AVG unerwartet beendet (verdacht auf Keylogger/Trojaner)

keks60311 · 01.02.2013, 20:45

Guten Tag liebe Forengemeinde,

erstmal ein herzliches Dankeschön an die Helfer dieser Seite,
die nun versuchen Gewissheit über mein System anhand der ausgewerteten Logfiles zu erörtern.

Gescannt habe ich Streng nach Anleitung!

Hierzu gibt es noch ein paar besondere Vorkomnisse die ich gerne so genau wie möglich hier schildern möchte.

1. Zum Scannen habe ich AVG Internet Security 2013 (Trialversion) kommplett deinstalliert.
Sowie Google Drive und Dropbox aus dem Autostart genommen und ebenfalls beendet.

2. Unter System Events im Extras.txt ist die eine unerwartet Beendigung von AVG genau aufgeführt. Dies war aber nicht der Zeitpunkt der Deinstallation.

3. Nach dem Scann mit GMER wurde beim ersten Scann die Meldung

Zitat:

Es wurden keine Modifaktionen entdeckt

ausgegeben und ich konnte somit auch kein logfile speichern.
Bei meinem Neustart nach dem Scann dauerte das Herunterfahren auffällig lang (3-4min) was mich dazu veranlasste den Rechner einfach auszuschalten. Dazu muss ich sagen das mein System noch nie so lange gebraucht hat zum Herunterfahren außer es installiert Updates. In diesem Fall war es aber einfach so das 3-4min nur "Herunterfahren" angezeigt wurde. Wieder im System veranlaßte ich einen neuen Scann, natürlich wieder Streng nach Anleitung was zu einem Bluescreen führte (vorher noch nie gehabt). Leider habe ich es versäumt die Fehlermeldung zu notieren, wo ich nun leider keine genauen Angaben dazu machen kann.
Mein erneuter Scann mit GMER förderte nun ein paar Einträge ans Licht die aber größtenteils aus dem Programm Skype bestehen. Komisch ist zwar das beim ersten mal nix gefunden wurde, zwischendrinn ein Bluescreen auftaucht und beim dritten mal ein paar hoffentlich unbedeutende Einträge auftauchen.

Zur Anleitung wie man die Programme defrogger, OTL und GMER benutzt, hätte ich in diesem Fall einen kleinen Verbesserungsvorschlag

Wenn GMER keine Modifikationen entdeckt (wie bei meinem ersten versuch), hat man keine möglichkeit ein logfile zu speichern. Wenn man nach dem bestätigen der Meldung

Zitat:

"Es wurden keine Modifikationen entdeckt"

Save auswählt, bekommt man natürlich ein leeres logfile. Wenn man dies in der Anleitung noch genau erwähnt, könnte man in diesem Fall eine Verwirrung vorbeugen. (wie sie in meinem Fall entstanden ist.)

Nun gut,
ich hoffe ich habe alles so genau wie Möglich beschrieben.

Danke vorab fürs Analysieren.

cosinus · 02.02.2013, 16:51

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

keks60311 · 02.02.2013, 17:01

hallo cosinus,
man ich hab total vergessen die Logfiles in den Thread zu posten

Hier die Logfiles die ich natürlich streng nach Anleitung erstellt habe.

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:06 on 01/02/2013 (Cookie)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

OTL logfile created on: 01.02.2013 18:07:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cookie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,00% Memory free
7,39 Gb Paging File | 6,49 Gb Available in Paging File | 87,84% Paging File free
Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 205,87 Gb Free Space | 82,35% Space Free | Partition Type: NTFS
Drive D: | 346,07 Gb Total Space | 320,58 Gb Free Space | 92,63% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 70,16 Gb Free Space | 15,06% Space Free | Partition Type: NTFS
Drive J: | 7,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: WIN7-DESKTOP | User Name: Cookie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.01 17:34:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.19 09:50:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.25 22:28:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 79 AA 63 05 00 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B5C46D283-ABDE-4dce-B83C-08881401921C%7D:2.1.8.2
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.29 22:13:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.16 20:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\Extensions
[2013.02.01 17:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\Firefox\Profiles\m4yjlyt7.default\extensions
[2013.02.01 17:12:55 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Cookie\AppData\Roaming\mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.01.22 00:02:59 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Cookie\AppData\Roaming\mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\zigboom@hotmail.com
[2013.01.29 19:15:59 | 000,018,203 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
[2013.01.17 01:02:20 | 000,234,233 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2013.01.31 22:50:00 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.22 00:05:10 | 000,016,100 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
[2013.01.19 09:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 09:50:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - Startup: C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE2B00C8-1CA7-4EA0-B270-29DE358C79DF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.07 04:43:25 | 000,000,000 | ---D | M] - J:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2007.02.25 05:23:24 | 000,000,047 | R--- | M] () - J:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.03.02 10:31:43 | 000,162,880 | R--- | M] () - J:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{7a22749e-6727-11e2-8267-002185688351}\Shell - "" = AutoRun
O33 - MountPoints2\{7a22749e-6727-11e2-8267-002185688351}\Shell\AutoRun\command - "" = J:\autorun.exe -- [2007.03.02 10:31:43 | 000,162,880 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.01 17:48:33 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Avg2013
[2013.02.01 17:34:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2013.02.01 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\QuickScan
[2013.02.01 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
[2013.02.01 16:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6
[2013.02.01 16:11:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.31 22:05:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.01.31 16:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2013.01.31 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\TrackMania
[2013.01.31 16:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmUnitedForever
[2013.01.31 16:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmUnitedForever
[2013.01.31 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\Command & Conquer 3 Tiberium Wars
[2013.01.31 15:56:38 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.01.31 15:53:49 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\Bücher
[2013.01.31 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.01.31 00:15:45 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\Updater
[2013.01.31 00:15:08 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Opera
[2013.01.31 00:11:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.01.31 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.01.31 00:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.01.31 00:09:25 | 000,000,000 | ---D | C] -- C:\PS_CS2_Gr_NonRet
[2013.01.30 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\TeamViewer
[2013.01.30 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\KeePass
[2013.01.30 19:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.01.30 02:15:40 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.01.30 02:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.30 02:15:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.30 02:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.01.30 02:14:02 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Windows Live
[2013.01.30 02:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.01.29 22:13:37 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.29 22:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 22:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.29 22:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\DVDVideoSoft
[2013.01.28 11:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.28 11:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.26 21:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2013.01.26 16:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.25 22:39:27 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\My Games
[2013.01.25 22:38:31 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.01.25 22:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.25 22:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.01.25 22:28:02 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.25 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\DAEMON Tools Lite
[2013.01.25 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.01.25 22:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.01.25 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer
[2013.01.25 13:02:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Ashampoo
[2013.01.25 13:02:09 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\ashampoo
[2013.01.25 13:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.01.25 13:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.01.25 13:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.01.25 13:01:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Programs
[2013.01.21 15:18:34 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Dropbox
[2013.01.21 15:15:34 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.21 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Dropbox
[2013.01.20 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\NVIDIA
[2013.01.20 20:51:45 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Google
[2013.01.20 20:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.01.19 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\ImgBurn
[2013.01.19 09:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.01.19 09:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013.01.19 09:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 18:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.0
[2013.01.18 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013.01.18 18:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.17 23:26:56 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\Dokumente
[2013.01.17 23:22:33 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\PCopt AG2
[2013.01.17 23:13:42 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Adobe
[2013.01.17 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.17 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.17 23:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.17 19:09:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\OpenOffice.org
[2013.01.17 19:08:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.01.17 19:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.01.17 19:01:38 | 000,000,000 | --SD | C] -- C:\Users\Cookie\Google Drive
[2013.01.17 19:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.01.17 01:21:47 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Skype
[2013.01.17 01:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.17 01:21:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.17 01:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.17 01:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.17 01:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.17 01:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.17 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Macromedia
[2013.01.17 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Macromedia
[2013.01.17 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Adobe
[2013.01.17 00:59:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.17 00:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.17 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Thunderbird
[2013.01.17 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Thunderbird
[2013.01.17 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.16 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.16 22:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.16 20:58:50 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\Tor Browser
[2013.01.16 20:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.01.16 20:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.01.16 20:44:24 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Google
[2013.01.16 20:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.16 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.01.16 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\TuneUp Software
[2013.01.16 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.01.16 20:35:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.16 20:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.16 20:35:05 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\MFAData
[2013.01.16 20:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.01.16 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\vlc
[2013.01.16 20:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.16 20:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.16 20:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.01.16 20:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.16 20:31:09 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.01.16 20:31:09 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.01.16 20:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.01.16 20:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.01.16 20:26:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Mozilla
[2013.01.16 20:26:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Mozilla
[2013.01.16 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.16 20:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.16 20:19:27 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.16 20:19:27 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Searches
[2013.01.16 20:19:27 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.16 20:19:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Identities
[2013.01.16 20:19:04 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Contacts
[2013.01.16 20:19:02 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\VirtualStore
[2013.01.16 20:18:57 | 000,000,000 | --SD | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Videos
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Saved Games
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Pictures
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Music
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Links
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Favorites
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Downloads
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Documents
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Desktop
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Vorlagen
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Verlauf
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Temporary Internet Files
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Startmenü
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\SendTo
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Recent
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Netzwerkumgebung
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Lokale Einstellungen
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\Eigene Videos
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\Eigene Musik
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Eigene Dateien
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\Eigene Bilder
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Druckumgebung
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Cookies
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Anwendungsdaten
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Anwendungsdaten
[2013.01.16 20:18:57 | 000,000,000 | -H-D | C] -- C:\Users\Cookie\AppData
[2013.01.16 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Temp
[2013.01.16 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Microsoft
[2013.01.16 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Media Center Programs
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.16 20:18:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.16 20:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.16 20:07:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.16 20:06:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 18:06:31 | 000,000,168 | ---- | M] () -- C:\Users\Cookie\defogger_reenable
[2013.02.01 18:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.01 18:04:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 18:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 18:04:32 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.01 18:03:51 | 000,022,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 18:03:51 | 000,022,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 18:03:18 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.01 18:03:18 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.01 18:03:18 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.01 18:03:18 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.01 18:03:18 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.01 17:54:48 | 000,365,568 | ---- | M] () -- C:\Users\Cookie\Desktop\gmer_2.0.18454.exe
[2013.02.01 17:46:50 | 000,012,238 | ---- | M] () -- C:\Users\Cookie\Desktop\cookiesdata.kdbx
[2013.02.01 17:34:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2013.02.01 17:34:04 | 000,050,477 | ---- | M] () -- C:\Users\Cookie\Desktop\Defogger.exe
[2013.02.01 16:14:47 | 000,001,015 | ---- | M] () -- C:\Users\Cookie\Desktop\Trojancheck.lnk
[2013.01.31 17:11:11 | 000,001,580 | ---- | M] () -- C:\Users\Cookie\Desktop\KeePass.lnk
[2013.01.31 16:43:03 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2013.01.31 15:56:29 | 000,000,244 | ---- | M] () -- C:\Users\Cookie\Desktop\Command & Conquer 3 Tiberium Wars.lnk
[2013.01.31 14:33:42 | 000,319,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.31 00:11:37 | 000,001,385 | ---- | M] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.31 00:02:20 | 000,000,477 | ---- | M] () -- C:\Users\Cookie\Desktop\My_Book (I).lnk
[2013.01.30 20:06:36 | 000,001,364 | ---- | M] () -- C:\Users\Cookie\Desktop\Play Tiberian Sun.lnk
[2013.01.27 23:22:01 | 000,000,466 | ---- | M] () -- C:\Users\Cookie\Desktop\Data (D).lnk
[2013.01.26 16:53:52 | 000,000,699 | ---- | M] () -- C:\Users\Cookie\Desktop\altbinz_0.39.4.lnk
[2013.01.25 22:28:02 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.22 11:27:00 | 000,001,230 | ---- | M] () -- C:\Users\Cookie\Desktop\Calculator.lnk
[2013.01.21 15:28:37 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.21 15:22:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.17 19:01:39 | 000,001,680 | ---- | M] () -- C:\Users\Cookie\Desktop\Google Drive.lnk
[2013.01.17 01:33:33 | 000,000,636 | ---- | M] () -- C:\Users\Cookie\Desktop\Start Tor Browser.lnk
[2013.01.17 01:32:31 | 000,000,861 | ---- | M] () -- C:\Users\Cookie\Desktop\Downloads.lnk
[2013.01.16 23:00:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.16 23:00:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.16 20:44:26 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.01.16 20:26:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.16 20:10:47 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.16 20:10:47 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.16 20:09:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.02.01 18:06:31 | 000,000,168 | ---- | C] () -- C:\Users\Cookie\defogger_reenable
[2013.02.01 17:54:47 | 000,365,568 | ---- | C] () -- C:\Users\Cookie\Desktop\gmer_2.0.18454.exe
[2013.02.01 17:34:04 | 000,050,477 | ---- | C] () -- C:\Users\Cookie\Desktop\Defogger.exe
[2013.02.01 16:14:47 | 000,001,015 | ---- | C] () -- C:\Users\Cookie\Desktop\Trojancheck.lnk
[2013.01.31 18:25:16 | 000,012,238 | ---- | C] () -- C:\Users\Cookie\Desktop\cookiesdata.kdbx
[2013.01.31 17:11:11 | 000,001,580 | ---- | C] () -- C:\Users\Cookie\Desktop\KeePass.lnk
[2013.01.31 16:43:03 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2013.01.31 15:56:29 | 000,000,244 | ---- | C] () -- C:\Users\Cookie\Desktop\Command & Conquer 3 Tiberium Wars.lnk
[2013.01.31 00:11:52 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.01.31 00:11:37 | 000,001,385 | ---- | C] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.31 00:11:22 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.01.31 00:11:03 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.01.31 00:11:02 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.01.31 00:02:20 | 000,000,477 | ---- | C] () -- C:\Users\Cookie\Desktop\My_Book (I).lnk
[2013.01.30 19:59:30 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.01.30 02:15:33 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.01.30 02:15:28 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.01.27 23:22:01 | 000,000,466 | ---- | C] () -- C:\Users\Cookie\Desktop\Data (D).lnk
[2013.01.26 23:52:19 | 000,001,364 | ---- | C] () -- C:\Users\Cookie\Desktop\Play Tiberian Sun.lnk
[2013.01.26 16:53:52 | 000,000,699 | ---- | C] () -- C:\Users\Cookie\Desktop\altbinz_0.39.4.lnk
[2013.01.22 11:27:00 | 000,001,230 | ---- | C] () -- C:\Users\Cookie\Desktop\Calculator.lnk
[2013.01.21 15:22:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.19 09:59:30 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.01.17 23:10:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.17 19:01:39 | 000,001,680 | ---- | C] () -- C:\Users\Cookie\Desktop\Google Drive.lnk
[2013.01.17 19:00:08 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.17 19:00:07 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.17 01:33:33 | 000,000,636 | ---- | C] () -- C:\Users\Cookie\Desktop\Start Tor Browser.lnk
[2013.01.17 01:32:31 | 000,000,861 | ---- | C] () -- C:\Users\Cookie\Desktop\Downloads.lnk
[2013.01.16 23:10:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.16 23:00:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.16 23:00:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.16 22:55:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.16 22:37:26 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.16 20:44:26 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.01.16 20:26:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.16 20:19:35 | 000,001,443 | ---- | C] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.16 20:19:35 | 000,001,409 | ---- | C] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.16 20:10:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.16 20:10:35 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.16 20:09:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.16 20:07:04 | 2414,481,408 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.25 13:02:18 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Ashampoo
[2013.01.31 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.02.01 03:50:09 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\DAEMON Tools Lite
[2013.02.01 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Dropbox
[2013.01.29 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\DVDVideoSoft
[2013.01.29 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.19 10:04:35 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\ImgBurn
[2013.02.01 17:46:50 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\KeePass
[2013.01.17 19:09:25 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\OpenOffice.org
[2013.01.31 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Opera
[2013.02.01 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\QuickScan
[2013.01.30 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\TeamViewer
[2013.01.17 00:28:29 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Thunderbird
[2013.01.16 20:37:47 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 01.02.2013 18:07:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cookie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,00% Memory free
7,39 Gb Paging File | 6,49 Gb Available in Paging File | 87,84% Paging File free
Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 205,87 Gb Free Space | 82,35% Space Free | Partition Type: NTFS
Drive D: | 346,07 Gb Total Space | 320,58 Gb Free Space | 92,63% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 70,16 Gb Free Space | 15,06% Space Free | Partition Type: NTFS
Drive J: | 7,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: WIN7-DESKTOP | User Name: Cookie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01158516-018E-4B97-9AA4-F501E5E5ADC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{150AF6B1-1309-4C2B-B798-492673F53CA9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1E3A13CC-2BFB-4E01-A955-F9099ADDD9E6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F5A49AE-FDBD-4748-9C56-9744D9EFB3FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{22823048-982A-4A6A-8B12-C214B19CDCFE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{463AE090-C95A-4FF5-9A19-A70B8927D4EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{47ED8F60-BB02-416B-BD44-A9CDA1ABF2CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{52131334-6B76-4A31-A025-2298ECF34B11}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55B44E44-8991-46CF-B871-64874E8FBC96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{64C8514F-A8B1-4EEA-820A-B2D28E7F3303}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6D820E15-F387-4A76-9318-FC298C20162E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{70BD3937-C123-4B42-AD24-C46D48E62DD9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B2F26C6-1BF1-4056-A936-2F8D4B7DB0D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A81DB7F8-9BBC-4268-A154-A44E40FCA65E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A981B5DD-05F7-49EC-8487-86F7DC396312}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5D5C5F1-CD1D-486B-BA9A-F5A63EAF0C21}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B7C14BD2-BBD3-4B71-9AEE-219B2476D58F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BBB3E4F6-1CBD-4E0E-AD7C-BB2F4BA31F3A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BE253FB2-7B3B-4578-B728-2982666C2D53}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C3864C5E-071A-471D-A76D-228BA798A85E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E63764F0-4939-4ED1-B8F6-9B66D2CCE82F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F23EFE40-FAB5-4F43-BAC4-2D33A214ADAA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FBDF3C77-82F9-4F83-B9E2-F3959E912E51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D666E2A-83A3-4D3C-9CB0-496E4ABFBFA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{14B1E72A-5BBC-4F1D-B7C6-4CA09C28A8F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B55BE69-5705-4BD5-9DFA-16A688DACD10}" = protocol=6 | dir=out | app=system | 
"{38A44F4A-F4B3-4BFD-9B86-9F3E3559C952}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{38CF8E5A-E305-4D5D-BF3E-3BCE41A9D00A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3906A9A4-6A3C-4640-86BB-95012B85261D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4E7B58BF-74AB-4933-80EF-F69195B56F1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60E95256-5432-4684-BBA1-1736E3ECADAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{69FCB3E0-360C-4495-82DA-54E213628665}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D7F4817-0664-4BF2-B602-9FA9CA6BEFB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7E5C6C2E-ED3E-46ED-A4EF-5FB7D1EA8859}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{851ED9CF-B48E-4B6F-BF54-C1FD393BC5FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BBDAA93-DD54-4C92-A6A9-FBF6EE1C952B}" = protocol=6 | dir=in | app=c:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9138D258-BEC3-49F5-B7F7-4D9AECCF5E26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97CCDB51-37EF-4A3E-A4F4-3D26D4BB3240}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A0BC4697-8E25-45BE-AA3E-951999BC49D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA004715-FCDD-4142-A248-72796AF2FE21}" = protocol=17 | dir=in | app=c:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD454436-9A18-493B-BE52-4C9A44E9A6FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4722EE8-AEBF-4C70-8750-AE738FC448FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{BE8B70DD-811D-4A7A-8161-C8640AD27B8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D9EF1C6F-1ECA-42C9-B68F-21DFF418F5BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E2C2843A-6A87-4728-AADA-1D1C550D8798}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4A34F39-20C0-47C5-B530-EDD3A292A803}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ECA93573-0CFF-4797-8747-7243D20FEA92}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{F66E099A-F169-47E4-8491-DA19339EA108}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"ImgBurn" = ImgBurn
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TmUnitedForever_is1" = TmUnitedForever
"Trojancheck_is1" = Trojancheck 6
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 11:05:40 | Computer Name = Win7-Desktop | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 01.02.2013 11:05:40 | Computer Name = Win7-Desktop | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 01.02.2013 11:06:59 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 11:14:48 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 11:19:02 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 11:26:48 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 12:47:49 | Computer Name = Win7-Desktop | Source = MsiInstaller | ID = 11704
Description = 
 
