Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.03.2013, 15:11   #1
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Hallo Trojaner-Board! Ich weiß nicht ganz ob es ein Fehlalarm war, aber ich geh lieber mal auf Nummer sicher. Also ich habe mir heute eine Software (.zip Archiv) auf dem Dekstop heruntergeladen. Ich habe das Archiv geöffnet (mit Win-Rar), und den Ordner der drin war (Name 64bit) auf den Desktop gezogen. In dem Moment kam ein Pop-up von AntiVir, dass der Echtzeitscanner den Virus TR/Crypt.XPACK.Gen7 gefunden hätte. Das Log poste ich. Danach habe ich einen Vollscan mit Antivir gemacht, Log poste ich ebenfalls. Und dann wie beschrieben die Schritte mit defugger, OTL und gmer.
PS. Nach den Scans mit OTL und GMER ist der PC nicht ordnungsgemäß heruntergefahren, musste dann den Strom wegnehmen.

Vielen Dank im Voraus!

AntiVir Echtzeitscanner-log
Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 8. März 2013  10:58


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : JULIAN-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.3185    47702 Bytes  30.01.2013 10:05:00
AVSCAN.EXE     : 13.6.0.584    640224 Bytes  24.02.2013 15:45:49
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  24.02.2013 15:45:49
LUKE.DLL       : 13.6.0.602     67808 Bytes  24.02.2013 15:46:52
AVSCPLR.DLL    : 13.6.0.628     94432 Bytes  24.02.2013 15:48:24
AVREG.DLL      : 13.6.0.600    250592 Bytes  24.02.2013 15:48:23
avlode.dll     : 13.6.2.624    434912 Bytes  24.02.2013 15:48:25
avlode.rdf     : 13.0.0.38      15231 Bytes  24.02.2013 15:48:24
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 15:38:30
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 15:39:35
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 15:40:54
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 15:41:19
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 15:41:43
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 15:42:04
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 15:42:33
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 15:42:53
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 15:43:27
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 15:43:27
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 15:43:27
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 15:43:28
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 15:43:28
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 15:43:29
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 15:43:31
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 15:43:34
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 15:43:35
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 15:43:36
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 15:43:37
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 15:43:40
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 15:43:41
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 15:43:42
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 15:43:43
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 15:41:24
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 09:22:12
VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 11:42:45
VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 17:30:33
VBASE027.VDF   : 7.11.63.211   212480 Bytes  06.03.2013 16:05:36
VBASE028.VDF   : 7.11.63.212     2048 Bytes  06.03.2013 16:05:36
VBASE029.VDF   : 7.11.63.213     2048 Bytes  06.03.2013 16:05:36
VBASE030.VDF   : 7.11.63.214     2048 Bytes  06.03.2013 16:05:36
VBASE031.VDF   : 7.11.64.16    188928 Bytes  08.03.2013 09:32:23
Engineversion  : 8.2.12.10 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  24.02.2013 15:44:31
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  24.02.2013 15:44:30
AESCN.DLL      : 8.1.10.0      131445 Bytes  24.02.2013 15:44:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  24.02.2013 15:44:31
AERDL.DLL      : 8.2.0.88      643444 Bytes  24.02.2013 15:44:29
AEPACK.DLL     : 8.3.1.12      815480 Bytes  28.02.2013 20:05:58
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  24.02.2013 15:44:24
AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  28.02.2013 20:05:57
AEHELP.DLL     : 8.1.25.2      258423 Bytes  24.02.2013 15:43:49
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.02.2013 15:43:47
AEEXP.DLL      : 8.4.0.6       192885 Bytes  28.02.2013 20:05:58
AEEMU.DLL      : 8.1.3.2       393587 Bytes  24.02.2013 15:43:46
AECORE.DLL     : 8.1.31.2      201080 Bytes  24.02.2013 15:43:45
AEBB.DLL       : 8.1.1.4        53619 Bytes  24.02.2013 15:43:45
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  24.02.2013 15:36:28
AVPREF.DLL     : 13.6.0.480     51056 Bytes  24.02.2013 15:45:47
AVREP.DLL      : 13.6.0.480    178544 Bytes  24.02.2013 15:48:23
AVARKT.DLL     : 13.6.0.624    260832 Bytes  24.02.2013 15:45:33
AVEVTLOG.DLL   : 13.6.0.600    167648 Bytes  24.02.2013 15:45:42
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  24.02.2013 15:47:39
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  24.02.2013 15:45:53
NETNT.DLL      : 13.6.0.480     16240 Bytes  24.02.2013 15:47:16
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  24.02.2013 15:36:32
RCTEXT.DLL     : 13.6.0.480     68976 Bytes  24.02.2013 15:36:32

