD069F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CA9B4D4-5469-4020-87B1-60FA9CE78DDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E8E4248-E2FB-4E8A-BB64-2FC7CF9DA3DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C6FE98A-5855-4788-A7FB-8108CD90565C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF152052-AD9A-4A87-9E74-3A73E850A821}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E83518E3-FECD-480E-81C8-CD33D87779B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{382300D4-777B-4233-A98C-99EA0F6B881F}" = HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CD75E31-9E55-D89F-AAE8-8ED39A763C1E}" = ATI AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{476B3339-1C29-4660-85B9-15850DCCD4EE}" = D4300
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B961AE86-6165-0571-CEA6-8C7B88BE31EE}" = HydraVision
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6F30DBC-9003-497C-8ADD-39F90801932A}" = DJ_SF_03_D4300_Software_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"auxilium 3.1 light_is1" = auxilium 3.1 light
"AVMWLANCLI" = AVM FRITZ!WLAN
"Batch PPTX to PPT Converter" = Batch PPTX to PPT Converter
"Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Corel Home Super Putt" = Corel Home Super Putt
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube Download_is1" = Free YouTube Download 2.9
"GTA2 Game Hunter" = GTA2 Game Hunter
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"IrfanView" = IrfanView (remove only)
"KaloMa_is1" = KaloMa 4.91
"Latein-Wörterbuch_is1" = Das Latein-Wörterbuch 2.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSchach3a_is1" = N Schach 3
"Picasa 3" = Picasa 3
"PokerTH 0.8.3" = PokerTH
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 22600" = Worms Reloaded
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"Worms Armageddon" = Worms Armageddon
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2456086448-1967686859-238135647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.12.2012 20:50:35 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2012 08:22:50 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.12.2012 07:43:31 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.12.2012 13:31:48 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 27.12.2012 18:55:54 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Oliver\Downloads\SoftonicDownloader_fuer_gspot.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 28.12.2012 13:25:54 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.12.2012 23:51:34 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.12.2012 04:12:47 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.12.2012 08:12:45 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.12.2012 09:12:01 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30.12.2012 08:15:56 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.12.2012 13:05:38 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 31.12.2012 07:50:42 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2012 13:14:02 | Computer Name = OliverPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 02.01.2013 13:30:43 | Computer Name = OliverPC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.11.2012 07:03:41 | Computer Name = OliverPC | Source = BROWSER | ID = 8032
Description = 
 
Error - 05.11.2012 06:49:00 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 11.11.2012 20:29:26 | Computer Name = OliverPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Cisco Systems, Inc. VPN Service" ist als interaktiver 
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.11.2012 21:47:08 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 19.11.2012 06:52:08 | Computer Name = OliverPC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.11.2012 14:15:44 | Computer Name = OliverPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?11.?2012 um 12:02:10 unerwartet heruntergefahren.
 
Error - 09.12.2012 21:34:56 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.12.2012 20:52:13 | Computer Name = OliverPC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "M:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 23.12.2012 08:51:38 | Computer Name = OliverPC | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ     :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.0.103  registriert werden. Der Computer mit IP-Adresse 192.168.0.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 30.12.2012 22:02:28 | Computer Name = OliverPC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
__________________

Geändert von Yoshi08 (02.01.2013 um 19:05 Uhr)

Alt 02.01.2013, 19:17   #4
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



Hi
internet kann ruhig aktiv bleiben
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 20:00   #5
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hey,

ich habe einen Scan gemacht (somit war jedes Kästchen außer "loaded moduls" aktiviert), der Log sagt Folgendes:

Code:
ATTFilter
20:48:49.0910 1664  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:48:49.0925 1664  ============================================================
20:48:49.0925 1664  Current date / time: 2013/01/02 20:48:49.0925
20:48:49.0925 1664  SystemInfo:
20:48:49.0925 1664  
20:48:49.0925 1664  OS Version: 6.1.7601 ServicePack: 1.0
20:48:49.0925 1664  Product type: Workstation
20:48:49.0925 1664  ComputerName: OLIVERPC
20:48:49.0925 1664  UserName: Oliver
20:48:49.0925 1664  Windows directory: C:\Windows
20:48:49.0925 1664  System windows directory: C:\Windows
20:48:49.0925 1664  Running under WOW64
20:48:49.0925 1664  Processor architecture: Intel x64
20:48:49.0925 1664  Number of processors: 4
20:48:49.0925 1664  Page size: 0x1000
20:48:49.0925 1664  Boot type: Normal boot
20:48:49.0925 1664  ============================================================
20:48:50.0846 1664  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:50.0846 1664  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:50.0861 1664  Drive \Device\Harddisk2\DR6 - Size: 0x76800000 (1.85 Gb), SectorSize: 0x200, Cylinders: 0xF1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:48:50.0861 1664  ============================================================
20:48:50.0861 1664  \Device\Harddisk0\DR0:
20:48:50.0861 1664  MBR partitions:
20:48:50.0861 1664  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
20:48:50.0861 1664  \Device\Harddisk1\DR1:
20:48:50.0861 1664  MBR partitions:
20:48:50.0861 1664  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
20:48:50.0861 1664  \Device\Harddisk2\DR6:
20:48:50.0861 1664  MBR partitions:
20:48:50.0861 1664  \Device\Harddisk2\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B3FE0
20:48:50.0861 1664  ============================================================
20:48:50.0877 1664  C: <-> \Device\Harddisk0\DR0\Partition1
20:48:50.0877 1664  E: <-> \Device\Harddisk1\DR1\Partition1
20:48:50.0877 1664  ============================================================
20:48:50.0877 1664  Initialize success
20:48:50.0877 1664  ============================================================
20:49:37.0271 2336  ============================================================
20:49:37.0271 2336  Scan started
20:49:37.0271 2336  Mode: Manual; SigCheck; TDLFS; 
20:49:37.0271 2336  ============================================================
20:49:37.0739 2336  ================ Scan system memory ========================
20:49:37.0739 2336  System memory - ok
20:49:37.0739 2336  ================ Scan services =============================
20:49:37.0926 2336  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:49:38.0082 2336  1394ohci - ok
20:49:38.0098 2336  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:49:38.0114 2336  ACPI - ok
20:49:38.0129 2336  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:49:38.0238 2336  AcpiPmi - ok
20:49:38.0379 2336  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:38.0410 2336  AdobeARMservice - ok
20:49:38.0457 2336  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:49:38.0504 2336  adp94xx - ok
20:49:38.0519 2336  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:49:38.0535 2336  adpahci - ok
20:49:38.0550 2336  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:49:38.0566 2336  adpu320 - ok
20:49:38.0613 2336  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:49:38.0753 2336  AeLookupSvc - ok
20:49:38.0816 2336  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:49:38.0909 2336  AFD - ok
20:49:38.0956 2336  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:49:38.0987 2336  agp440 - ok
20:49:39.0159 2336  [ 1125C7D9FB8898015829C387C1BC87C7 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:49:39.0159 2336  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125C7D9FB8898015829C387C1BC87C7
20:49:39.0159 2336  Akamai ( HiddenFile.Multi.Generic ) - warning
20:49:39.0159 2336  Akamai - detected HiddenFile.Multi.Generic (1)
20:49:39.0206 2336  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:49:39.0268 2336  ALG - ok
20:49:39.0299 2336  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:49:39.0315 2336  aliide - ok
20:49:39.0330 2336  [ 87E226C0E11182943D28E8BEC61618CD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:49:39.0440 2336  AMD External Events Utility - ok
20:49:39.0549 2336  AMD FUEL Service - ok
20:49:39.0549 2336  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:49:39.0580 2336  amdide - ok
20:49:39.0596 2336  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
20:49:39.0642 2336  amdiox64 - ok
20:49:39.0689 2336  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:49:39.0752 2336  AmdK8 - ok
20:49:39.0970 2336  [ 446A1AAD34191665A8DF6092BD8EB5A8 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:49:40.0266 2336  amdkmdag - ok
20:49:40.0298 2336  [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:49:40.0329 2336  amdkmdap - ok
20:49:40.0407 2336  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:49:40.0485 2336  AmdPPM - ok
20:49:40.0547 2336  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:49:40.0578 2336  amdsata - ok
20:49:40.0594 2336  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:49:40.0610 2336  amdsbs - ok
20:49:40.0625 2336  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:49:40.0625 2336  amdxata - ok
20:49:40.0734 2336  [ B01289CC07A2E21C4EFCA722D1EFB243 ] AMD_RAIDXpert   C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
20:49:40.0766 2336  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
20:49:40.0766 2336  AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
20:49:40.0812 2336  [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:49:40.0828 2336  AODDriver4.01 - ok
20:49:40.0890 2336  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:49:41.0046 2336  AppID - ok
20:49:41.0093 2336  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:49:41.0171 2336  AppIDSvc - ok
20:49:41.0249 2336  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:49:41.0358 2336  Appinfo - ok
20:49:41.0561 2336  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:49:41.0592 2336  arc - ok
20:49:41.0592 2336  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:49:41.0608 2336  arcsas - ok
20:49:41.0624 2336  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:41.0702 2336  AsyncMac - ok
20:49:41.0733 2336  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:49:41.0764 2336  atapi - ok
20:49:41.0811 2336  [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:49:41.0826 2336  AtiHDAudioService - ok
20:49:41.0842 2336  [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:49:41.0858 2336  AtiHdmiService - ok
20:49:42.0029 2336  [ 446A1AAD34191665A8DF6092BD8EB5A8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:49:42.0154 2336  atikmdag - ok
20:49:42.0201 2336  [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:49:42.0248 2336  AtiPcie - ok
20:49:42.0310 2336  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:49:42.0388 2336  AudioEndpointBuilder - ok
20:49:42.0404 2336  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:49:42.0435 2336  AudioSrv - ok
20:49:42.0575 2336  [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy        C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
20:49:42.0622 2336  AVKProxy - ok
20:49:42.0747 2336  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
20:49:42.0778 2336  AVKService - ok
20:49:42.0872 2336  [ 22F1444896844B0462359825EF628507 ] AVKWCtl         C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe
20:49:42.0934 2336  AVKWCtl - ok
20:49:42.0965 2336  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
20:49:43.0012 2336  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
20:49:43.0012 2336  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
20:49:43.0059 2336  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
20:49:43.0106 2336  avmeject - ok
20:49:43.0152 2336  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:49:43.0277 2336  AxInstSV - ok
20:49:43.0340 2336  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:49:43.0371 2336  b06bdrv - ok
20:49:43.0418 2336  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:49:43.0480 2336  b57nd60a - ok
20:49:43.0542 2336  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:49:43.0589 2336  BDESVC - ok
20:49:43.0620 2336  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:49:43.0698 2336  Beep - ok
20:49:43.0761 2336  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:49:43.0808 2336  BFE - ok
20:49:43.0839 2336  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
20:49:43.0886 2336  BITS - ok
20:49:43.0964 2336  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:44.0010 2336  blbdrive - ok
20:49:44.0057 2336  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:49:44.0088 2336  bowser - ok
20:49:44.0104 2336  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:49:44.0166 2336  BrFiltLo - ok
20:49:44.0198 2336  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:49:44.0213 2336  BrFiltUp - ok
20:49:44.0276 2336  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:49:44.0322 2336  Browser - ok
20:49:44.0369 2336  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:49:44.0432 2336  Brserid - ok
20:49:44.0463 2336  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:44.0525 2336  BrSerWdm - ok
20:49:44.0556 2336  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:44.0619 2336  BrUsbMdm - ok
20:49:44.0634 2336  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:44.0666 2336  BrUsbSer - ok
20:49:44.0697 2336  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:49:44.0728 2336  BTHMODEM - ok
20:49:44.0806 2336  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:49:44.0900 2336  bthserv - ok
20:49:44.0931 2336  catchme - ok
20:49:44.0962 2336  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:49:45.0009 2336  cdfs - ok
20:49:45.0071 2336  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:49:45.0118 2336  cdrom - ok
20:49:45.0180 2336  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:49:45.0258 2336  CertPropSvc - ok
20:49:45.0336 2336  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:49:45.0399 2336  circlass - ok
20:49:45.0446 2336  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:49:45.0492 2336  CLFS - ok
20:49:45.0586 2336  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:45.0602 2336  clr_optimization_v2.0.50727_32 - ok
20:49:45.0664 2336  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:49:45.0695 2336  clr_optimization_v2.0.50727_64 - ok
20:49:45.0742 2336  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:45.0789 2336  CmBatt - ok
20:49:45.0820 2336  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:49:45.0851 2336  cmdide - ok
20:49:45.0898 2336  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:49:45.0992 2336  CNG - ok
20:49:46.0007 2336  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:49:46.0023 2336  Compbatt - ok
20:49:46.0070 2336  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:49:46.0132 2336  CompositeBus - ok
20:49:46.0148 2336  COMSysApp - ok
20:49:46.0179 2336  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:49:46.0194 2336  crcdisk - ok
20:49:46.0257 2336  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:49:46.0304 2336  CryptSvc - ok
20:49:46.0366 2336  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
20:49:46.0413 2336  CVirtA - ok
20:49:46.0569 2336  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:49:46.0647 2336  CVPND - ok
20:49:46.0662 2336  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
20:49:46.0678 2336  CVPNDRVA - ok
20:49:46.0756 2336  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:49:46.0834 2336  DcomLaunch - ok
20:49:46.0912 2336  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:49:47.0006 2336  defragsvc - ok
20:49:47.0037 2336  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:49:47.0099 2336  DfsC - ok
20:49:47.0146 2336  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:49:47.0224 2336  Dhcp - ok
20:49:47.0271 2336  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:49:47.0333 2336  discache - ok
20:49:47.0333 2336  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:49:47.0349 2336  Disk - ok
20:49:47.0396 2336  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
20:49:47.0443 2336  DNE - ok
20:49:47.0505 2336  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:49:47.0567 2336  Dnscache - ok
20:49:47.0614 2336  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:49:47.0692 2336  dot3svc - ok