Error - 01.02.2013 12:51:22 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 13:00:40 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 13:06:27 | Computer Name = Win7-Desktop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 01.02.2013 11:25:39 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 01.02.2013 12:49:51 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.02.2013 12:49:52 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG Firewall" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805289.
 
Error - 01.02.2013 12:49:52 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
Error - 01.02.2013 12:59:07 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.02.2013 12:59:07 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG Firewall" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805289.
 
Error - 01.02.2013 12:59:10 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
Error - 01.02.2013 13:04:55 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.02.2013 13:04:55 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG Firewall" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805289.
 
Error - 01.02.2013 13:04:59 | Computer Name = Win7-Desktop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
 
< End of report >

Code:

ATTFilter

GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-01 18:52:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AACS-00G8B0 rev.05.04C05 596,17GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Cookie\AppData\Local\Temp\kwddypow.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076011401 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076011419 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076011431 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007601144a 2 bytes [01, 76]
.text  ...                                                                                                                 * 9
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000760114dd 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000760114f5 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007601150d 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076011525 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007601153d 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076011555 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007601156d 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076011585 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007601159d 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000760115b5 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000760115cd 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000760116b2 2 bytes [01, 76]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000760116bd 2 bytes [01, 76]

---- EOF - GMER 2.0 ----

Danke für Analysieren

cosinus · 02.02.2013, 17:14

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

keks60311 · 02.02.2013, 17:34

Hallo Cosinus,

Malwarebytes Anti Rootkit hat nichts gefunden.

hier der log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cookie :: WIN7-DESKTOP [administrator]

02.02.2013 17:29:55
mbar-log-2013-02-02 (17-29-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28730
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 02.02.2013, 18:03

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

keks60311 · 02.02.2013, 18:40

Hier wären dann die anderen Logfiles vom aswMBR und TDSS Killer.

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-02 18:15:06
-----------------------------
18:15:06.752    OS Version: Windows x64 6.1.7601 Service Pack 1
18:15:06.752    Number of processors: 2 586 0x1706
18:15:06.752    ComputerName: WIN7-DESKTOP  UserName: Cookie
18:15:07.360    Initialize success
18:17:39.855    AVAST engine defs: 13020200
18:18:06.219    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:18:06.219    Disk 0 Vendor: WDC_WD6400AACS-00G8B0 05.04C05 Size: 610480MB BusType: 11
18:18:06.235    Disk 0 MBR read successfully
18:18:06.235    Disk 0 MBR scan
18:18:06.235    Disk 0 Windows 7 default MBR code
18:18:06.250    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:18:06.250    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       256000 MB offset 206848
18:18:06.281    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       354378 MB offset 524494848
18:18:06.297    Disk 0 scanning C:\Windows\system32\drivers
18:18:11.554    Service scanning
18:18:24.611    Modules scanning
18:18:24.611    Disk 0 trace - called modules:
18:18:24.611    
18:18:25.423    AVAST engine scan C:\Windows
18:18:26.483    AVAST engine scan C:\Windows\system32
18:20:12.127    AVAST engine scan C:\Windows\system32\drivers
18:20:17.852    AVAST engine scan C:\Users\Cookie
18:22:28.455    AVAST engine scan C:\ProgramData
18:22:48.938    Scan finished successfully
18:25:46.794    Disk 0 MBR has been saved successfully to "C:\Users\Cookie\Desktop\MBR.dat"
18:25:46.794    The log file has been saved successfully to "C:\Users\Cookie\Desktop\aswMBR.txt"

Code:

ATTFilter

18:26:40.0269 3940  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:26:40.0487 3940  ============================================================
18:26:40.0487 3940  Current date / time: 2013/02/02 18:26:40.0487
18:26:40.0487 3940  SystemInfo:
18:26:40.0487 3940  
18:26:40.0487 3940  OS Version: 6.1.7601 ServicePack: 1.0
18:26:40.0487 3940  Product type: Workstation
18:26:40.0487 3940  ComputerName: WIN7-DESKTOP
18:26:40.0487 3940  UserName: Cookie
18:26:40.0487 3940  Windows directory: C:\Windows
18:26:40.0487 3940  System windows directory: C:\Windows
18:26:40.0487 3940  Running under WOW64
18:26:40.0487 3940  Processor architecture: Intel x64
18:26:40.0487 3940  Number of processors: 2
18:26:40.0487 3940  Page size: 0x1000
18:26:40.0487 3940  Boot type: Normal boot
18:26:40.0487 3940  ============================================================
18:26:41.0299 3940  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:26:41.0330 3940  ============================================================
18:26:41.0330 3940  \Device\Harddisk0\DR0:
18:26:41.0330 3940  MBR partitions:
18:26:41.0330 3940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:26:41.0330 3940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1F400000
18:26:41.0330 3940  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1F432800, BlocksNum 0x2B425000
18:26:41.0330 3940  ============================================================
18:26:41.0377 3940  C: <-> \Device\Harddisk0\DR0\Partition2
18:26:41.0408 3940  D: <-> \Device\Harddisk0\DR0\Partition3
18:26:41.0439 3940  ============================================================
18:26:41.0439 3940  Initialize success
18:26:41.0439 3940  ============================================================
18:27:50.0563 3680  ============================================================
18:27:50.0563 3680  Scan started
18:27:50.0563 3680  Mode: Manual; SigCheck; TDLFS; 
18:27:50.0563 3680  ============================================================
18:27:50.0828 3680  ================ Scan system memory ========================
18:27:50.0828 3680  System memory - ok
18:27:50.0828 3680  ================ Scan services =============================
18:27:50.0968 3680  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
18:27:51.0078 3680  1394ohci - ok
18:27:51.0078 3680  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:27:51.0093 3680  ACPI - ok
18:27:51.0109 3680  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:27:51.0171 3680  AcpiPmi - ok
18:27:51.0249 3680  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:27:51.0296 3680  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:27:51.0296 3680  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
18:27:51.0358 3680  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:27:51.0374 3680  AdobeARMservice - ok
18:27:51.0390 3680  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:27:51.0421 3680  adp94xx - ok
18:27:51.0436 3680  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:27:51.0452 3680  adpahci - ok
18:27:51.0452 3680  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:27:51.0468 3680  adpu320 - ok
18:27:51.0499 3680  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:27:51.0608 3680  AeLookupSvc - ok
18:27:51.0639 3680  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:27:51.0686 3680  AFD - ok
18:27:51.0702 3680  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:27:51.0717 3680  agp440 - ok
18:27:51.0733 3680  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:27:51.0748 3680  ALG - ok
18:27:51.0764 3680  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:27:51.0780 3680  aliide - ok
18:27:51.0780 3680  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:27:51.0795 3680  amdide - ok
18:27:51.0795 3680  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:27:51.0811 3680  AmdK8 - ok
18:27:51.0811 3680  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:27:51.0842 3680  AmdPPM - ok
18:27:51.0858 3680  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:27:51.0873 3680  amdsata - ok
18:27:51.0873 3680  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:27:51.0904 3680  amdsbs - ok
18:27:51.0904 3680  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:27:51.0920 3680  amdxata - ok
18:27:51.0936 3680  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:27:51.0982 3680  AppID - ok
18:27:51.0982 3680  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:27:52.0029 3680  AppIDSvc - ok
18:27:52.0060 3680  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:27:52.0092 3680  Appinfo - ok
18:27:52.0107 3680  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:27:52.0123 3680  arc - ok
18:27:52.0123 3680  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:27:52.0138 3680  arcsas - ok
18:27:52.0154 3680  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:52.0201 3680  AsyncMac - ok
18:27:52.0201 3680  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:27:52.0216 3680  atapi - ok
18:27:52.0248 3680  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:27:52.0310 3680  AudioEndpointBuilder - ok
18:27:52.0326 3680  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:27:52.0357 3680  AudioSrv - ok
18:27:52.0435 3680  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
18:27:52.0466 3680  avgfws - ok
18:27:52.0591 3680  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:27:52.0669 3680  AVGIDSAgent - ok
18:27:52.0684 3680  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:27:52.0700 3680  avgwd - ok
18:27:52.0747 3680  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
18:27:52.0762 3680  AVP - ok
18:27:52.0794 3680  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:27:52.0825 3680  AxInstSV - ok
18:27:52.0856 3680  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:27:52.0887 3680  b06bdrv - ok
18:27:52.0903 3680  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:27:52.0934 3680  b57nd60a - ok
18:27:52.0965 3680  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:27:52.0996 3680  BDESVC - ok
18:27:53.0012 3680  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:27:53.0043 3680  Beep - ok
18:27:53.0090 3680  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:27:53.0152 3680  BFE - ok
18:27:53.0184 3680  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:27:53.0246 3680  BITS - ok
18:27:53.0277 3680  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:53.0293 3680  blbdrive - ok
18:27:53.0324 3680  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:27:53.0355 3680  bowser - ok
18:27:53.0418 3680  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:27:53.0433 3680  BrFiltLo - ok
18:27:53.0433 3680  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:27:53.0449 3680  BrFiltUp - ok
18:27:53.0480 3680  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:27:53.0496 3680  Browser - ok
18:27:53.0527 3680  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:27:53.0558 3680  Brserid - ok
18:27:53.0558 3680  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:53.0589 3680  BrSerWdm - ok
18:27:53.0589 3680  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:53.0605 3680  BrUsbMdm - ok
18:27:53.0605 3680  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:53.0636 3680  BrUsbSer - ok
18:27:53.0652 3680  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:27:53.0667 3680  BTHMODEM - ok
18:27:53.0698 3680  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:27:53.0745 3680  bthserv - ok
18:27:53.0745 3680  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:27:53.0808 3680  cdfs - ok
18:27:53.0823 3680  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:27:53.0854 3680  cdrom - ok
18:27:53.0870 3680  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:27:53.0948 3680  CertPropSvc - ok
18:27:53.0964 3680  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:27:53.0979 3680  circlass - ok
18:27:53.0995 3680  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:27:54.0010 3680  CLFS - ok
18:27:54.0073 3680  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:27:54.0088 3680  clr_optimization_v2.0.50727_32 - ok
18:27:54.0135 3680  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:27:54.0151 3680  clr_optimization_v2.0.50727_64 - ok
18:27:54.0213 3680  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:27:54.0229 3680  clr_optimization_v4.0.30319_32 - ok
18:27:54.0260 3680  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:27:54.0260 3680  clr_optimization_v4.0.30319_64 - ok
18:27:54.0276 3680  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:27:54.0307 3680  CmBatt - ok
18:27:54.0307 3680  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:27:54.0322 3680  cmdide - ok
18:27:54.0354 3680  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:27:54.0400 3680  CNG - ok
18:27:54.0400 3680  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:27:54.0416 3680  Compbatt - ok
18:27:54.0447 3680  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:27:54.0463 3680  CompositeBus - ok
18:27:54.0478 3680  COMSysApp - ok
18:27:54.0494 3680  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:27:54.0510 3680  crcdisk - ok
18:27:54.0525 3680  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:27:54.0556 3680  CryptSvc - ok
18:27:54.0588 3680  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:27:54.0634 3680  DcomLaunch - ok
18:27:54.0666 3680  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:27:54.0697 3680  defragsvc - ok
18:27:54.0712 3680  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:27:54.0759 3680  DfsC - ok
18:27:54.0775 3680  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:27:54.0806 3680  Dhcp - ok
18:27:54.0822 3680  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:27:54.0853 3680  discache - ok
18:27:54.0868 3680  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:27:54.0884 3680  Disk - ok
18:27:54.0900 3680  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:27:54.0915 3680  Dnscache - ok
18:27:54.0931 3680  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:27:54.0978 3680  dot3svc - ok
18:27:55.0009 3680  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
18:27:55.0040 3680  Dot4 - ok
18:27:55.0056 3680  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:27:55.0087 3680  Dot4Print - ok
18:27:55.0118 3680  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
18:27:55.0134 3680  dot4usb - ok
18:27:55.0149 3680  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:27:55.0196 3680  DPS - ok
18:27:55.0212 3680  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:27:55.0227 3680  drmkaud - ok
18:27:55.0258 3680  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:27:55.0274 3680  dtsoftbus01 - ok
18:27:55.0321 3680  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:27:55.0368 3680  DXGKrnl - ok
18:27:55.0399 3680  [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
18:27:55.0414 3680  e1express - ok
18:27:55.0446 3680  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:27:55.0508 3680  EapHost - ok
18:27:55.0570 3680  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:27:55.0664 3680  ebdrv - ok
18:27:55.0680 3680  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:27:55.0711 3680  EFS - ok
18:27:55.0758 3680  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:27:55.0804 3680  ehRecvr - ok
18:27:55.0820 3680  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:27:55.0851 3680  ehSched - ok
18:27:55.0867 3680  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:27:55.0898 3680  elxstor - ok
18:27:55.0898 3680  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:27:55.0914 3680  ErrDev - ok
18:27:55.0945 3680  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:27:55.0992 3680  EventSystem - ok
18:27:55.0992 3680  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:27:56.0038 3680  exfat - ok
18:27:56.0054 3680  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:27:56.0101 3680  fastfat - ok
18:27:56.0132 3680  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:27:56.0179 3680  Fax - ok
18:27:56.0179 3680  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:27:56.0210 3680  fdc - ok
18:27:56.0226 3680  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:27:56.0257 3680  fdPHost - ok
18:27:56.0272 3680  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:27:56.0319 3680  FDResPub - ok
18:27:56.0319 3680  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:27:56.0335 3680  FileInfo - ok
18:27:56.0335 3680  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:27:56.0382 3680  Filetrace - ok
18:27:56.0382 3680  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:27:56.0397 3680  flpydisk - ok
18:27:56.0413 3680  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:27:56.0428 3680  FltMgr - ok
18:27:56.0491 3680  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:27:56.0553 3680  FontCache - ok
18:27:56.0584 3680  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:27:56.0600 3680  FontCache3.0.0.0 - ok
18:27:56.0600 3680  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:27:56.0616 3680  FsDepends - ok
18:27:56.0631 3680  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:27:56.0647 3680  Fs_Rec - ok
18:27:56.0678 3680  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:27:56.0694 3680  fvevol - ok
18:27:56.0725 3680  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:27:56.0725 3680  gagp30kx - ok
18:27:56.0756 3680  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:27:56.0818 3680  gpsvc - ok
18:27:56.0881 3680  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:56.0896 3680  gupdate - ok
18:27:56.0912 3680  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:56.0912 3680  gupdatem - ok
18:27:56.0928 3680  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:27:56.0959 3680  hcw85cir - ok
18:27:56.0990 3680  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:27:57.0021 3680  HdAudAddService - ok
18:27:57.0021 3680  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:27:57.0068 3680  HDAudBus - ok
18:27:57.0068 3680  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:27:57.0099 3680  HidBatt - ok
18:27:57.0115 3680  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:27:57.0130 3680  HidBth - ok
18:27:57.0130 3680  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:27:57.0146 3680  HidIr - ok
18:27:57.0162 3680  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:27:57.0193 3680  hidserv - ok
18:27:57.0208 3680  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:27:57.0224 3680  HidUsb - ok
18:27:57.0255 3680  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:27:57.0302 3680  hkmsvc - ok
18:27:57.0302 3680  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:27:57.0333 3680  HomeGroupListener - ok
18:27:57.0364 3680  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:27:57.0396 3680  HomeGroupProvider - ok
18:27:57.0396 3680  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:27:57.0411 3680  HpSAMD - ok
18:27:57.0442 3680  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:27:57.0489 3680  HTTP - ok