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5139aef2\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Freitag, 8. März 2013  10:58

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinRAR.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Julian\AppData\Local\Temp\Rar$DR00.626\64bit\plugins\GraphicsCapture\injectHelper.exe'
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.626\64bit\plugins\GraphicsCapture\injectHelper.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58c92688.qua' verschoben!


Ende des Suchlaufs: Freitag, 8. März 2013  10:58
Benötigte Zeit: 00:08 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   1575 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   1574 Dateien ohne Befall
      2 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         
AntiVir Vollständige Systemprüfung:
Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 8. März 2013  11:34


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Admin
Computername   : JULIAN-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.3185    47702 Bytes  30.01.2013 10:05:00
AVSCAN.EXE     : 13.6.0.584    640224 Bytes  24.02.2013 15:45:49
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  24.02.2013 15:45:49
LUKE.DLL       : 13.6.0.602     67808 Bytes  24.02.2013 15:46:52
AVSCPLR.DLL    : 13.6.0.628     94432 Bytes  24.02.2013 15:48:24
AVREG.DLL      : 13.6.0.600    250592 Bytes  24.02.2013 15:48:23
avlode.dll     : 13.6.2.624    434912 Bytes  24.02.2013 15:48:25
avlode.rdf     : 13.0.0.38      15231 Bytes  24.02.2013 15:48:24
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 15:38:30
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 15:39:35
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 15:40:54
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 15:41:19
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 15:41:43
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 15:42:04
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 15:42:33
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 15:42:53
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 15:43:27
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 15:43:27
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 15:43:27
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 15:43:28
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 15:43:28
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 15:43:29
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 15:43:31
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 15:43:34
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 15:43:35
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 15:43:36
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 15:43:37
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 15:43:40
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 15:43:41
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 15:43:42
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 15:43:43
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 15:41:24
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 09:22:12
VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 11:42:45
VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 17:30:33
VBASE027.VDF   : 7.11.63.211   212480 Bytes  06.03.2013 16:05:36
VBASE028.VDF   : 7.11.63.212     2048 Bytes  06.03.2013 16:05:36
VBASE029.VDF   : 7.11.63.213     2048 Bytes  06.03.2013 16:05:36
VBASE030.VDF   : 7.11.63.214     2048 Bytes  06.03.2013 16:05:36
VBASE031.VDF   : 7.11.64.16    188928 Bytes  08.03.2013 09:32:23
Engineversion  : 8.2.12.10 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  24.02.2013 15:44:31
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  24.02.2013 15:44:30
AESCN.DLL      : 8.1.10.0      131445 Bytes  24.02.2013 15:44:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  24.02.2013 15:44:31
AERDL.DLL      : 8.2.0.88      643444 Bytes  24.02.2013 15:44:29
AEPACK.DLL     : 8.3.1.12      815480 Bytes  28.02.2013 20:05:58
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  24.02.2013 15:44:24
AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  28.02.2013 20:05:57
AEHELP.DLL     : 8.1.25.2      258423 Bytes  24.02.2013 15:43:49
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.02.2013 15:43:47
AEEXP.DLL      : 8.4.0.6       192885 Bytes  28.02.2013 20:05:58
AEEMU.DLL      : 8.1.3.2       393587 Bytes  24.02.2013 15:43:46
AECORE.DLL     : 8.1.31.2      201080 Bytes  24.02.2013 15:43:45
AEBB.DLL       : 8.1.1.4        53619 Bytes  24.02.2013 15:43:45
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  24.02.2013 15:36:28
AVPREF.DLL     : 13.6.0.480     51056 Bytes  24.02.2013 15:45:47
AVREP.DLL      : 13.6.0.480    178544 Bytes  24.02.2013 15:48:23
AVARKT.DLL     : 13.6.0.624    260832 Bytes  24.02.2013 15:45:33
AVEVTLOG.DLL   : 13.6.0.600    167648 Bytes  24.02.2013 15:45:42
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  24.02.2013 15:47:39
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  24.02.2013 15:45:53
NETNT.DLL      : 13.6.0.480     16240 Bytes  24.02.2013 15:47:16
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  24.02.2013 15:36:32
RCTEXT.DLL     : 13.6.0.480     68976 Bytes  24.02.2013 15:36:32