20:49:47.0739 2336  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:49:47.0817 2336  DPS - ok
20:49:47.0879 2336  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:49:47.0942 2336  drmkaud - ok
20:49:47.0973 2336  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:49:48.0020 2336  dtsoftbus01 - ok
20:49:48.0098 2336  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:49:48.0129 2336  DXGKrnl - ok
20:49:48.0176 2336  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:49:48.0254 2336  EapHost - ok
20:49:48.0363 2336  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:49:48.0472 2336  ebdrv - ok
20:49:48.0503 2336  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:49:48.0519 2336  EFS - ok
20:49:48.0628 2336  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:49:48.0691 2336  ehRecvr - ok
20:49:48.0753 2336  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:49:48.0815 2336  ehSched - ok
20:49:48.0862 2336  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:49:48.0909 2336  elxstor - ok
20:49:48.0956 2336  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:49:49.0003 2336  ErrDev - ok
20:49:49.0065 2336  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:49:49.0127 2336  EventSystem - ok
20:49:49.0159 2336  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:49:49.0205 2336  exfat - ok
20:49:49.0221 2336  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:49:49.0268 2336  fastfat - ok
20:49:49.0346 2336  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:49:49.0393 2336  Fax - ok
20:49:49.0424 2336  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:49:49.0439 2336  fdc - ok
20:49:49.0486 2336  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:49:49.0564 2336  fdPHost - ok
20:49:49.0611 2336  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:49:49.0705 2336  FDResPub - ok
20:49:49.0736 2336  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:49:49.0767 2336  FileInfo - ok
20:49:49.0783 2336  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:49:49.0861 2336  Filetrace - ok
20:49:49.0876 2336  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:49:49.0892 2336  flpydisk - ok
20:49:49.0954 2336  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:49:49.0985 2336  FltMgr - ok
20:49:50.0032 2336  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
20:49:50.0079 2336  FontCache - ok
20:49:50.0173 2336  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:50.0188 2336  FontCache3.0.0.0 - ok
20:49:50.0204 2336  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:49:50.0219 2336  FsDepends - ok
20:49:50.0266 2336  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:49:50.0297 2336  Fs_Rec - ok
20:49:50.0360 2336  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:49:50.0391 2336  fvevol - ok
20:49:50.0453 2336  [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
20:49:50.0500 2336  FWLANUSB ( UnsignedFile.Multi.Generic ) - warning
20:49:50.0500 2336  FWLANUSB - detected UnsignedFile.Multi.Generic (1)
20:49:50.0578 2336  [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4       C:\Windows\system32\DRIVERS\fwlanusb4.sys
20:49:50.0641 2336  fwlanusb4 - ok
20:49:50.0687 2336  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:49:50.0719 2336  gagp30kx - ok
20:49:50.0765 2336  [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
20:49:50.0828 2336  GDBehave - ok
20:49:50.0953 2336  [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc         C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
20:49:51.0046 2336  GDFwSvc - ok
20:49:51.0093 2336  [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
20:49:51.0124 2336  GDMnIcpt - ok
20:49:51.0171 2336  [ CEBDA28D56F0CA2F08367C93741E5F76 ] GdNetMon        C:\Windows\system32\drivers\GdNetMon64.sys
20:49:51.0202 2336  GdNetMon - ok
20:49:51.0249 2336  [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
20:49:51.0296 2336  GDPkIcpt - ok
20:49:51.0374 2336  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
20:49:51.0405 2336  GDScan - ok
20:49:51.0452 2336  [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd         C:\Windows\system32\DRIVERS\gdwfpcd64.sys
20:49:51.0499 2336  gdwfpcd - ok
20:49:51.0514 2336  [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
20:49:51.0561 2336  GearAspiWDM - ok
20:49:51.0623 2336  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:49:51.0717 2336  gpsvc - ok
20:49:51.0826 2336  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
20:49:51.0857 2336  GRD - ok
20:49:52.0029 2336  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:52.0060 2336  gupdate - ok
20:49:52.0107 2336  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:49:52.0123 2336  gusvc - ok
20:49:52.0138 2336  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:49:52.0154 2336  hamachi - ok
20:49:52.0201 2336  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:49:52.0247 2336  hcw85cir - ok
20:49:52.0279 2336  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:49:52.0341 2336  HDAudBus - ok
20:49:52.0372 2336  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:49:52.0419 2336  HidBatt - ok
20:49:52.0450 2336  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:49:52.0513 2336  HidBth - ok
20:49:52.0528 2336  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:49:52.0544 2336  HidIr - ok
20:49:52.0591 2336  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
20:49:52.0669 2336  hidserv - ok
20:49:52.0747 2336  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:49:52.0778 2336  HidUsb - ok
20:49:52.0825 2336  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:49:52.0871 2336  hkmsvc - ok
20:49:52.0903 2336  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:49:52.0965 2336  HomeGroupListener - ok
20:49:53.0012 2336  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:49:53.0074 2336  HomeGroupProvider - ok
20:49:53.0121 2336  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
20:49:53.0121 2336  HookCentre - ok
20:49:53.0261 2336  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:49:53.0293 2336  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:49:53.0293 2336  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:49:53.0339 2336  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:49:53.0355 2336  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:49:53.0355 2336  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:49:53.0402 2336  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:49:53.0433 2336  HpSAMD - ok
20:49:53.0495 2336  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:49:53.0589 2336  HTTP - ok
20:49:53.0620 2336  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:49:53.0651 2336  hwpolicy - ok
20:49:53.0667 2336  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:49:53.0683 2336  i8042prt - ok
20:49:53.0698 2336  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:49:53.0729 2336  iaStorV - ok
20:49:53.0761 2336  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:49:53.0792 2336  idsvc - ok
20:49:53.0839 2336  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:49:53.0870 2336  iirsp - ok
20:49:53.0932 2336  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:49:54.0010 2336  IKEEXT - ok
20:49:54.0041 2336  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:49:54.0073 2336  intelide - ok
20:49:54.0088 2336  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:49:54.0119 2336  intelppm - ok
20:49:54.0166 2336  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:49:54.0260 2336  IPBusEnum - ok
20:49:54.0307 2336  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:54.0353 2336  IpFilterDriver - ok
20:49:54.0369 2336  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:49:54.0431 2336  iphlpsvc - ok
20:49:54.0463 2336  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:49:54.0494 2336  IPMIDRV - ok
20:49:54.0541 2336  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:49:54.0619 2336  IPNAT - ok
20:49:54.0650 2336  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:49:54.0728 2336  IRENUM - ok
20:49:54.0743 2336  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:49:54.0759 2336  isapnp - ok
20:49:54.0775 2336  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:49:54.0790 2336  iScsiPrt - ok
20:49:54.0806 2336  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:49:54.0806 2336  kbdclass - ok
20:49:54.0821 2336  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:49:54.0868 2336  kbdhid - ok
20:49:54.0899 2336  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:49:54.0915 2336  KeyIso - ok
20:49:54.0931 2336  [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:49:54.0946 2336  KMWDFILTER - ok
20:49:54.0993 2336  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:49:55.0009 2336  KSecDD - ok
20:49:55.0009 2336  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:49:55.0024 2336  KSecPkg - ok
20:49:55.0071 2336  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:49:55.0165 2336  ksthunk - ok
20:49:55.0211 2336  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:49:55.0274 2336  KtmRm - ok
20:49:55.0352 2336  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:49:55.0430 2336  LanmanServer - ok
20:49:55.0492 2336  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:49:55.0570 2336  LanmanWorkstation - ok
20:49:55.0617 2336  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:49:55.0726 2336  lltdio - ok
20:49:55.0789 2336  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:49:55.0835 2336  lltdsvc - ok
20:49:55.0851 2336  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:49:55.0882 2336  lmhosts - ok
20:49:55.0929 2336  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:55.0960 2336  LSI_FC - ok
20:49:55.0976 2336  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:55.0991 2336  LSI_SAS - ok
20:49:55.0991 2336  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:56.0007 2336  LSI_SAS2 - ok
20:49:56.0007 2336  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:56.0023 2336  LSI_SCSI - ok
20:49:56.0023 2336  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:49:56.0101 2336  luafv - ok
20:49:56.0132 2336  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:49:56.0194 2336  Mcx2Svc - ok
20:49:56.0225 2336  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:49:56.0257 2336  megasas - ok
20:49:56.0272 2336  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:56.0288 2336  MegaSR - ok
20:49:56.0335 2336  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:49:56.0413 2336  MMCSS - ok
20:49:56.0444 2336  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:49:56.0506 2336  Modem - ok
20:49:56.0553 2336  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:49:56.0600 2336  monitor - ok
20:49:56.0662 2336  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:49:56.0693 2336  mouclass - ok
20:49:56.0709 2336  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:49:56.0725 2336  mouhid - ok
20:49:56.0771 2336  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:49:56.0803 2336  mountmgr - ok
20:49:56.0849 2336  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:49:56.0881 2336  MozillaMaintenance - ok
20:49:56.0896 2336  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:49:56.0927 2336  mpio - ok
20:49:56.0943 2336  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:49:56.0974 2336  mpsdrv - ok
20:49:57.0083 2336  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:49:57.0161 2336  MpsSvc - ok
20:49:57.0193 2336  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:49:57.0255 2336  MRxDAV - ok
20:49:57.0286 2336  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:57.0364 2336  mrxsmb - ok
20:49:57.0427 2336  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:57.0458 2336  mrxsmb10 - ok
20:49:57.0505 2336  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:57.0536 2336  mrxsmb20 - ok
20:49:57.0567 2336  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:49:57.0598 2336  msahci - ok
20:49:57.0645 2336  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:49:57.0676 2336  msdsm - ok
20:49:57.0692 2336  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:49:57.0723 2336  MSDTC - ok
20:49:57.0770 2336  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:49:57.0832 2336  Msfs - ok
20:49:57.0832 2336  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:49:57.0879 2336  mshidkmdf - ok
20:49:57.0910 2336  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:49:57.0926 2336  msisadrv - ok