18:27:57.0489 3680  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:27:57.0505 3680  hwpolicy - ok
18:27:57.0536 3680  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:27:57.0552 3680  i8042prt - ok
18:27:57.0583 3680  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:27:57.0598 3680  iaStorV - ok
18:27:57.0645 3680  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:27:57.0661 3680  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:27:57.0661 3680  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:27:57.0708 3680  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:27:57.0739 3680  idsvc - ok
18:27:57.0754 3680  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:27:57.0754 3680  iirsp - ok
18:27:57.0801 3680  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:27:57.0864 3680  IKEEXT - ok
18:27:57.0879 3680  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:27:57.0879 3680  intelide - ok
18:27:57.0895 3680  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:27:57.0926 3680  intelppm - ok
18:27:57.0942 3680  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:27:57.0988 3680  IPBusEnum - ok
18:27:58.0004 3680  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:58.0035 3680  IpFilterDriver - ok
18:27:58.0066 3680  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:27:58.0144 3680  iphlpsvc - ok
18:27:58.0160 3680  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:27:58.0191 3680  IPMIDRV - ok
18:27:58.0191 3680  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:27:58.0238 3680  IPNAT - ok
18:27:58.0254 3680  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:27:58.0269 3680  IRENUM - ok
18:27:58.0285 3680  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:27:58.0285 3680  isapnp - ok
18:27:58.0316 3680  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:27:58.0332 3680  iScsiPrt - ok
18:27:58.0332 3680  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:58.0347 3680  kbdclass - ok
18:27:58.0363 3680  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:27:58.0378 3680  kbdhid - ok
18:27:58.0378 3680  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:27:58.0394 3680  KeyIso - ok
18:27:58.0441 3680  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
18:27:58.0456 3680  kl1 - ok
18:27:58.0534 3680  [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:27:58.0550 3680  KLIF - ok
18:27:58.0581 3680  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:27:58.0597 3680  KLIM6 - ok
18:27:58.0628 3680  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
18:27:58.0628 3680  klkbdflt - ok
18:27:58.0644 3680  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:27:58.0644 3680  klmouflt - ok
18:27:58.0659 3680  [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
18:27:58.0659 3680  kltdi - ok
18:27:58.0675 3680  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
18:27:58.0690 3680  kneps - ok
18:27:58.0737 3680  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:27:58.0737 3680  KSecDD - ok
18:27:58.0768 3680  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:27:58.0768 3680  KSecPkg - ok
18:27:58.0784 3680  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:27:58.0815 3680  ksthunk - ok
18:27:58.0862 3680  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:27:58.0909 3680  KtmRm - ok
18:27:58.0924 3680  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:27:58.0971 3680  LanmanServer - ok
18:27:59.0002 3680  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:27:59.0034 3680  LanmanWorkstation - ok
18:27:59.0049 3680  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:27:59.0096 3680  lltdio - ok
18:27:59.0127 3680  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:27:59.0190 3680  lltdsvc - ok
18:27:59.0205 3680  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:27:59.0236 3680  lmhosts - ok
18:27:59.0268 3680  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:27:59.0268 3680  LSI_FC - ok
18:27:59.0283 3680  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:27:59.0299 3680  LSI_SAS - ok
18:27:59.0299 3680  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:27:59.0314 3680  LSI_SAS2 - ok
18:27:59.0330 3680  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:27:59.0346 3680  LSI_SCSI - ok
18:27:59.0346 3680  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:27:59.0392 3680  luafv - ok
18:27:59.0424 3680  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:27:59.0439 3680  Mcx2Svc - ok
18:27:59.0455 3680  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:27:59.0455 3680  megasas - ok
18:27:59.0486 3680  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:27:59.0502 3680  MegaSR - ok
18:27:59.0533 3680  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:27:59.0580 3680  MMCSS - ok
18:27:59.0595 3680  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:27:59.0642 3680  Modem - ok
18:27:59.0658 3680  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:27:59.0689 3680  monitor - ok
18:27:59.0704 3680  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:27:59.0704 3680  mouclass - ok
18:27:59.0720 3680  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:27:59.0751 3680  mouhid - ok
18:27:59.0751 3680  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:27:59.0767 3680  mountmgr - ok
18:27:59.0814 3680  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:27:59.0814 3680  MozillaMaintenance - ok
18:27:59.0829 3680  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:27:59.0845 3680  mpio - ok
18:27:59.0845 3680  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:27:59.0892 3680  mpsdrv - ok
18:27:59.0923 3680  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:27:59.0970 3680  MpsSvc - ok
18:27:59.0985 3680  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:28:00.0016 3680  MRxDAV - ok
18:28:00.0048 3680  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:00.0079 3680  mrxsmb - ok
18:28:00.0110 3680  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:00.0126 3680  mrxsmb10 - ok
18:28:00.0141 3680  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:00.0157 3680  mrxsmb20 - ok
18:28:00.0188 3680  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:28:00.0204 3680  msahci - ok
18:28:00.0204 3680  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:28:00.0219 3680  msdsm - ok
18:28:00.0235 3680  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:28:00.0250 3680  MSDTC - ok
18:28:00.0266 3680  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:28:00.0297 3680  Msfs - ok
18:28:00.0297 3680  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:28:00.0360 3680  mshidkmdf - ok
18:28:00.0360 3680  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:28:00.0375 3680  msisadrv - ok
18:28:00.0422 3680  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:28:00.0453 3680  MSiSCSI - ok
18:28:00.0469 3680  msiserver - ok
18:28:00.0484 3680  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:28:00.0547 3680  MSKSSRV - ok
18:28:00.0547 3680  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:00.0594 3680  MSPCLOCK - ok
18:28:00.0594 3680  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:28:00.0640 3680  MSPQM - ok
18:28:00.0656 3680  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:28:00.0672 3680  MsRPC - ok
18:28:00.0687 3680  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:28:00.0687 3680  mssmbios - ok
18:28:00.0718 3680  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:28:00.0765 3680  MSTEE - ok
18:28:00.0781 3680  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:28:00.0796 3680  MTConfig - ok
18:28:00.0796 3680  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:28:00.0812 3680  Mup - ok
18:28:00.0843 3680  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:28:00.0890 3680  napagent - ok
18:28:00.0921 3680  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:28:00.0952 3680  NativeWifiP - ok
18:28:00.0999 3680  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:28:01.0030 3680  NDIS - ok
18:28:01.0046 3680  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:01.0077 3680  NdisCap - ok
18:28:01.0108 3680  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:01.0140 3680  NdisTapi - ok
18:28:01.0140 3680  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:01.0171 3680  Ndisuio - ok
18:28:01.0186 3680  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:01.0218 3680  NdisWan - ok
18:28:01.0233 3680  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:28:01.0280 3680  NDProxy - ok
18:28:01.0280 3680  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:28:01.0311 3680  NetBIOS - ok
18:28:01.0342 3680  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:28:01.0374 3680  NetBT - ok
18:28:01.0389 3680  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:28:01.0405 3680  Netlogon - ok
18:28:01.0436 3680  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:28:01.0483 3680  Netman - ok
18:28:01.0514 3680  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:28:01.0561 3680  netprofm - ok
18:28:01.0576 3680  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:28:01.0592 3680  NetTcpPortSharing - ok
18:28:01.0592 3680  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:28:01.0608 3680  nfrd960 - ok
18:28:01.0639 3680  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:28:01.0670 3680  NlaSvc - ok
18:28:01.0686 3680  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:28:01.0717 3680  Npfs - ok
18:28:01.0717 3680  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:28:01.0764 3680  nsi - ok
18:28:01.0764 3680  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:28:01.0810 3680  nsiproxy - ok
18:28:01.0857 3680  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:28:01.0920 3680  Ntfs - ok
18:28:01.0920 3680  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:28:01.0966 3680  Null - ok
18:28:02.0216 3680  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:28:02.0559 3680  nvlddmkm - ok
18:28:02.0590 3680  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:28:02.0606 3680  nvraid - ok
18:28:02.0637 3680  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:28:02.0653 3680  nvstor - ok
18:28:02.0700 3680  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:28:02.0746 3680  nvsvc - ok
18:28:02.0793 3680  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:28:02.0840 3680  nvUpdatusService - ok
18:28:02.0856 3680  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:28:02.0871 3680  nv_agp - ok
18:28:02.0871 3680  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:28:02.0902 3680  ohci1394 - ok
18:28:02.0918 3680  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:28:02.0949 3680  p2pimsvc - ok
18:28:02.0980 3680  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:28:02.0996 3680  p2psvc - ok
18:28:03.0027 3680  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:28:03.0058 3680  Parport - ok
18:28:03.0074 3680  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:28:03.0090 3680  partmgr - ok
18:28:03.0105 3680  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:28:03.0136 3680  PcaSvc - ok
18:28:03.0152 3680  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:28:03.0168 3680  pci - ok
18:28:03.0168 3680  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:28:03.0183 3680  pciide - ok
18:28:03.0199 3680  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:28:03.0214 3680  pcmcia - ok
18:28:03.0230 3680  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:28:03.0230 3680  pcw - ok
18:28:03.0246 3680  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:28:03.0292 3680  PEAUTH - ok
18:28:03.0355 3680  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:28:03.0386 3680  PerfHost - ok
18:28:03.0433 3680  [ 1E81496AFF9D7FA2B4C4032B746DE5B9 ] Ph3xIB64        C:\Windows\system32\DRIVERS\Ph3xIB64.sys
18:28:03.0511 3680  Ph3xIB64 - ok
18:28:03.0542 3680  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:28:03.0636 3680  pla - ok
18:28:03.0651 3680  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:28:03.0682 3680  PlugPlay - ok
18:28:03.0698 3680  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:28:03.0729 3680  PNRPAutoReg - ok
18:28:03.0745 3680  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:28:03.0760 3680  PNRPsvc - ok
18:28:03.0807 3680  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:28:03.0854 3680  PolicyAgent - ok
18:28:03.0870 3680  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:28:03.0916 3680  Power - ok
18:28:03.0948 3680  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:28:03.0994 3680  PptpMiniport - ok
18:28:04.0010 3680  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:28:04.0041 3680  Processor - ok
18:28:04.0072 3680  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:28:04.0104 3680  ProfSvc - ok
18:28:04.0119 3680  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:04.0135 3680  ProtectedStorage - ok
18:28:04.0166 3680  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:28:04.0197 3680  Psched - ok
18:28:04.0244 3680  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:28:04.0291 3680  ql2300 - ok
18:28:04.0306 3680  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:28:04.0322 3680  ql40xx - ok
18:28:04.0353 3680  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:28:04.0369 3680  QWAVE - ok
18:28:04.0369 3680  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:28:04.0384 3680  QWAVEdrv - ok
18:28:04.0400 3680  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:28:04.0431 3680  RasAcd - ok
18:28:04.0447 3680  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:04.0509 3680  RasAgileVpn - ok
18:28:04.0509 3680  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:28:04.0556 3680  RasAuto - ok
18:28:04.0572 3680  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:04.0618 3680  Rasl2tp - ok
18:28:04.0634 3680  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:28:04.0681 3680  RasMan - ok
18:28:04.0681 3680  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:04.0728 3680  RasPppoe - ok
18:28:04.0743 3680  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:28:04.0774 3680  RasSstp - ok
18:28:04.0790 3680  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:28:04.0821 3680  rdbss - ok
18:28:04.0837 3680  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:28:04.0868 3680  rdpbus - ok
18:28:04.0868 3680  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:04.0915 3680  RDPCDD - ok
18:28:04.0915 3680  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:28:04.0962 3680  RDPENCDD - ok
18:28:04.0962 3680  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:28:04.0993 3680  RDPREFMP - ok
18:28:05.0024 3680  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:28:05.0055 3680  RDPWD - ok
18:28:05.0055 3680  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:28:05.0071 3680  rdyboost - ok
18:28:05.0102 3680  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:28:05.0149 3680  RemoteAccess - ok
18:28:05.0164 3680  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:28:05.0211 3680  RemoteRegistry - ok
18:28:05.0227 3680  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:28:05.0274 3680  RpcEptMapper - ok
18:28:05.0305 3680  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:28:05.0336 3680  RpcLocator - ok
18:28:05.0367 3680  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:28:05.0414 3680  RpcSs - ok
18:28:05.0414 3680  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:28:05.0445 3680  rspndr - ok
18:28:05.0461 3680  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:28:05.0476 3680  SamSs - ok
18:28:05.0476 3680  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:28:05.0492 3680  sbp2port - ok
18:28:05.0508 3680  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:28:05.0539 3680  SCardSvr - ok
18:28:05.0554 3680  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:28:05.0601 3680  scfilter - ok
18:28:05.0632 3680  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:28:05.0695 3680  Schedule - ok
18:28:05.0726 3680  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:28:05.0757 3680  SCPolicySvc - ok
18:28:05.0757 3680  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:28:05.0788 3680  SDRSVC - ok
18:28:05.0788 3680  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:28:05.0835 3680  secdrv - ok
18:28:05.0851 3680  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:28:05.0882 3680  seclogon - ok
18:28:05.0898 3680  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:28:05.0944 3680  SENS - ok
18:28:05.0976 3680  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:28:05.0991 3680  SensrSvc - ok
18:28:06.0007 3680  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:28:06.0022 3680  Serenum - ok
18:28:06.0038 3680  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:28:06.0069 3680  Serial - ok
18:28:06.0085 3680  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:28:06.0116 3680  sermouse - ok
18:28:06.0132 3680  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:28:06.0178 3680  SessionEnv - ok
18:28:06.0178 3680  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:28:06.0194 3680  sffdisk - ok
18:28:06.0194 3680  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:28:06.0210 3680  sffp_mmc - ok
18:28:06.0210 3680  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:28:06.0241 3680  sffp_sd - ok
18:28:06.0241 3680  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:28:06.0272 3680  sfloppy - ok
18:28:06.0288 3680  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:28:06.0334 3680  SharedAccess - ok
18:28:06.0366 3680  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:28:06.0397 3680  ShellHWDetection - ok
18:28:06.0397 3680  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:28:06.0412 3680  SiSRaid2 - ok
18:28:06.0428 3680  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:28:06.0428 3680  SiSRaid4 - ok
18:28:06.0490 3680  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:28:06.0490 3680  SkypeUpdate - ok
18:28:06.0506 3680  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:28:06.0553 3680  Smb - ok
18:28:06.0568 3680  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:28:06.0600 3680  SNMPTRAP - ok
18:28:06.0600 3680  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:28:06.0615 3680  spldr - ok
18:28:06.0646 3680  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:28:06.0678 3680  Spooler - ok
18:28:06.0740 3680  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:28:06.0865 3680  sppsvc - ok
18:28:06.0880 3680  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:28:06.0912 3680  sppuinotify - ok
18:28:06.0943 3680  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:28:06.0974 3680  srv - ok
18:28:06.0990 3680  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:28:07.0021 3680  srv2 - ok
18:28:07.0036 3680  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:28:07.0052 3680  srvnet - ok
18:28:07.0083 3680  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:28:07.0114 3680  SSDPSRV - ok
18:28:07.0130 3680  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:28:07.0161 3680  SstpSvc - ok
18:28:07.0208 3680  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:28:07.0224 3680  Stereo Service - ok
18:28:07.0239 3680  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:28:07.0255 3680  stexstor - ok
18:28:07.0302 3680  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:28:07.0333 3680  stisvc - ok
18:28:07.0333 3680  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:28:07.0348 3680  swenum - ok
18:28:07.0364 3680  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:28:07.0411 3680  swprv - ok
18:28:07.0473 3680  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:28:07.0536 3680  SysMain - ok
18:28:07.0551 3680  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:28:07.0582 3680  TabletInputService - ok
18:28:07.0598 3680  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:28:07.0645 3680  TapiSrv - ok
18:28:07.0645 3680  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:28:07.0692 3680  TBS - ok
18:28:07.0754 3680  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:28:07.0832 3680  Tcpip - ok
18:28:07.0863 3680  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:28:07.0910 3680  TCPIP6 - ok
18:28:07.0910 3680  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:28:07.0926 3680  tcpipreg - ok
18:28:07.0957 3680  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:28:07.0972 3680  TDPIPE - ok
18:28:08.0004 3680  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:28:08.0035 3680  TDTCP - ok
18:28:08.0035 3680  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:28:08.0082 3680  tdx - ok
18:28:08.0082 3680  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:28:08.0097 3680  TermDD - ok
18:28:08.0113 3680  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:28:08.0175 3680  TermService - ok
18:28:08.0175 3680  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:28:08.0191 3680  Themes - ok
18:28:08.0222 3680  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:28:08.0253 3680  THREADORDER - ok
18:28:08.0269 3680  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:28:08.0316 3680  TrkWks - ok
18:28:08.0347 3680  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:28:08.0378 3680  TrustedInstaller - ok
18:28:08.0394 3680  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:08.0440 3680  tssecsrv - ok
18:28:08.0456 3680  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:28:08.0472 3680  TsUsbFlt - ok
18:28:08.0487 3680  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:28:08.0503 3680  TsUsbGD - ok
18:28:08.0518 3680  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:28:08.0565 3680  tunnel - ok
18:28:08.0565 3680  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:28:08.0581 3680  uagp35 - ok
18:28:08.0612 3680  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:28:08.0659 3680  udfs - ok
18:28:08.0659 3680  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:28:08.0674 3680  UI0Detect - ok
18:28:08.0690 3680  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:28:08.0706 3680  uliagpkx - ok
18:28:08.0721 3680  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:28:08.0752 3680  umbus - ok
18:28:08.0752 3680  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:28:08.0799 3680  UmPass - ok
18:28:08.0815 3680  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:28:08.0862 3680  upnphost - ok
18:28:08.0924 3680  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:28:08.0940 3680  usbaudio - ok
18:28:08.0971 3680  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:08.0986 3680  usbccgp - ok
18:28:09.0002 3680  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:28:09.0018 3680  usbcir - ok
18:28:09.0033 3680  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:28:09.0064 3680  usbehci - ok
18:28:09.0096 3680  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:28:09.0127 3680  usbhub - ok
18:28:09.0142 3680  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:28:09.0158 3680  usbohci - ok
18:28:09.0158 3680  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:28:09.0189 3680  usbprint - ok
18:28:09.0189 3680  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:28:09.0220 3680  USBSTOR - ok
18:28:09.0236 3680  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:28:09.0252 3680  usbuhci - ok
18:28:09.0267 3680  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:28:09.0314 3680  UxSms - ok
18:28:09.0330 3680  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:28:09.0345 3680  VaultSvc - ok
18:28:09.0361 3680  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:28:09.0376 3680  vdrvroot - ok
18:28:09.0392 3680  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:28:09.0454 3680  vds - ok
18:28:09.0470 3680  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:09.0486 3680  vga - ok
18:28:09.0517 3680  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:28:09.0548 3680  VgaSave - ok
18:28:09.0548 3680  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:28:09.0564 3680  vhdmp - ok
18:28:09.0564 3680  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:28:09.0579 3680  viaide - ok
18:28:09.0595 3680  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:28:09.0610 3680  volmgr - ok
18:28:09.0610 3680  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:28:09.0642 3680  volmgrx - ok
18:28:09.0657 3680  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:28:09.0673 3680  volsnap - ok
18:28:09.0673 3680  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:28:09.0688 3680  vsmraid - ok
18:28:09.0735 3680  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:28:09.0829 3680  VSS - ok
18:28:09.0829 3680  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:28:09.0860 3680  vwifibus - ok
18:28:09.0860 3680  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:28:09.0907 3680  W32Time - ok
18:28:09.0922 3680  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:28:09.0938 3680  WacomPen - ok
18:28:09.0954 3680  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:28:09.0985 3680  WANARP - ok
18:28:09.0985 3680  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:28:10.0032 3680  Wanarpv6 - ok
18:28:10.0063 3680  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:28:10.0125 3680  wbengine - ok
18:28:10.0125 3680  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:28:10.0141 3680  WbioSrvc - ok
18:28:10.0156 3680  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:28:10.0172 3680  wcncsvc - ok
18:28:10.0188 3680  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:28:10.0203 3680  WcsPlugInService - ok
18:28:10.0219 3680  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:28:10.0234 3680  Wd - ok
18:28:10.0250 3680  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:28:10.0297 3680  Wdf01000 - ok
18:28:10.0297 3680  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:28:10.0328 3680  WdiServiceHost - ok
18:28:10.0344 3680  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:28:10.0359 3680  WdiSystemHost - ok
18:28:10.0375 3680  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:28:10.0406 3680  WebClient - ok
18:28:10.0422 3680  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:28:10.0468 3680  Wecsvc - ok
18:28:10.0484 3680  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:28:10.0515 3680  wercplsupport - ok
18:28:10.0546 3680  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:28:10.0578 3680  WerSvc - ok
18:28:10.0593 3680  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:10.0624 3680  WfpLwf - ok
18:28:10.0640 3680  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:28:10.0656 3680  WIMMount - ok
18:28:10.0671 3680  WinDefend - ok
18:28:10.0687 3680  WinHttpAutoProxySvc - ok
18:28:10.0718 3680  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:28:10.0765 3680  Winmgmt - ok
18:28:10.0827 3680  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:28:10.0890 3680  WinRM - ok
18:28:10.0968 3680  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:28:10.0999 3680  WinUsb - ok
18:28:11.0030 3680  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:28:11.0092 3680  Wlansvc - ok
18:28:11.0186 3680  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:28:11.0264 3680  wlidsvc - ok
18:28:11.0295 3680  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:28:11.0326 3680  WmiAcpi - ok
18:28:11.0358 3680  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:28:11.0389 3680  wmiApSrv - ok
18:28:11.0404 3680  WMPNetworkSvc - ok
18:28:11.0420 3680  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:28:11.0436 3680  WPCSvc - ok
18:28:11.0451 3680  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:28:11.0467 3680  WPDBusEnum - ok
18:28:11.0482 3680  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:28:11.0514 3680  ws2ifsl - ok
18:28:11.0529 3680  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:28:11.0560 3680  wscsvc - ok
18:28:11.0560 3680  WSearch - ok
18:28:11.0623 3680  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:28:11.0701 3680  wuauserv - ok
18:28:11.0716 3680  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:28:11.0763 3680  WudfPf - ok
18:28:11.0779 3680  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:28:11.0810 3680  WUDFRd - ok
18:28:11.0826 3680  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:28:11.0841 3680  wudfsvc - ok
18:28:11.0872 3680  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:28:11.0888 3680  WwanSvc - ok
18:28:11.0919 3680  ================ Scan global ===============================
18:28:11.0919 3680  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:28:11.0950 3680  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:28:11.0950 3680  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:28:11.0966 3680  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:28:11.0997 3680  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:28:11.0997 3680  [Global] - ok
18:28:11.0997 3680  ================ Scan MBR ==================================
18:28:12.0013 3680  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:28:12.0231 3680  \Device\Harddisk0\DR0 - ok
18:28:12.0231 3680  ================ Scan VBR ==================================
18:28:12.0231 3680  [ D8CB5C0EC4A4292D12C6C83DBD971C41 ] \Device\Harddisk0\DR0\Partition1
18:28:12.0231 3680  \Device\Harddisk0\DR0\Partition1 - ok
18:28:12.0262 3680  [ A2D82A24E652AF13BA8FB2FA799E124E ] \Device\Harddisk0\DR0\Partition2
18:28:12.0262 3680  \Device\Harddisk0\DR0\Partition2 - ok
18:28:12.0262 3680  [ 07810BAC9E86C22A27A3ABFC1B126C02 ] \Device\Harddisk0\DR0\Partition3
18:28:12.0262 3680  \Device\Harddisk0\DR0\Partition3 - ok
18:28:12.0262 3680  ============================================================
18:28:12.0262 3680  Scan finished
18:28:12.0262 3680  ============================================================
18:28:12.0278 0412  Detected object count: 2
18:28:12.0278 0412  Actual detected object count: 2
18:28:23.0182 0412  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:28:23.0182 0412  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:28:23.0182 0412  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:28:23.0182 0412  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 02.02.2013, 18:53