20:49:57.0973 2336  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:49:58.0035 2336  MSiSCSI - ok
20:49:58.0035 2336  msiserver - ok
20:49:58.0051 2336  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:49:58.0097 2336  MSKSSRV - ok
20:49:58.0113 2336  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:58.0160 2336  MSPCLOCK - ok
20:49:58.0175 2336  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:49:58.0207 2336  MSPQM - ok
20:49:58.0238 2336  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:49:58.0253 2336  MsRPC - ok
20:49:58.0300 2336  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:49:58.0300 2336  mssmbios - ok
20:49:58.0316 2336  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:49:58.0363 2336  MSTEE - ok
20:49:58.0394 2336  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:49:58.0441 2336  MTConfig - ok
20:49:58.0487 2336  [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:49:58.0534 2336  MTsensor - ok
20:49:58.0550 2336  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:49:58.0581 2336  Mup - ok
20:49:58.0628 2336  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:49:58.0721 2336  napagent - ok
20:49:58.0768 2336  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:49:58.0815 2336  NativeWifiP - ok
20:49:58.0893 2336  [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService       C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
20:49:58.0940 2336  NBService - ok
20:49:59.0018 2336  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:49:59.0065 2336  NDIS - ok
20:49:59.0111 2336  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:59.0158 2336  NdisCap - ok
20:49:59.0189 2336  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:59.0252 2336  NdisTapi - ok
20:49:59.0299 2336  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:59.0361 2336  Ndisuio - ok
20:49:59.0392 2336  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:59.0470 2336  NdisWan - ok
20:49:59.0517 2336  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:49:59.0595 2336  NDProxy - ok
20:49:59.0657 2336  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:49:59.0751 2336  NetBIOS - ok
20:49:59.0782 2336  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:49:59.0798 2336  NetBT - ok
20:49:59.0813 2336  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:49:59.0813 2336  Netlogon - ok
20:49:59.0876 2336  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:49:59.0969 2336  Netman - ok
20:50:00.0001 2336  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:50:00.0063 2336  netprofm - ok
20:50:00.0094 2336  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:50:00.0110 2336  NetTcpPortSharing - ok
20:50:00.0157 2336  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:50:00.0188 2336  nfrd960 - ok
20:50:00.0235 2336  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:50:00.0297 2336  NlaSvc - ok
20:50:00.0344 2336  [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
20:50:00.0375 2336  NMIndexingService - ok
20:50:00.0391 2336  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:50:00.0453 2336  Npfs - ok
20:50:00.0500 2336  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:50:00.0578 2336  nsi - ok
20:50:00.0593 2336  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:50:00.0671 2336  nsiproxy - ok
20:50:00.0749 2336  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:50:00.0796 2336  Ntfs - ok
20:50:00.0796 2336  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:50:00.0843 2336  Null - ok
20:50:00.0890 2336  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:50:00.0921 2336  nvraid - ok
20:50:00.0952 2336  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:50:00.0968 2336  nvstor - ok
20:50:01.0015 2336  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:50:01.0061 2336  nv_agp - ok
20:50:01.0061 2336  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:50:01.0077 2336  ohci1394 - ok
20:50:01.0124 2336  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:50:01.0155 2336  ose - ok
20:50:01.0202 2336  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:50:01.0249 2336  p2pimsvc - ok
20:50:01.0280 2336  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:50:01.0295 2336  p2psvc - ok
20:50:01.0342 2336  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:50:01.0389 2336  Parport - ok
20:50:01.0436 2336  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:50:01.0483 2336  partmgr - ok
20:50:01.0483 2336  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:50:01.0529 2336  PcaSvc - ok
20:50:01.0561 2336  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:50:01.0607 2336  pci - ok
20:50:01.0607 2336  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:50:01.0623 2336  pciide - ok
20:50:01.0639 2336  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:50:01.0654 2336  pcmcia - ok
20:50:01.0654 2336  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:50:01.0670 2336  pcw - ok
20:50:01.0685 2336  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:50:01.0732 2336  PEAUTH - ok
20:50:01.0826 2336  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:50:01.0888 2336  PerfHost - ok
20:50:01.0951 2336  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:50:02.0013 2336  pla - ok
20:50:02.0075 2336  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:50:02.0107 2336  PlugPlay - ok
20:50:02.0169 2336  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:50:02.0216 2336  PNRPAutoReg - ok
20:50:02.0247 2336  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:50:02.0263 2336  PNRPsvc - ok
20:50:02.0356 2336  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:50:02.0434 2336  PolicyAgent - ok
20:50:02.0559 2336  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:50:02.0653 2336  Power - ok
20:50:02.0699 2336  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:50:02.0731 2336  PptpMiniport - ok
20:50:02.0731 2336  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:50:02.0746 2336  Processor - ok
20:50:02.0762 2336  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
20:50:02.0809 2336  ProfSvc - ok
20:50:02.0824 2336  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:50:02.0824 2336  ProtectedStorage - ok
20:50:02.0887 2336  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:50:02.0965 2336  Psched - ok
20:50:03.0043 2336  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:50:03.0089 2336  ql2300 - ok
20:50:03.0105 2336  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:50:03.0121 2336  ql40xx - ok
20:50:03.0167 2336  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:50:03.0199 2336  QWAVE - ok
20:50:03.0214 2336  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:50:03.0277 2336  QWAVEdrv - ok
20:50:03.0292 2336  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:50:03.0339 2336  RasAcd - ok
20:50:03.0355 2336  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:03.0370 2336  RasAgileVpn - ok
20:50:03.0386 2336  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:50:03.0433 2336  RasAuto - ok
20:50:03.0464 2336  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:03.0542 2336  Rasl2tp - ok
20:50:03.0557 2336  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:50:03.0620 2336  RasMan - ok
20:50:03.0651 2336  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:03.0729 2336  RasPppoe - ok
20:50:03.0760 2336  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:50:03.0838 2336  RasSstp - ok
20:50:03.0885 2336  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:50:03.0963 2336  rdbss - ok
20:50:03.0994 2336  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:50:04.0041 2336  rdpbus - ok
20:50:04.0057 2336  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:04.0088 2336  RDPCDD - ok
20:50:04.0103 2336  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:50:04.0150 2336  RDPENCDD - ok
20:50:04.0166 2336  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:50:04.0197 2336  RDPREFMP - ok
20:50:04.0213 2336  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:50:04.0228 2336  RDPWD - ok
20:50:04.0291 2336  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:50:04.0337 2336  rdyboost - ok
20:50:04.0369 2336  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:50:04.0447 2336  RemoteAccess - ok
20:50:04.0493 2336  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:50:04.0571 2336  RemoteRegistry - ok
20:50:04.0603 2336  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:50:04.0681 2336  RpcEptMapper - ok
20:50:04.0696 2336  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:50:04.0743 2336  RpcLocator - ok
20:50:04.0790 2336  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:50:04.0837 2336  RpcSs - ok
20:50:04.0883 2336  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:50:04.0961 2336  rspndr - ok
20:50:05.0024 2336  [ DFADCAE64AEBE2C67DA9CD2AE74CCDE5 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
20:50:05.0117 2336  RTL8169 - ok
20:50:05.0133 2336  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:50:05.0149 2336  SamSs - ok
20:50:05.0195 2336  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:50:05.0227 2336  sbp2port - ok
20:50:05.0258 2336  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:50:05.0367 2336  SCardSvr - ok
20:50:05.0383 2336  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:50:05.0461 2336  scfilter - ok
20:50:05.0523 2336  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:50:05.0585 2336  Schedule - ok
20:50:05.0617 2336  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:50:05.0648 2336  SCPolicySvc - ok
20:50:05.0695 2336  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:50:05.0741 2336  SDRSVC - ok
20:50:05.0819 2336  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:50:05.0897 2336  secdrv - ok
20:50:05.0929 2336  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:50:06.0007 2336  seclogon - ok
20:50:06.0038 2336  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
20:50:06.0069 2336  SENS - ok
20:50:06.0085 2336  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:50:06.0085 2336  SensrSvc - ok
20:50:06.0100 2336  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:50:06.0147 2336  Serenum - ok
20:50:06.0225 2336  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:50:06.0272 2336  Serial - ok
20:50:06.0303 2336  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:50:06.0319 2336  sermouse - ok
20:50:06.0365 2336  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:50:06.0443 2336  SessionEnv - ok
20:50:06.0475 2336  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:50:06.0537 2336  sffdisk - ok
20:50:06.0553 2336  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:50:06.0615 2336  sffp_mmc - ok
20:50:06.0646 2336  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:50:06.0693 2336  sffp_sd - ok
20:50:06.0740 2336  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:06.0755 2336  sfloppy - ok
20:50:06.0802 2336  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:50:06.0880 2336  SharedAccess - ok
20:50:06.0927 2336  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:50:06.0958 2336  ShellHWDetection - ok
20:50:06.0974 2336  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:50:06.0989 2336  SiSRaid2 - ok
20:50:06.0989 2336  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:50:07.0005 2336  SiSRaid4 - ok
20:50:07.0052 2336  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:50:07.0083 2336  SkypeUpdate - ok
20:50:07.0099 2336  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:50:07.0177 2336  Smb - ok
20:50:07.0223 2336  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:50:07.0286 2336  SNMPTRAP - ok
20:50:07.0317 2336  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:50:07.0333 2336  spldr - ok
20:50:07.0395 2336  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
20:50:07.0457 2336  Spooler - ok
20:50:07.0567 2336  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:50:07.0769 2336  sppsvc - ok
20:50:07.0785 2336  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:50:07.0863 2336  sppuinotify - ok
20:50:07.0925 2336  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
20:50:07.0972 2336  sptd - ok
20:50:08.0019 2336  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:50:08.0113 2336  srv - ok
20:50:08.0175 2336  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:50:08.0222 2336  srv2 - ok
20:50:08.0253 2336  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:50:08.0284 2336  srvnet - ok