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

keks60311 · 02.02.2013, 19:17

Hi Cosinus,

da die Prozedur mit ComboFix ja anscheinend ein bisschen Aufwändiger ist und ich nun zu einem Geburtstag muss, werde ich es gleich morgen in Angriff nehmen.

Sagen wir morgen gegen 16Uhr? Bist du auch am Sonntag tätig?

Wünsche dir erstmal ein schönes Wochenende.

Gruss
Keks

p.s. Bin sehr angetan von eurer Hilfe und Kompetenz hier.

cosinus · 03.02.2013, 01:29

Sonntag hab ich leider Hausarbeit und Familienbesuch aufm Zettel

Aber Sonntag Abends bin ich wohl da

keks60311 · 03.02.2013, 19:14

Schönen Guten Abend Cosinus,

hier das logfile von ComboFix. Hat alles ohne zu mucken wunderbar gescannt.
[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-02-03.02 - Cookie 03.02.2013  18:52:33.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3070.1952 [GMT 1:00]
ausgeführt von:: c:\users\Cookie\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-03 bis 2013-02-03  ))))))))))))))))))))))))))))))
.
.
2013-02-03 18:00 . 2013-02-03 18:00	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD3F0D85-68D7-4527-88D8-0A5B89ACF561}\offreg.dll
2013-02-03 17:59 . 2013-02-03 17:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-02 16:20 . 2013-02-02 16:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-02 14:19 . 2013-01-18 11:15	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD3F0D85-68D7-4527-88D8-0A5B89ACF561}\mpengine.dll
2013-02-01 18:00 . 2012-07-11 16:09	64856	----a-w-	c:\windows\system32\klfphc.dll
2013-02-01 18:00 . 2013-02-01 18:00	--------	d-----w-	c:\windows\ELAMBKUP
2013-02-01 18:00 . 2013-02-03 17:46	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-02-01 18:00 . 2013-02-01 18:00	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2013-02-01 18:00 . 2013-02-01 18:17	613720	----a-w-	c:\windows\system32\drivers\klif.sys
2013-02-01 18:00 . 2012-08-13 17:24	89432	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-02-01 15:14 . 2013-02-01 16:53	--------	d-----w-	c:\program files (x86)\Trojancheck 6
2013-02-01 15:12 . 2013-02-01 15:12	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-31 21:05 . 2013-01-31 21:05	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-01-31 15:56 . 2013-01-31 15:59	--------	d-----w-	c:\programdata\TrackMania
2013-01-31 14:42 . 2013-01-31 14:42	--------	d-----w-	c:\program files (x86)\Electronic Arts
2013-01-30 23:11 . 2013-01-30 23:11	--------	d-----w-	c:\program files (x86)\Common Files\Adobe Systems Shared
2013-01-30 23:09 . 2013-01-30 23:09	--------	d-----w-	C:\PS_CS2_Gr_NonRet
2013-01-30 18:59 . 2013-01-31 16:09	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2013-01-30 01:15 . 2013-01-30 01:15	--------	d-----w-	c:\windows\de
2013-01-30 01:15 . 2013-01-30 01:15	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-30 01:15 . 2013-01-30 01:15	--------	d-----w-	c:\windows\PCHEALTH
2013-01-30 01:15 . 2013-01-30 01:15	--------	d-----w-	c:\program files (x86)\Windows Live
2013-01-30 01:14 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-01-30 01:14 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2013-01-30 01:14 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2013-01-30 01:14 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-01-30 01:14 . 2010-05-26 10:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-01-30 01:14 . 2010-05-26 10:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-01-30 01:14 . 2010-05-26 10:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2013-01-30 01:14 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2013-01-30 01:14 . 2009-09-04 16:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2013-01-30 01:14 . 2009-09-04 16:29	523088	----a-w-	c:\windows\system32\d3dx10_42.dll
2013-01-30 01:14 . 2006-11-29 12:06	4398360	----a-w-	c:\windows\system32\d3dx9_32.dll
2013-01-30 01:14 . 2006-11-29 12:06	3426072	----a-w-	c:\windows\SysWow64\d3dx9_32.dll
2013-01-30 01:03 . 2013-01-30 01:03	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2013-01-29 21:13 . 2013-01-29 21:13	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-01-29 21:13 . 2013-01-29 21:13	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-28 10:53 . 2013-01-28 10:53	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-28 10:53 . 2013-01-28 10:53	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-28 10:52 . 2013-01-28 10:52	--------	d-----w-	c:\program files (x86)\Java
2013-01-26 20:49 . 2013-01-26 20:49	--------	d-----w-	c:\program files\EA Games
2013-01-26 15:14 . 2013-01-26 15:14	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-01-25 21:36 . 2013-01-31 14:52	--------	d-----w-	c:\program files (x86)\InstallShield Installation Information
2013-01-25 21:34 . 2005-05-26 14:34	3767504	----a-w-	c:\windows\system32\d3dx9_26.dll
2013-01-25 21:34 . 2005-05-26 14:34	2297552	----a-w-	c:\windows\SysWow64\d3dx9_26.dll
2013-01-25 21:34 . 2005-03-18 16:19	3823312	----a-w-	c:\windows\system32\d3dx9_25.dll
2013-01-25 21:28 . 2013-01-25 21:28	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-25 21:27 . 2013-01-25 21:28	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2013-01-25 21:27 . 2013-01-25 21:28	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2013-01-25 21:22 . 2013-01-25 21:22	--------	d-----w-	c:\program files (x86)\DAMN NFO Viewer
2013-01-25 12:01 . 2013-01-25 12:02	--------	d-----w-	c:\programdata\Ashampoo
2013-01-25 12:01 . 2013-01-25 12:01	--------	d-----w-	c:\program files (x86)\Ashampoo
2013-01-19 08:59 . 2013-01-19 08:59	--------	d-----w-	c:\program files (x86)\ImgBurn
2013-01-18 17:06 . 2013-01-18 17:06	--------	d-----w-	c:\program files\Microsoft SDKs
2013-01-18 17:06 . 2013-01-18 17:06	--------	d-----w-	c:\programdata\Microsoft Help
2013-01-17 22:10 . 2013-01-30 23:11	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-01-17 18:08 . 2013-01-17 18:08	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2013-01-17 00:21 . 2013-01-17 00:21	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-01-17 00:21 . 2013-01-17 00:21	--------	d-----r-	c:\program files (x86)\Skype
2013-01-17 00:21 . 2013-01-17 00:21	--------	d-----w-	c:\programdata\Skype
2013-01-17 00:21 . 2013-01-17 00:21	--------	d-----w-	c:\program files\7-Zip
2013-01-17 00:20 . 2013-01-17 00:20	960416	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:20 . 2013-01-17 00:20	1081760	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-01-17 00:13 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2013-01-17 00:13 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2013-01-17 00:13 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-16 23:59 . 2013-01-16 23:59	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-16 23:59 . 2013-01-16 23:59	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-16 23:59 . 2013-01-16 23:59	--------	d-----w-	c:\windows\SysWow64\Macromed
2013-01-16 23:59 . 2013-01-16 23:59	--------	d-----w-	c:\windows\system32\Macromed
2013-01-16 23:11 . 2013-01-16 23:11	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-01-16 22:47 . 2013-01-16 22:47	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-01-16 22:47 . 2013-01-16 22:47	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-01-16 22:10 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-01-16 22:10 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-01-16 22:10 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-01-16 22:10 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-01-16 22:09 . 2012-12-16 16:31	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-16 22:02 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-01-16 21:55 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-01-16 21:55 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-01-16 21:55 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-01-16 21:55 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-01-16 21:55 . 2010-09-30 10:41	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-01-16 21:55 . 2010-09-30 06:47	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-01-16 21:55 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-01-16 21:55 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-01-16 21:55 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-01-16 21:55 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-01-16 21:55 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-01-16 21:55 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-01-16 21:55 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-01-16 21:53 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-01-16 21:53 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-01-16 21:53 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-01-16 21:53 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-01-16 21:53 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-01-16 21:51 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2013-01-16 21:50 . 2012-11-30 05:45	362496	----a-w-	c:\windows\system32\wow64win.dll
2013-01-16 21:49 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-16 21:48 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-01-16 21:48 . 2011-06-16 05:49	199680	----a-w-	c:\windows\system32\xmllite.dll
2013-01-16 21:48 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2013-01-16 21:48 . 2011-02-24 06:15	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-16 21:48 . 2011-02-24 05:38	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-16 21:43 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-01-16 21:43 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-01-16 21:43 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-01-16 21:43 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-01-16 21:43 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-01-16 21:43 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-01-16 21:43 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-01-16 21:43 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2013-01-16 21:40 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2013-01-16 21:40 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-01-16 21:37 . 2013-01-16 21:37	--------	d-----w-	c:\program files\CCleaner
2013-01-16 19:48 . 2013-01-28 10:53	859552	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-16 19:48 . 2013-01-28 10:53	780192	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-16 19:44 . 2013-01-21 16:28	--------	d-----w-	c:\program files (x86)\Google
2013-01-16 19:37 . 2013-01-16 19:37	--------	d-----w-	c:\program files (x86)\AVG
2013-01-16 19:35 . 2013-02-01 18:18	--------	d-sh--w-	c:\windows\Installer
2013-01-16 19:35 . 2013-02-01 16:48	--------	d-----w-	c:\programdata\MFAData
2013-01-16 19:35 . 2013-01-16 19:35	--------	d--h--w-	c:\programdata\Common Files
2013-01-16 19:33 . 2013-01-16 19:33	--------	d-----w-	c:\program files\VideoLAN
2013-01-16 19:26 . 2006-12-31 23:00	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-01 18:17 . 2012-07-25 13:53	29528	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2013-02-01 18:17 . 2012-06-08 10:38	54104	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-02-01 18:17 . 2012-05-25 18:38	29016	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2012-11-30 04:45 . 2013-01-16 21:50	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-01 356376]
.
c:\users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-25 283200]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-02-01 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-02-01 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-02-01 29528]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 18:00]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50	755816	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\
FF - ExtSQL: 2013-01-17 01:02; {5C46D283-ABDE-4dce-B83C-08881401921C}; c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
FF - ExtSQL: 2013-01-22 00:05; {e9876d64-8bac-4287-bdc4-0f0c56804b4f}; c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
FF - ExtSQL: 2013-01-22 00:05; {2c93446d-612b-416d-9af0-b7355797b611}; c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
FF - ExtSQL: 2013-01-28 12:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-29 22:13; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-02-01 17:12; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-02-01 19:17; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-02-01 19:17; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-02-01 19:17; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-02-01 19:17; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-02-01 19:17; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-03  19:08:08
ComboFix-quarantined-files.txt  2013-02-03 18:08
.
Vor Suchlauf: 7 Verzeichnis(se), 219.628.269.568 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 219.807.547.392 Bytes frei
.
- - End Of File - - 85A0F34FCAEB0BA0D9AE0CCAEDC6959A

--- --- ---

--- --- ---

cosinus · 03.02.2013, 22:53

Sagmal, ist bei dir Kaspersky und AVG 2013 gleichzeitig am Rennen??!

keks60311 · 04.02.2013, 17:09

Zitat:

Zitat von cosinus

Sagmal, ist bei dir Kaspersky und AVG 2013 gleichzeitig am Rennen??!

haha, nein! xD
Ich hatte nur AVG Internet Security vor dem Scan deinstalliert, weil ich mal Kaspersky Internet Security testen wollte.
Ich benutze immer die 30 Tage testzeitraum und installiere mir dann einen anderen Virenscanner.
Also momentan läuft Kaspersky! Klar das du durcheinander gekommen bist. Vor dem Scann mit OTL habe ich AVG deinstalliert!!!

cosinus · 04.02.2013, 20:59

Zitat:

R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

Ich sehe da aber noch diese Dienste von AVG....hm

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

keks60311 · 05.02.2013, 00:17

Zitat:

Ich sehe da aber noch diese Dienste von AVG....hm

Allerdings!!! Das hat mich nun auch Aufmerksam gemacht und hab dies erstmal gecheckt.
Hier ein Interessanter Link zu dem Thema wie Hartnäckig AVG zu entfernen ist.
hxxp://www.chip.de/artikel/AVG-deinstallieren-So-entfernen-Sie-den-Scanner-restlos_49782854.html

Habe also nun mit dem Removertool, da es ja mit der normalen deinstallation nicht gereicht hat den AVG Scanner komplett und Restlos entfernt. Ich kann dazu aber sagen das ich zwar noch reste vom AVG drauf hatte die aber nicht gestartet worden sind. Also es waren keine zwei Virenscanner gleichzeitig installiert und am laufen.

Hier noch zum Abschluß die Logfiles vom adwcleaner und OTL. Bedenke bitte das ich vor der benutzung des adwcleaner und OTL das Removertool von AVG laufen lassen hab um die Reste zu entfernen.
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.110 - Datei am 04/02/2013 um 23:46:12 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Cookie - WIN7-DESKTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cookie\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\m4yjlyt7.default\prefs.js

Gelöscht : user_pref("de.soerenrinne.googlebuttons.wholeshebang", "3D Warehouse,Accounts,Ad Manager,Ad Planner,[...]

*************************

AdwCleaner[S1].txt - [824 octets] - [04/02/2013 23:46:12]

########## EOF - C:\AdwCleaner[S1].txt - [883 octets] ##########

--- --- ---

[/CODE]

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.02.2013 23:54:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cookie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,51% Memory free
7,39 Gb Paging File | 6,24 Gb Available in Paging File | 84,48% Paging File free
Paging file location(s): c:\pagefile.sys 4500 4500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 205,07 Gb Free Space | 82,03% Space Free | Partition Type: NTFS
Drive D: | 346,07 Gb Total Space | 320,58 Gb Free Space | 92,63% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-DESKTOP | User Name: Cookie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\Cookie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3844319302-4243950028-1711265524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3844319302-4243950028-1711265524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 79 AA 63 05 00 CE 01  [binary data]
IE - HKU\S-1-5-21-3844319302-4243950028-1711265524-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3844319302-4243950028-1711265524-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3844319302-4243950028-1711265524-1001\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B5C46D283-ABDE-4dce-B83C-08881401921C%7D:2.1.8.2
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.29 22:13:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.01 19:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.01 19:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.01 19:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.01 19:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.01 19:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.16 20:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\Extensions
[2013.02.04 17:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\Firefox\Profiles\m4yjlyt7.default\extensions
[2013.02.01 17:12:55 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Cookie\AppData\Roaming\mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.02.04 17:04:21 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Cookie\AppData\Roaming\mozilla\Firefox\Profiles\m4yjlyt7.default\extensions\zigboom@hotmail.com
[2013.01.29 19:15:59 | 000,018,203 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
[2013.01.17 01:02:20 | 000,234,233 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2013.01.31 22:50:00 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.22 00:05:10 | 000,016,100 | ---- | M] () (No name found) -- C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\m4yjlyt7.default\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
[2013.01.19 09:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.01 19:17:24 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2013.02.01 19:17:24 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2013.02.01 19:17:24 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2013.01.19 09:50:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-3844319302-4243950028-1711265524-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3844319302-4243950028-1711265524-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3844319302-4243950028-1711265524-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3844319302-4243950028-1711265524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3844319302-4243950028-1711265524-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE2B00C8-1CA7-4EA0-B270-29DE358C79DF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 19:36:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.03 19:08:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.03 18:51:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.03 18:51:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.03 18:51:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.03 18:51:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.03 18:51:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.03 18:49:33 | 005,029,877 | R--- | C] (Swearware) -- C:\Users\Cookie\Desktop\ComboFix.exe
[2013.02.02 17:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.01 19:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.02.01 19:00:33 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.02.01 19:00:14 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.02.01 19:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.02.01 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.02.01 19:00:05 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.01 19:00:05 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.02.01 18:43:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.01 17:34:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2013.02.01 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\QuickScan
[2013.02.01 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
[2013.02.01 16:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6
[2013.02.01 16:11:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.01.31 22:05:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.01.31 16:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2013.01.31 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\TrackMania
[2013.01.31 16:43:45 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013.01.31 16:43:45 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013.01.31 16:43:44 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013.01.31 16:43:44 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013.01.31 16:43:44 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013.01.31 16:43:44 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013.01.31 16:43:35 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013.01.31 16:43:35 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.01.31 16:43:34 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013.01.31 16:43:34 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013.01.31 16:43:34 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013.01.31 16:43:34 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013.01.31 16:43:33 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013.01.31 16:43:32 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013.01.31 16:43:32 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.01.31 16:43:30 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.01.31 16:43:30 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.01.31 16:43:28 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013.01.31 16:43:28 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013.01.31 16:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmUnitedForever
[2013.01.31 16:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmUnitedForever
[2013.01.31 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\Command & Conquer 3 Tiberium Wars
[2013.01.31 15:56:38 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.01.31 15:53:49 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\Bücher
[2013.01.31 15:46:22 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013.01.31 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.01.31 00:15:45 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\Updater
[2013.01.31 00:15:08 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Opera
[2013.01.31 00:11:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.01.31 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.01.31 00:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.01.31 00:09:25 | 000,000,000 | ---D | C] -- C:\PS_CS2_Gr_NonRet
[2013.01.30 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\TeamViewer
[2013.01.30 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\KeePass
[2013.01.30 02:15:40 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.01.30 02:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.30 02:15:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.30 02:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.01.30 02:14:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.01.30 02:14:20 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.01.30 02:14:20 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.01.30 02:14:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.01.30 02:14:19 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.01.30 02:14:19 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.01.30 02:14:19 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.01.30 02:14:19 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.01.30 02:14:17 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.01.30 02:14:17 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.01.30 02:14:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.01.30 02:14:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.01.30 02:14:02 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Windows Live
[2013.01.30 02:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.01.29 22:13:37 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.29 22:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 22:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.29 22:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\DVDVideoSoft
[2013.01.28 11:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.28 11:53:09 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.28 11:53:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.28 11:53:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.28 11:53:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.28 11:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.26 21:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2013.01.26 16:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.25 22:39:27 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Documents\My Games
[2013.01.25 22:38:31 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.01.25 22:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.25 22:34:42 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013.01.25 22:34:42 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013.01.25 22:34:36 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013.01.25 22:34:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.01.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.25 22:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.01.25 22:28:02 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.25 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\DAEMON Tools Lite
[2013.01.25 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.01.25 22:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.01.25 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer
[2013.01.25 13:02:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Ashampoo
[2013.01.25 13:02:09 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\ashampoo
[2013.01.25 13:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.01.25 13:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.01.25 13:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.01.25 13:01:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Programs
[2013.01.21 15:18:34 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Dropbox
[2013.01.21 15:15:34 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.21 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Dropbox
[2013.01.20 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\NVIDIA
[2013.01.20 20:51:45 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Google
[2013.01.20 20:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.01.19 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\ImgBurn
[2013.01.19 09:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.01.19 09:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013.01.19 09:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 18:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.0
[2013.01.18 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013.01.18 18:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.17 23:26:56 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\Dokumente
[2013.01.17 23:22:33 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\PCopt AG2
[2013.01.17 23:13:42 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Adobe
[2013.01.17 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.17 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.17 23:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.17 19:09:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\OpenOffice.org
[2013.01.17 19:08:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.01.17 19:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.01.17 19:01:38 | 000,000,000 | --SD | C] -- C:\Users\Cookie\Google Drive
[2013.01.17 19:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.01.17 16:19:16 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.01.17 16:19:16 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.01.17 16:19:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013.01.17 16:19:16 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013.01.17 16:19:15 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.01.17 16:19:15 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013.01.17 16:19:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013.01.17 16:19:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.01.17 16:19:12 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013.01.17 01:21:47 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Skype
[2013.01.17 01:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.17 01:21:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.17 01:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.17 01:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.17 01:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.17 01:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.17 01:20:08 | 001,081,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.01.17 01:20:08 | 000,960,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.01.17 01:13:06 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.17 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Macromedia
[2013.01.17 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Macromedia
[2013.01.17 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Adobe
[2013.01.17 00:59:37 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.17 00:59:37 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.17 00:59:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.17 00:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.17 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Thunderbird
[2013.01.17 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Thunderbird
[2013.01.17 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.16 23:10:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.01.16 23:10:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.01.16 23:02:04 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.01.16 23:00:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.01.16 23:00:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.01.16 23:00:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.01.16 23:00:46 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.01.16 23:00:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.01.16 23:00:46 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.01.16 23:00:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.01.16 23:00:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.01.16 23:00:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.01.16 23:00:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.01.16 23:00:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.01.16 23:00:45 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.01.16 23:00:45 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.01.16 23:00:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.01.16 23:00:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.01.16 23:00:45 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.01.16 23:00:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.01.16 23:00:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.01.16 23:00:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.01.16 23:00:44 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.01.16 23:00:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.01.16 23:00:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.01.16 23:00:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.01.16 23:00:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.01.16 23:00:44 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.01.16 23:00:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.01.16 23:00:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.01.16 23:00:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.01.16 23:00:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.01.16 23:00:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.01.16 23:00:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.01.16 23:00:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.01.16 23:00:42 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.16 23:00:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.01.16 23:00:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.01.16 23:00:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.01.16 23:00:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.01.16 23:00:41 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.01.16 23:00:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.01.16 23:00:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.01.16 23:00:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.01.16 23:00:41 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.01.16 23:00:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.01.16 23:00:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.01.16 23:00:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.01.16 23:00:40 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.01.16 23:00:40 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.01.16 23:00:40 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.01.16 23:00:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.01.16 23:00:40 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.01.16 23:00:40 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.01.16 23:00:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.01.16 23:00:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.01.16 23:00:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.01.16 23:00:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.01.16 23:00:39 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.01.16 23:00:39 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.01.16 23:00:39 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.01.16 23:00:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.01.16 23:00:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.01.16 23:00:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.01.16 23:00:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.01.16 23:00:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.01.16 23:00:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.01.16 23:00:38 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.01.16 23:00:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.01.16 23:00:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.01.16 23:00:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.01.16 23:00:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.01.16 23:00:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.01.16 23:00:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.01.16 23:00:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.01.16 22:55:50 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.16 22:55:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.16 22:55:50 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.01.16 22:55:50 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.01.16 22:55:50 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.16 22:55:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.16 22:55:15 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.01.16 22:55:15 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.01.16 22:55:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.01.16 22:55:15 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.01.16 22:53:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.01.16 22:53:48 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013.01.16 22:52:01 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.16 22:52:01 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.16 22:52:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.16 22:52:01 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.16 22:52:01 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.16 22:52:01 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.16 22:52:01 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.16 22:52:01 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.16 22:52:01 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.16 22:52:01 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.16 22:52:01 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.16 22:52:01 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.16 22:52:01 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.16 22:52:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.16 22:52:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.16 22:52:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.16 22:52:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.16 22:52:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.16 22:52:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.16 22:52:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.16 22:52:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.16 22:52:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.16 22:52:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.16 22:52:00 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.16 22:52:00 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.16 22:52:00 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.16 22:52:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.16 22:52:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.16 22:52:00 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.16 22:52:00 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.16 22:52:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.16 22:52:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.16 22:51:31 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.01.16 22:51:31 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.01.16 22:51:22 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013.01.16 22:50:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.16 22:50:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.16 22:50:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.16 22:50:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.16 22:50:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.16 22:50:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.16 22:50:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.16 22:50:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.16 22:50:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.16 22:50:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.16 22:50:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.16 22:50:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.16 22:50:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.16 22:50:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.16 22:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.16 22:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.16 22:50:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.16 22:50:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.16 22:50:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.16 22:50:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.16 22:50:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.16 22:50:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.16 22:50:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.16 22:50:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.16 22:50:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.16 22:50:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.16 22:50:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.01.16 22:50:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.01.16 22:50:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.01.16 22:50:44 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.01.16 22:50:44 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.01.16 22:50:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.01.16 22:50:44 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.01.16 22:50:44 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.01.16 22:50:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.01.16 22:50:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.01.16 22:50:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.01.16 22:50:34 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2013.01.16 22:50:34 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2013.01.16 22:50:34 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013.01.16 22:50:34 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013.01.16 22:50:29 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.01.16 22:50:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.01.16 22:50:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.01.16 22:50:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.01.16 22:50:27 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013.01.16 22:50:27 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013.01.16 22:50:23 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.16 