20:50:08.0362 2336  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:50:08.0456 2336  SSDPSRV - ok
20:50:08.0487 2336  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:50:08.0518 2336  SstpSvc - ok
20:50:08.0518 2336  StarOpen - ok
20:50:08.0549 2336  Steam Client Service - ok
20:50:08.0581 2336  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:50:08.0612 2336  stexstor - ok
20:50:08.0674 2336  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:50:08.0737 2336  stisvc - ok
20:50:08.0768 2336  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:50:08.0783 2336  swenum - ok
20:50:08.0799 2336  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:50:08.0861 2336  swprv - ok
20:50:08.0908 2336  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:50:08.0939 2336  SysMain - ok
20:50:08.0955 2336  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:50:08.0971 2336  TabletInputService - ok
20:50:08.0986 2336  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:50:09.0033 2336  TapiSrv - ok
20:50:09.0064 2336  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:50:09.0142 2336  TBS - ok
20:50:09.0205 2336  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:50:09.0251 2336  Tcpip - ok
20:50:09.0283 2336  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:50:09.0314 2336  TCPIP6 - ok
20:50:09.0361 2336  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:50:09.0439 2336  tcpipreg - ok
20:50:09.0470 2336  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:50:09.0532 2336  TDPIPE - ok
20:50:09.0579 2336  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:50:09.0626 2336  TDTCP - ok
20:50:09.0673 2336  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:50:09.0766 2336  tdx - ok
20:50:09.0875 2336  [ EFD6843C137991CD253CA959E300E886 ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:50:09.0953 2336  TeamViewer6 - ok
20:50:09.0969 2336  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:50:09.0985 2336  TermDD - ok
20:50:10.0000 2336  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:50:10.0047 2336  TermService - ok
20:50:10.0078 2336  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:50:10.0109 2336  Themes - ok
20:50:10.0156 2336  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:50:10.0203 2336  THREADORDER - ok
20:50:10.0219 2336  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:50:10.0281 2336  TrkWks - ok
20:50:10.0390 2336  [ C6A1A2B4E8A7B92C11CA038369BD7DBE ] truecrypt       C:\Windows\syswow64\drivers\truecrypt.sys
20:50:10.0437 2336  truecrypt - ok
20:50:10.0515 2336  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:50:10.0593 2336  TrustedInstaller - ok
20:50:10.0640 2336  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:10.0702 2336  tssecsrv - ok
20:50:10.0749 2336  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:50:10.0796 2336  TsUsbFlt - ok
20:50:10.0874 2336  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:50:10.0952 2336  tunnel - ok
20:50:10.0999 2336  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:50:11.0030 2336  uagp35 - ok
20:50:11.0077 2336  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:50:11.0155 2336  udfs - ok
20:50:11.0186 2336  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:50:11.0233 2336  UI0Detect - ok
20:50:11.0264 2336  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:50:11.0295 2336  uliagpkx - ok
20:50:11.0342 2336  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:50:11.0389 2336  umbus - ok
20:50:11.0435 2336  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:50:11.0482 2336  UmPass - ok
20:50:11.0513 2336  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:50:11.0576 2336  upnphost - ok
20:50:11.0591 2336  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
20:50:11.0623 2336  usbccgp - ok
20:50:11.0654 2336  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:50:11.0669 2336  usbcir - ok
20:50:11.0669 2336  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:50:11.0685 2336  usbehci - ok
20:50:11.0701 2336  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
20:50:11.0716 2336  usbhub - ok
20:50:11.0732 2336  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:50:11.0732 2336  usbohci - ok
20:50:11.0779 2336  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:50:11.0841 2336  usbprint - ok
20:50:11.0872 2336  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:11.0919 2336  USBSTOR - ok
20:50:11.0950 2336  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:50:11.0997 2336  usbuhci - ok
20:50:12.0044 2336  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:50:12.0122 2336  UxSms - ok
20:50:12.0153 2336  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:50:12.0153 2336  VaultSvc - ok
20:50:12.0169 2336  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:50:12.0184 2336  vdrvroot - ok
20:50:12.0231 2336  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:50:12.0325 2336  vds - ok
20:50:12.0387 2336  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:12.0418 2336  vga - ok
20:50:12.0434 2336  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:50:12.0512 2336  VgaSave - ok
20:50:12.0559 2336  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:50:12.0590 2336  vhdmp - ok
20:50:12.0652 2336  [ EB8E24360CAF3492E129B9E485CDCA9C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:50:12.0761 2336  VIAHdAudAddService - ok
20:50:12.0761 2336  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:50:12.0777 2336  viaide - ok
20:50:12.0824 2336  [ 091E009EF749C9D65CF9ADFAD316D251 ] vmm             C:\Windows\system32\Treiber\vmm.sys
20:50:12.0855 2336  vmm - ok
20:50:12.0855 2336  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:50:12.0871 2336  volmgr - ok
20:50:12.0917 2336  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:50:12.0949 2336  volmgrx - ok
20:50:12.0964 2336  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:50:12.0980 2336  volsnap - ok
20:50:12.0995 2336  [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
20:50:13.0011 2336  VPCNetS2 - ok
20:50:13.0042 2336  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:50:13.0089 2336  vsmraid - ok
20:50:13.0151 2336  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:50:13.0292 2336  VSS - ok
20:50:13.0323 2336  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:50:13.0370 2336  vwifibus - ok
20:50:13.0432 2336  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:50:13.0495 2336  W32Time - ok
20:50:13.0526 2336  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:50:13.0557 2336  WacomPen - ok
20:50:13.0635 2336  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:50:13.0697 2336  WANARP - ok
20:50:13.0697 2336  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:50:13.0729 2336  Wanarpv6 - ok
20:50:13.0791 2336  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:50:13.0853 2336  wbengine - ok
20:50:13.0900 2336  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:50:13.0931 2336  WbioSrvc - ok
20:50:13.0978 2336  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:50:14.0025 2336  wcncsvc - ok
20:50:14.0041 2336  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:50:14.0041 2336  WcsPlugInService - ok
20:50:14.0087 2336  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:50:14.0119 2336  Wd - ok
20:50:14.0134 2336  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:50:14.0165 2336  Wdf01000 - ok
20:50:14.0165 2336  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:50:14.0212 2336  WdiServiceHost - ok
20:50:14.0212 2336  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:50:14.0228 2336  WdiSystemHost - ok
20:50:14.0290 2336  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:50:14.0353 2336  WebClient - ok
20:50:14.0399 2336  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:50:14.0493 2336  Wecsvc - ok
20:50:14.0493 2336  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:50:14.0524 2336  wercplsupport - ok
20:50:14.0540 2336  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:50:14.0587 2336  WerSvc - ok
20:50:14.0649 2336  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:50:14.0696 2336  WfpLwf - ok
20:50:14.0711 2336  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:50:14.0727 2336  WIMMount - ok
20:50:14.0743 2336  WinDefend - ok
20:50:14.0758 2336  WinHttpAutoProxySvc - ok
20:50:14.0821 2336  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:50:14.0914 2336  Winmgmt - ok
20:50:14.0992 2336  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:50:15.0070 2336  WinRM - ok
20:50:15.0133 2336  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:50:15.0179 2336  WinUsb - ok
20:50:15.0242 2336  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:50:15.0304 2336  Wlansvc - ok
20:50:15.0445 2336  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:50:15.0523 2336  wlidsvc - ok
20:50:15.0569 2336  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:50:15.0632 2336  WmiAcpi - ok
20:50:15.0679 2336  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:50:15.0725 2336  wmiApSrv - ok
20:50:15.0803 2336  WMPNetworkSvc - ok
20:50:15.0850 2336  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:50:15.0881 2336  WPCSvc - ok
20:50:15.0913 2336  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:50:15.0959 2336  WPDBusEnum - ok
20:50:16.0006 2336  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:50:16.0053 2336  ws2ifsl - ok
20:50:16.0069 2336  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
20:50:16.0131 2336  wscsvc - ok
20:50:16.0147 2336  WSearch - ok
20:50:16.0240 2336  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:50:16.0287 2336  wuauserv - ok
20:50:16.0303 2336  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:50:16.0334 2336  WudfPf - ok
20:50:16.0412 2336  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:16.0474 2336  WUDFRd - ok
20:50:16.0505 2336  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:50:16.0537 2336  wudfsvc - ok
20:50:16.0583 2336  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:50:16.0630 2336  WwanSvc - ok
20:50:16.0661 2336  ================ Scan global ===============================
20:50:16.0708 2336  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:50:16.0739 2336  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:50:16.0755 2336  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:50:16.0786 2336  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:50:16.0802 2336  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:50:16.0802 2336  [Global] - ok
20:50:16.0802 2336  ================ Scan MBR ==================================
20:50:16.0817 2336  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:50:16.0989 2336  \Device\Harddisk0\DR0 - ok
20:50:17.0005 2336  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
20:50:17.0317 2336  \Device\Harddisk1\DR1 - ok
20:50:17.0332 2336  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR6
20:50:19.0391 2336  \Device\Harddisk2\DR6 - ok
20:50:19.0391 2336  ================ Scan VBR ==================================
20:50:19.0391 2336  [ E50E1156EB21C77C57DCC8858753D89C ] \Device\Harddisk0\DR0\Partition1
20:50:19.0391 2336  \Device\Harddisk0\DR0\Partition1 - ok
20:50:19.0407 2336  [ 00D59D865C4A466E5ED6E74A8E9DB724 ] \Device\Harddisk1\DR1\Partition1
20:50:19.0407 2336  \Device\Harddisk1\DR1\Partition1 - ok
20:50:19.0407 2336  [ 55AC3538E1C52BEAAF62EB8705ACDAC1 ] \Device\Harddisk2\DR6\Partition1
20:50:19.0407 2336  \Device\Harddisk2\DR6\Partition1 - ok
20:50:19.0407 2336  ============================================================
20:50:19.0407 2336  Scan finished
20:50:19.0407 2336  ============================================================
20:50:19.0407 1496  Detected object count: 6
20:50:19.0407 1496  Actual detected object count: 6
20:50:39.0375 1496  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:50:39.0375 1496  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
20:50:39.0375 1496  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0375 1496  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:50:39.0391 1496  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:50:39.0391 1496  FWLANUSB ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496  FWLANUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:50:39.0391 1496  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:50:39.0391 1496  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:39.0391 1496  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Falls es was nützt, die Bedrohungen übersichtlich als Screenshot:



Danke!

Liebe Grüße


Alt 03.01.2013, 18:01   #6
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



hi
passt
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Virenüberprüfung

Alt 03.01.2013, 21:36   #7
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hey markusg, anbei der Log:

Code:
ATTFilter
ComboFix 13-01-03.05 - Oliver 03.01.2013  22:11:33.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2848 [GMT 1:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 21:15 . 2013-01-03 21:15	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-01-03 21:15 . 2013-01-03 21:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-03 13:25 . 2013-01-03 13:25	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-01-03 13:25 . 2013-01-03 13:25	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-01-03 13:25 . 2013-01-03 13:25	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-01-03 13:25 . 2013-01-03 13:25	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-01-03 13:25 . 2013-01-03 13:25	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-01-03 13:25 . 2013-01-03 13:25	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-01-03 13:25 . 2013-01-03 13:25	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-01-03 13:25 . 2013-01-03 13:25	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-01-03 13:25 . 2013-01-03 13:25	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-01-03 13:24 . 2013-01-03 13:24	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-01-03 13:24 . 2013-01-03 13:24	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-01-03 13:24 . 2013-01-03 13:24	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-01-03 13:24 . 2013-01-03 13:24	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-01-03 13:24 . 2013-01-03 13:24	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-01-03 13:24 . 2013-01-03 13:24	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-01-03 13:24 . 2013-01-03 13:24	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-01-03 13:24 . 2013-01-03 13:24	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-12-27 13:52 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-27 13:52 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-27 13:52 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-27 13:52 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-27 13:50 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 14:58 . 2009-12-23 13:52	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-10-08 22:28 . 2012-09-11 17:37	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 22:28 . 2012-09-11 17:37	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 16:53 . 2012-10-08 16:53	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2012-10-08 15:24 . 2009-09-27 13:59	60320	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-10-08 14:03 . 2009-12-04 19:04	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-10-08 14:03 . 2009-09-27 13:59	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-10-08 14:03 . 2009-09-27 13:49	64416	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2008-10-28 460800]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2011-06-30 31448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-15 834544]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-08 54176]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-08 126880]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd64.sys [2012-10-08 64416]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-09-29 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-29 64376]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [2010-10-22 1293824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-08 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2012-03-29 470008]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1207808]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
Akamai	REG_MULTI_SZ   	Akamai
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\bjlhf82i.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: !HIDDEN! 2011-06-01 23:54; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{BBCBF1DE-CFC6-DE2F-DDDA-AACFC07ADEB4} - c:\users\Oliver\AppData\Roaming\WinDefender.exe
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube Download\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2456086448-1967686859-238135647-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,c7,ae,1d,03,1f,7b,40,b5,61,0a,86,eb,d1,b0,54,69,5b,0d,f5,cb,
   3e,64,5c,5c,3d,0a,fa,ca,30,4b,49,fa,31,f9,09,bb,0d,ee,70,0e,e9,a0,a5,42,ae,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03  22:22:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-03 21:22
.
Vor Suchlauf: 21 Verzeichnis(se), 70.129.270.784 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 69.925.683.200 Bytes frei
.
- - End Of File - - EDBC4350483DB41315782B6ECEAA8D4C
         

Alt 04.01.2013, 14:33   #8
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



Sieht gut aus
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 04:26   #9
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hey, anbei der Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Oliver :: OLIVERPC [Administrator]

04.01.2013 23:47:23
MBAM-log-2013-01-05 (01-39-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442682
Laufzeit: 1 Stunde(n), 11 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
E:\Downloads\wf40\winfehler1.tpl (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt.

(Ende)
         
Also im Prinzip keine Viren gefunden.. Dieses Spaßprogramm habe ich seit 10 Jahren, wusste gar nicht mehr davon.
Aber schon komisch, ich meine, ich habe genau gesehen, wie der Bildschirm nach dem Pop-Up geflackert hat, nichts mehr gescheit reagiert hat, und ansonsten kam auch immer soofrt der G-Data, nur dieses Mal nicht. Im Prinzip muss der Virus ausgeführt worden sein.

Ich habe noch das alte-Gdata drauf, mein Vater hat die neue Version gekauft (für mehrere PC's), würdet du mir auch wie cosinus raten, Avira zu installieren, einfach weil es weniger reccourcenreich ist und genau so viel bringt?

Lg

Alt 06.01.2013, 16:44   #10
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



Hi
wenn deine Lizenz noch läuft, kannst du kostenlos upgraden.
Ich persönlich nutze emsisoft, läuft flüssiger, und bietet, aus meiner Sicht, bessere schutzmodule, wie zb die Verhaltensanalyse. kostet rund 20 €.
link kann ich dir später geben.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2013, 22:04   #11
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hallo markusg,

ich bin seit gestern wieder in der Stadt meiner Uni, von daher kann ich deine Angaben erst am Wochenende ausführen! (was ich auch tun werde!)

Bis dann!

Lg und danke für Dein Verständnis

Alt 08.01.2013, 17:01   #12
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



Hi
einfach weiter wenn du Zeit hast
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 23:14   #13
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hallo markusg,

anbei die Liste (wo ich nichts geschrieben habe, ist das Programm "nötig" - wie wohl 90 % . Ich meine, bei den Spielen ist das so eine Sache, zur Zeit tu ich es nicht, natürlich könnte man die löschen..