22:50:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.01.16 22:50:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.01.16 22:50:20 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.01.16 22:50:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.01.16 22:50:19 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.01.16 22:50:15 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.01.16 22:50:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.01.16 22:50:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.01.16 22:50:13 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013.01.16 22:50:13 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2013.01.16 22:50:11 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2013.01.16 22:50:11 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2013.01.16 22:50:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2013.01.16 22:50:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2013.01.16 22:50:11 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2013.01.16 22:50:11 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2013.01.16 22:50:11 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2013.01.16 22:50:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2013.01.16 22:50:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2013.01.16 22:49:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.16 22:49:55 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013.01.16 22:49:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2013.01.16 22:49:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2013.01.16 22:49:52 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2013.01.16 22:49:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2013.01.16 22:49:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.01.16 22:49:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.01.16 22:49:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.01.16 22:49:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.16 22:49:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.01.16 22:49:47 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013.01.16 22:49:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013.01.16 22:49:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013.01.16 22:49:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.16 22:49:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.16 22:49:44 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.01.16 22:49:44 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013.01.16 22:49:43 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.01.16 22:49:43 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.01.16 22:49:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013.01.16 22:49:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.01.16 22:49:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013.01.16 22:49:42 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.01.16 22:49:41 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.01.16 22:49:41 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.01.16 22:49:41 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.01.16 22:49:40 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.01.16 22:49:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.01.16 22:49:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013.01.16 22:49:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013.01.16 22:49:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.01.16 22:49:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.01.16 22:49:23 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.01.16 22:49:23 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.01.16 22:49:23 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.01.16 22:49:23 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.01.16 22:49:23 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.01.16 22:49:23 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.01.16 22:49:23 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.01.16 22:49:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.01.16 22:49:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013.01.16 22:49:23 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.01.16 22:49:23 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.01.16 22:49:23 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.01.16 22:49:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013.01.16 22:49:21 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2013.01.16 22:49:21 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2013.01.16 22:49:21 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2013.01.16 22:49:21 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2013.01.16 22:49:21 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2013.01.16 22:49:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2013.01.16 22:49:20 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013.01.16 22:49:20 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013.01.16 22:49:18 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.01.16 22:49:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.01.16 22:49:16 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.01.16 22:49:15 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2013.01.16 22:49:14 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013.01.16 22:49:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2013.01.16 22:49:13 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.01.16 22:49:13 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.01.16 22:49:13 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.01.16 22:49:13 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.01.16 22:49:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2013.01.16 22:49:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2013.01.16 22:49:13 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2013.01.16 22:49:13 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2013.01.16 22:49:13 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2013.01.16 22:49:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.01.16 22:49:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.01.16 22:49:11 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.16 22:49:11 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2013.01.16 22:49:10 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013.01.16 22:49:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013.01.16 22:48:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2013.01.16 22:48:29 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.01.16 22:48:29 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.01.16 22:48:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.01.16 22:43:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.01.16 22:43:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.01.16 22:43:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.01.16 22:40:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.01.16 22:40:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.01.16 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.16 22:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.16 20:58:50 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\Tor Browser
[2013.01.16 20:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.01.16 20:48:04 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.01.16 20:48:04 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.16 20:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.01.16 20:44:24 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Google
[2013.01.16 20:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.16 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.01.16 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\TuneUp Software
[2013.01.16 20:35:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.16 20:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.16 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\vlc
[2013.01.16 20:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.16 20:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.16 20:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.01.16 20:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.16 20:31:25 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.01.16 20:31:25 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.01.16 20:31:25 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.01.16 20:31:25 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.01.16 20:31:25 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.01.16 20:31:09 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.01.16 20:31:09 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.01.16 20:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.01.16 20:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.01.16 20:26:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Mozilla
[2013.01.16 20:26:25 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Mozilla
[2013.01.16 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.16 20:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.16 20:23:04 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013.01.16 20:23:04 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013.01.16 20:19:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.16 20:19:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.16 20:19:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.16 20:19:27 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.16 20:19:27 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Searches
[2013.01.16 20:19:27 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.16 20:19:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.16 20:19:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.16 20:19:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.16 20:19:17 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.16 20:19:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.16 20:19:14 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Identities
[2013.01.16 20:19:04 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Contacts
[2013.01.16 20:19:02 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\VirtualStore
[2013.01.16 20:18:57 | 000,000,000 | --SD | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Videos
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Saved Games
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Pictures
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Music
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Links
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Favorites
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Downloads
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Documents
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Desktop
[2013.01.16 20:18:57 | 000,000,000 | R--D | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Vorlagen
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Verlauf
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Temporary Internet Files
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Startmenü
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\SendTo
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Recent
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Netzwerkumgebung
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Lokale Einstellungen
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\Eigene Videos
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\Eigene Musik
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Eigene Dateien
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\Eigene Bilder
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Druckumgebung
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Cookies
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Anwendungsdaten
[2013.01.16 20:18:57 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Anwendungsdaten
[2013.01.16 20:18:57 | 000,000,000 | -H-D | C] -- C:\Users\Cookie\AppData
[2013.01.16 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Temp
[2013.01.16 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Microsoft
[2013.01.16 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Media Center Programs
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.16 20:18:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.16 20:18:45 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.01.16 20:18:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.16 20:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.16 20:07:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.16 20:06:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 23:55:59 | 000,022,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 23:55:59 | 000,022,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 23:52:58 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.04 23:52:58 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.04 23:52:58 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.04 23:52:58 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.04 23:52:58 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.04 23:48:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 23:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 23:48:30 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 23:05:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 16:56:42 | 000,000,800 | ---- | M] () -- C:\Users\Cookie\Desktop\cookiesdata.lnk
[2013.02.03 18:50:09 | 005,029,877 | R--- | M] (Swearware) -- C:\Users\Cookie\Desktop\ComboFix.exe
[2013.02.01 19:17:21 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.01 19:17:21 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.02.01 19:17:21 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013.02.01 19:17:21 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013.02.01 19:01:21 | 000,002,344 | ---- | M] () -- C:\Users\Cookie\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.02.01 19:00:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.01 18:43:51 | 266,147,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.01 18:06:31 | 000,000,168 | ---- | M] () -- C:\Users\Cookie\defogger_reenable
[2013.02.01 17:34:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2013.02.01 16:14:47 | 000,001,015 | ---- | M] () -- C:\Users\Cookie\Desktop\Trojancheck.lnk
[2013.01.31 16:43:03 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2013.01.31 15:56:29 | 000,000,244 | ---- | M] () -- C:\Users\Cookie\Desktop\Command & Conquer 3 Tiberium Wars.lnk
[2013.01.31 14:33:42 | 000,319,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.31 00:11:37 | 000,001,385 | ---- | M] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.31 00:02:20 | 000,000,477 | ---- | M] () -- C:\Users\Cookie\Desktop\My_Book (I).lnk
[2013.01.30 20:06:36 | 000,001,364 | ---- | M] () -- C:\Users\Cookie\Desktop\Play Tiberian Sun.lnk
[2013.01.28 11:53:00 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.01.28 11:53:00 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.28 11:53:00 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.28 11:53:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.28 11:53:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.28 11:53:00 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.27 23:22:01 | 000,000,466 | ---- | M] () -- C:\Users\Cookie\Desktop\Data (D).lnk
[2013.01.26 16:53:52 | 000,000,699 | ---- | M] () -- C:\Users\Cookie\Desktop\altbinz_0.39.4.lnk
[2013.01.25 22:28:02 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.22 11:27:00 | 000,001,230 | ---- | M] () -- C:\Users\Cookie\Desktop\Calculator.lnk
[2013.01.21 15:28:37 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.21 15:22:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.17 19:01:39 | 000,001,680 | ---- | M] () -- C:\Users\Cookie\Desktop\Google Drive.lnk
[2013.01.17 01:33:33 | 000,000,636 | ---- | M] () -- C:\Users\Cookie\Desktop\Start Tor Browser.lnk
[2013.01.17 01:32:31 | 000,000,861 | ---- | M] () -- C:\Users\Cookie\Desktop\Downloads.lnk
[2013.01.17 01:20:02 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.01.17 01:20:02 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.01.17 00:59:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.17 00:59:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.16 23:00:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.01.16 23:00:46 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.01.16 23:00:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.01.16 23:00:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.01.16 23:00:46 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.01.16 23:00:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.01.16 23:00:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.01.16 23:00:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.01.16 23:00:46 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.01.16 23:00:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.01.16 23:00:46 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.01.16 23:00:45 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.01.16 23:00:45 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.01.16 23:00:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.01.16 23:00:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.01.16 23:00:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.16 23:00:45 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.01.16 23:00:45 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.01.16 23:00:44 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.01.16 23:00:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.01.16 23:00:44 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.01.16 23:00:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.01.16 23:00:44 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.01.16 23:00:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.01.16 23:00:44 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.01.16 23:00:44 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.01.16 23:00:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.01.16 23:00:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.01.16 23:00:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.01.16 23:00:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.01.16 23:00:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.01.16 23:00:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.01.16 23:00:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.01.16 23:00:42 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.16 23:00:42 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.01.16 23:00:42 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.01.16 23:00:41 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.01.16 23:00:41 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.01.16 23:00:41 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.01.16 23:00:41 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.01.16 23:00:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.01.16 23:00:41 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.01.16 23:00:41 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.01.16 23:00:41 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.01.16 23:00:41 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.01.16 23:00:40 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.01.16 23:00:40 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.01.16 23:00:40 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.01.16 23:00:40 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.01.16 23:00:40 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.01.16 23:00:40 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.01.16 23:00:40 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.01.16 23:00:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.01.16 23:00:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.01.16 23:00:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.01.16 23:00:39 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.01.16 23:00:39 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.01.16 23:00:39 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.01.16 23:00:39 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.01.16 23:00:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.01.16 23:00:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.01.16 23:00:38 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.01.16 23:00:38 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.01.16 23:00:38 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.01.16 23:00:38 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.01.16 23:00:38 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.01.16 23:00:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.01.16 23:00:38 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.01.16 23:00:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.01.16 23:00:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.01.16 23:00:38 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.01.16 23:00:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.16 23:00:38 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.01.16 23:00:38 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.01.16 20:44:26 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.01.16 20:26:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.16 20:10:47 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.16 20:10:47 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.16 20:09:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.02.04 16:56:42 | 000,000,800 | ---- | C] () -- C:\Users\Cookie\Desktop\cookiesdata.lnk
[2013.02.03 22:06:31 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.02.03 18:51:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.03 18:51:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.03 18:51:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.03 18:51:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.03 18:51:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.01 19:01:21 | 000,002,344 | ---- | C] () -- C:\Users\Cookie\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.02.01 19:00:50 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.01 18:43:51 | 266,147,898 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.01 18:06:31 | 000,000,168 | ---- | C] () -- C:\Users\Cookie\defogger_reenable
[2013.02.01 16:14:47 | 000,001,015 | ---- | C] () -- C:\Users\Cookie\Desktop\Trojancheck.lnk
[2013.01.31 16:43:03 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2013.01.31 15:56:29 | 000,000,244 | ---- | C] () -- C:\Users\Cookie\Desktop\Command & Conquer 3 Tiberium Wars.lnk
[2013.01.31 00:11:52 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.01.31 00:11:37 | 000,001,385 | ---- | C] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.31 00:11:22 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.01.31 00:11:03 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.01.31 00:11:02 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.01.31 00:02:20 | 000,000,477 | ---- | C] () -- C:\Users\Cookie\Desktop\My_Book (I).lnk
[2013.01.30 02:15:33 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.01.30 02:15:28 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.01.27 23:22:01 | 000,000,466 | ---- | C] () -- C:\Users\Cookie\Desktop\Data (D).lnk
[2013.01.26 23:52:19 | 000,001,364 | ---- | C] () -- C:\Users\Cookie\Desktop\Play Tiberian Sun.lnk
[2013.01.26 16:53:52 | 000,000,699 | ---- | C] () -- C:\Users\Cookie\Desktop\altbinz_0.39.4.lnk
[2013.01.22 11:27:00 | 000,001,230 | ---- | C] () -- C:\Users\Cookie\Desktop\Calculator.lnk
[2013.01.21 15:22:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.19 09:59:30 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.01.17 23:10:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.17 19:01:39 | 000,001,680 | ---- | C] () -- C:\Users\Cookie\Desktop\Google Drive.lnk
[2013.01.17 19:00:08 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.17 19:00:07 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.17 01:33:33 | 000,000,636 | ---- | C] () -- C:\Users\Cookie\Desktop\Start Tor Browser.lnk
[2013.01.17 01:32:31 | 000,000,861 | ---- | C] () -- C:\Users\Cookie\Desktop\Downloads.lnk
[2013.01.16 23:10:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.16 23:00:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.16 23:00:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.16 22:55:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.16 22:37:26 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.16 20:44:26 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.01.16 20:26:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.16 20:19:35 | 000,001,443 | ---- | C] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.16 20:19:35 | 000,001,409 | ---- | C] () -- C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.16 20:10:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.16 20:10:35 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.16 20:09:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.16 20:07:04 | 2414,481,408 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

03.02.2013, 01:29	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AVG unerwartet beendet (verdacht auf Keylogger/Trojaner) Sonntag hab ich leider Hausarbeit und Familienbesuch aufm Zettel Aber Sonntag Abends bin ich wohl da __________________ Logfiles bitte immer in CODE-Tags posten

03.02.2013, 22:53	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AVG unerwartet beendet (verdacht auf Keylogger/Trojaner) Sagmal, ist bei dir Kaspersky und AVG 2013 gleichzeitig am Rennen??! __________________ Logfiles bitte immer in CODE-Tags posten

AVG unerwartet beendet (verdacht auf Keylogger/Trojaner)

Log-Analyse und Auswertung: AVG unerwartet beendet (verdacht auf Keylogger/Trojaner)