Bei all den (Windows-)Updates erlaube ich mir kein Urteil.

Bitte lass dir so viel Zeit, so viel du willst, ich habe es mri auch gelassen. Ich binb ab morgen wieder inmeiner Unistadt und in den nächsten 2 Wochen sind Klausuren, von daher eilt es nicht.

Lg

Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.10.2012	6,00MB	11.4.402.287   
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	11.09.2012	6,00MB	11.4.402.265      "
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	10.09.2012	122MB	10.1.4     "
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	03.06.2012		11.6.5.635                    "
Akamai NetSession Interface		28.02.2012	                                                          unbekannt	
Akamai NetSession Interface Service		28.02.2012                                                        unbekannt	 	
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	02.10.2011	22,7MB	3.0.842.0
AMD Processor Driver	AMD	04.10.2009		1.3.2.0053
Apple Application Support	Apple Inc.	14.11.2009	32,2MB	1.0
Apple Software Update	Apple Inc.	14.11.2009	2,15MB	2.1.1.116
Audacity 1.2.6		01.07.2011		
Audiograbber 1.83 SE	Audiograbber Deutschland	12.12.2009		1.83 SE
auxilium 3.1 light	CommTec-Softwareentwicklung	03.10.2009		
AVM FRITZ!WLAN	AVM Berlin	03.02.2012		
Batch PPTX to PPT Converter	Batchwork Software	02.07.2012		2012.4.605.1806                unnötig
Call of Duty Modern Warfare 3 (c) Activision version 1		14.03.2012		1
Call of Duty: Modern Warfare 2	Infinity Ward	13.03.2012		
Call of Duty: Modern Warfare 2 - Multiplayer	Infinity Ward	13.03.2012		
CCleaner	Piriform	19.12.2012		3.26
Cheat Engine 6.1	Dark Byte	03.10.2011	23,5MB	
Cisco Systems VPN Client 5.0.07.0290		12.11.2012	10,6MB	                                      unbekannt
Compatibility Pack for the 2007 Office system	Microsoft Corporation	02.07.2012	66,9MB	12.0.6514.5001
Corel Home Super Putt		01.07.2011		
DAEMON Tools Lite	DT Soft Ltd	14.02.2012		4.45.3.0297
Das Latein-Wörterbuch 2.1.1	Florian Schoppmann	01.07.2011		2.1.1
ESET Online Scanner v3		17.09.2011		
Facebook Video Calling 1.2.0.287	Skype Limited	06.01.2013	4,76MB	1.2.287                        unnötig
Free YouTube Download 2.9	DVDVideoSoft Limited.	05.10.2010	25,5MB	
G Data InternetSecurity 2011	G Data Software AG	05.12.2010	69,2MB	21.0.0.0
Google Earth	Google	01.01.2010	69,5MB	5.1.7894.7252                                                 unnötig
Grand Theft Auto IV	Rockstar Games	17.09.2009		1.00.0000
Grand Theft Auto: Episodes From Liberty City	Rockstar Games	16.04.2010		1.1.0.0
GTA2		01.07.2011		1.00.001
GTA2 Game Hunter		01.07.2011		1.511
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3	HP	01.06.2011		13.0                 unnötig
HP Imaging Device Functions 13.0	HP	01.06.2011		13.0                                 unnötig
HP Photosmart Essential 3.5	HP	01.06.2011		3.5                                    unnötig
HP Smart Web Printing 4.51	HP	01.06.2011		4.51                                  unnötig
HP Solution Center 13.0	HP	01.06.2011		13.0                                                unnötig
HP Update	Hewlett-Packard	01.06.2011	3,72MB	4.000.011.006 
ICQ7.6	ICQ	06.10.2011		7.6                                                                unnötig
IrfanView (remove only)	Irfan Skiljan	04.03.2012	1,50MB	4.32
Java 7 Update 7	Oracle	11.09.2012	128MB	7.0.70
KaloMa 4.91	Frank Böpple	12.01.2011	4,57MB	                                                    unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	04.01.2013	18,4MB	1.70.0.1100
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	04.02.2012	31,3MB	3.5.92.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	27.06.2011	6,03MB	3.5.50.0
Microsoft Office Live Add-in 1.5	Microsoft Corporation	11.09.2012	508KB	2.0.4024.1
Microsoft Office Professional Edition 2003	Microsoft Corporation	13.12.2009	206MB	11.0.5614.0
Microsoft Virtual PC 2007	Microsoft Corporation	25.02.2010	36,9MB	6.0.156.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	06.12.2009	260KB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	06.12.2009	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	13.03.2012	2,69MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.09.2009	702KB	8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	06.12.2009	200KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	15.01.2010	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.09.2009	590KB	9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	27.02.2012	15,0MB	10.0.30319
Mobipocket Reader 6.2	Mobipocket.com	29.06.2010	11,2MB	6.2.608
Mozilla Firefox 18.0.1 (x86 de)	Mozilla	19.01.2013	45,4MB	18.0.1
Mozilla Maintenance Service	Mozilla	19.01.2013	330KB	18.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	07.10.2010	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	07.10.2010	1,33MB	4.20.9876.0
N Schach 3	N Company, Inc.	09.05.2011		
Need for Speed(TM) Hot Pursuit	Electronic Arts	14.02.2012	7,73GB	1.0.0.0
Need for Speed™ Most Wanted		01.07.2011		
Nero 7 Ultra Edition	Nero AG	28.09.2010	1,48GB	7.02.6445
NVIDIA PhysX	NVIDIA Corporation	18.09.2010	78,9MB	9.10.0513
PC Inspector File Recovery		01.07.2011		4.0
PDF24 Creator 4.9.0	PDF24.org	04.11.2012	33,9MB	
Picasa 3	Google, Inc.	01.07.2011		3.1
PokerTH	www.pokerth.net	24.07.2011	29,7GB	0.8.3
Project64 1.6	Project64	10.12.2009	3,46MB	1.6
QuickTime	Apple Inc.	14.11.2009	76,4MB	7.64.17.73
RAIDXpert	AMD	17.09.2009	105MB	2.4.1540.26
Realtek 8136 8168 8169 Ethernet Driver	Realtek	17.09.2009		1.00.0005
RedMon - Redirection Port Monitor		29.05.2012		
Skype™ 5.10	Skype Technologies S.A.	30.09.2012	19,4MB	5.10.116
Steam	Valve Corporation	23.08.2010	42,2MB	1.0.0.0
StreamTransport version: 1.0.2.2171		09.10.2012		
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53	eRightSoft	29.09.2012	54,0MB	v2012.build.53
System Requirements Lab CYRI	Husdawg, LLC	13.03.2012	463KB	4.5.1.0
TeamViewer 6	TeamViewer GmbH	01.07.2011		6.0.10511
TrueCrypt	TrueCrypt Foundation	01.07.2011		6.3a
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	17.09.2009	2,61MB	1.34
VLC media player 2.0.4	VideoLAN	03.11.2012		2.0.4
Windows Live Essentials	Microsoft Corporation	01.07.2011		14.0.8089.0726
Windows Live ID Sign-in Assistant	Microsoft Corporation	30.12.2010	10,0MB	6.500.3165.0
Windows Live-Uploadtool	Microsoft Corporation	06.12.2009	224KB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	17.12.2009	296KB	1.0.0.8
WinRAR		06.12.2009		
Worms Armageddon		01.07.2011		
Worms Reloaded	Team17	02.10.2011		
Xvid Video Codec	Xvid Team	11.11.2012		1.3.2
         

Alt 22.01.2013, 11:37   #14
markusg
/// Malware-holic
 
Virenüberprüfung - Standard

Virenüberprüfung



wieso stehen an manchen "
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2013, 09:43   #15
Yoshi08
 
Virenüberprüfung - Standard

Virenüberprüfung



Hey,

ich habe es mal eben anständig korrigiert:
Bei manchen Programmen (hauptsächlich (WIndows)updates) erlaueb ich mir kein Urteil.


Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.10.2012	6,00MB	11.4.402.287    nötig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	11.09.2012	6,00MB	11.4.402.265      "nötig
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	10.09.2012	122MB	10.1.4     " nötig
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	03.06.2012		11.6.5.635                    nötig
Akamai NetSession Interface		28.02.2012	                                                          unbekannt	
Akamai NetSession Interface Service		28.02.2012                                                        unbekannt	 	
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	02.10.2011	22,7MB	3.0.842.0
AMD Processor Driver	AMD	04.10.2009		1.3.2.0053
Apple Application Support	Apple Inc.	14.11.2009	32,2MB	1.0 nötig
Apple Software Update	Apple Inc.	14.11.2009	2,15MB	2.1.1.116  unbekannt
Audacity 1.2.6		01.07.2011		nötig
Audiograbber 1.83 SE	Audiograbber Deutschland	12.12.2009		1.83 SE nötig
auxilium 3.1 light	CommTec-Softwareentwicklung	03.10.2009	nötig	
AVM FRITZ!WLAN	AVM Berlin	03.02.2012		B]nötig[/B]
Batch PPTX to PPT Converter	Batchwork Software	02.07.2012	unnötig	2012.4.605.1806                unnötig
Call of Duty Modern Warfare 3 (c) Activision version 1		14.03.201nötig
Call of Duty: Modern Warfare 2	Infinity Ward	13.03.2012	unnötig	
Call of Duty: Modern Warfare 2 - Multiplayer	Infinity Ward	13.03.2012	unnötig	
CCleaner	Piriform	19.12.2012		3.26 nötig
Cheat Engine 6.1	Dark Byte	03.10.2011	23,5MB	unnötig
Cisco Systems VPN Client 5.0.07.0290		12.11.2012	 10,6MB	                                      unbekannt
Compatibility Pack for the 2007 Office system	Microsoft Corporation	02.07.2012	66,9MB	12.0.6514.5001
Corel Home Super Putt		01.07.2011		
DAEMON Tools Lite	DT Soft Ltd	14.02.2012		4.45.3.0297 unnötig
Das Latein-Wörterbuch 2.1.1	Florian Schoppmann	01.07.2011		2.1.1 unnötig
ESET Online Scanner v3		17.09.2011		....
Facebook Video Calling 1.2.0.287	Skype Limited	06.01.2013	4,76MB	unnötig1.2.287                        unnötig
Free YouTube Download 2.9	DVDVideoSoft Limited.	05.10.2010	25,5MB	unnötig
G Data InternetSecurity 2011	G Data Software AG	05.12.2010	69,2MB	21.0.0.0
Google Earth	Google	01.01.2010	69,5MB	5.1.7894.7252                                                 unnötig
Grand Theft Auto IV	Rockstar Games	17.09.2009		1.00.0000 (un)nötig
Grand Theft Auto: Episodes From Liberty City	Rockstar Games	16.04.2010		1.1.0.0 (un)nötig
GTA2		01.07.2011		1.00.001 unnötig
GTA2 Game Hunter		01.07.2011		1.511 unnötig
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3	HP	01.06.2011		13.0                 unnötig
HP Imaging Device Functions 13.0	HP	01.06.2011		13.0                                 unnötig 
HP Photosmart Essential 3.5	HP	01.06.2011		3.5                                    unnötig
HP Smart Web Printing 4.51	HP	01.06.2011		4.51                                  unnötig
HP Solution Center 13.0	HP	01.06.2011		13.0                                                unnötig
HP Update	Hewlett-Packard	01.06.2011	3,72MB	4.000.011.006  unnötig
ICQ7.6	ICQ	06.10.2011		7.6                                                                unnötig
IrfanView (remove only)	Irfan Skiljan	04.03.2012	1,50MB	4.32
Java 7 Update 7	Oracle	11.09.2012	128MB	7.0.70
KaloMa 4.91	Frank Böpple	12.01.2011	4,57MB	                                                   unnötig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	04.01.2013	18,4MB	1.70.0.1100 ...
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	04.02.2012	31,3MB	3.5.92.0 (un)nötig
Microsoft Games for Windows Marketplace	Microsoft Corporation	27.06.2011	6,03MB	3.5.50.0 (un)nötig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	11.09.2012	508KB	2.0.4024.1
Microsoft Office Professional Edition 2003	Microsoft Corporation	13.12.2009	206MB	11.0.5614.0
Microsoft Virtual PC 2007	Microsoft Corporation	25.02.2010	36,9MB	6.0.156.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	06.12.2009	260KB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	06.12.2009	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	13.03.2012	2,69MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.09.2009	702KB	8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	06.12.2009	200KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	15.01.2010	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.09.2009	590KB	9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	27.02.2012	15,0MB	10.0.30319
Mobipocket Reader 6.2	Mobipocket.com	29.06.2010	11,2MB	6.2.608 unnötig
Mozilla Firefox 18.0.1 (x86 de)	Mozilla	19.01.2013	45,4MB	18.0.1 nötig
Mozilla Maintenance Service	Mozilla	19.01.2013	330KB	18.0.1 unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	07.10.2010	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	07.10.2010	1,33MB	4.20.9876.0
N Schach 3	N Company, Inc.	09.05.2011		unnötig
Need for Speed(TM) Hot Pursuit	Electronic Arts	14.02.2012	7,73GB	1.0.0.0 unnötig
Need for Speed™ Most Wanted		01.07.2011		 unnötig
Nero 7 Ultra Edition	Nero AG	28.09.2010	1,48GB	7.02.6445 nötig
NVIDIA PhysX	NVIDIA Corporation	18.09.2010	78,9MB	9.10.0513
PC Inspector File Recovery		01.07.2011		4.0 unnötig
PDF24 Creator 4.9.0	PDF24.org	04.11.2012	33,9MB	nötig
Picasa 3	Google, Inc.	01.07.2011		3.1 (un)nötig
PokerTH	www.pokerth.net	24.07.2011	29,7GB	0.8.3  unnötig
Project64 1.6	Project64	10.12.2009	3,46MB	1.6   unnötig
QuickTime	Apple Inc.	14.11.2009	76,4MB	7.64.17.73 unnötig
RAIDXpert	AMD	17.09.2009	105MB	2.4.1540.26 
Realtek 8136 8168 8169 Ethernet Driver	Realtek	17.09.2009		1.00.0005
RedMon - Redirection Port Monitor		29.05.2012		unbekannt
Skype™ 5.10	Skype Technologies S.A.	30.09.2012	19,4MB	5.10.116 unnötig
Steam	Valve Corporation	23.08.2010	42,2MB	1.0.0.0 unnötig
StreamTransport version: 1.0.2.2171		09.10.2012		unnötig
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53	eRightSoft	 29.09.2012	54,0MB	v2012.build.53  unnötig
System Requirements Lab CYRI	Husdawg, LLC	13.03.2012	463KB	4.5.1.0 unbekannt
TeamViewer 6	TeamViewer GmbH	01.07.2011		6.0.10511 (un)nötig
TrueCrypt	TrueCrypt Foundation	01.07.2011		6.3a nötig
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	17.09.2009	2,61MB	1.34 unbekannt
VLC media player 2.0.4	VideoLAN	03.11.2012		2.0.4 nötig
Windows Live Essentials	Microsoft Corporation	01.07.2011		14.0.8089.0726
Windows Live ID Sign-in Assistant	Microsoft Corporation	30.12.2010	10,0MB	6.500.3165.0
Windows Live-Uploadtool	Microsoft Corporation	06.12.2009	224KB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	17.12.2009	296KB	1.0.0.8
WinRAR		06.12.2009		
Worms Armageddon		01.07.2011		 unnötig
Worms Reloaded	Team17	02.10.2011		 unnötig
Xvid Video Codec	Xvid Team	11.11.2012		1.3.2
         
Lg

Antwort

Themen zu Virenüberprüfung
bekämpfen, bla, blieb, g-data, hintergrund, neuer, nichts, plötzlich, pop-up, programm, scan, scanner, schaden, sofort, tab, typische, virenscan, virenscanner, virus, webseite, windows 7, überprüfung




Zum Thema Virenüberprüfung - Hallo, als ich gerade eben auf einer "anrüchigen" Webseite auf meinem PC rumsurfte, kam plötzlich ein Pop-Up, wo ich sofort misstrauisch wurde, weil es so aussah, dass irgendein Programm geöffnet - Virenüberprüfung...
Archiv
Du betrachtest: Virenüberprüfung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.