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, J:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 8. März 2013  11:34

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'J:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3732' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
    [0] Archivtyp: RSRC
    --> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
        [1] Archivtyp: RSRC
      --> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe
          [2] Archivtyp: RSRC
        --> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
            [3] Archivtyp: RSRC
          --> C:\Users\Julian\AppData\Local\Temp\Rar$DR00.375\OBS_0473b_test8.zip
              [4] Archivtyp: ZIP
            --> 64bit/plugins/GraphicsCapture/injectHelper.exe
                [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.375\OBS_0473b_test8.zip
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'J:\'

Beginne mit der Desinfektion:
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.375\OBS_0473b_test8.zip
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen7
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ab7096.qua' verschoben!


Ende des Suchlaufs: Freitag, 8. März 2013  12:48
Benötigte Zeit:  1:13:00 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  36757 Verzeichnisse wurden überprüft
 1205170 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1205168 Dateien ohne Befall
  15746 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
 573865 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
OTL.txt
Code:
ATTFilter
 OTL logfile created on: 08.03.2013 14:17:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,69 Gb Available Physical Memory | 83,59% Memory free
16,00 Gb Paging File | 14,54 Gb Available in Paging File | 90,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,81 Gb Total Space | 438,19 Gb Free Space | 93,07% Space Free | Partition Type: NTFS
Drive D: | 460,60 Gb Total Space | 450,25 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Julian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {14B63DCC-8949-4A54-B7D8-298BC8B8BD5D}
IE - HKCU\..\SearchScopes\{14B63DCC-8949-4A54-B7D8-298BC8B8BD5D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: NotScripts = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448EAC2C-0FC3-449F-8DC5-6D3597F2E9D6}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 10:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.03.05 08:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.02 22:31:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.03.02 19:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.01 14:28:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.03.01 14:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.02.27 10:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.27 10:29:34 | 000,000,000 | ---D | C] -- D:\Users\Admin\Desktop\Meine Dateien
[2013.02.25 20:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\logs
[2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.techniclauncher
[2013.02.25 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nero
[2013.02.25 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Ahead
[2013.02.25 16:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.02.24 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games
[2013.02.24 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps
[2013.02.24 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.02.24 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.24 21:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.24 21:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.02.24 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.02.24 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
[2013.02.24 19:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.24 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2013.02.24 18:13:10 | 000,019,976 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\authuitu.dll
[2013.02.24 18:13:10 | 000,016,904 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\authuitu.dll
[2013.02.24 18:13:09 | 000,029,704 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.02.24 18:13:08 | 000,036,360 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll
[2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007
[2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2007
[2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2013.02.24 18:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.02.24 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2013.02.24 17:29:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2013.02.24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.24 17:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.02.24 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.24 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype
[2013.02.24 17:10:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.24 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.02.24 17:05:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2013.02.24 17:03:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.24 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.02.24 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2013.02.24 17:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.02.24 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2013.02.24 16:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google
[2013.02.24 16:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.24 16:49:06 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.24 16:49:06 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.24 16:49:06 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.24 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.02.24 16:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.24 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NVIDIA
[2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Logitech
[2013.02.24 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.02.24 16:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.24 16:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.24 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech
[2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd
[2013.02.24 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.02.24 16:32:08 | 000,015,368 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013.02.24 16:30:33 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.02.24 16:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.02.24 16:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013.02.24 16:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.24 16:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013.02.24 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.24 16:26:27 | 000,000,000 | ---D | C] -- C:\Intel
[2013.02.24 16:24:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.24 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.02.24 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.02.24 16:24:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.24 16:24:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.24 16:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.24 16:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.02.24 16:23:32 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.24 16:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2013.02.24 16:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2013.02.24 16:20:22 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2013.02.24 16:20:22 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.24 16:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.24 16:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.02.24 16:12:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.02.24 16:11:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.02.24 15:27:16 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013.02.24 15:27:16 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013.02.24 15:27:15 | 000,248,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013.02.24 15:26:02 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.08 14:19:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 14:19:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 14:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.08 14:16:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.08 14:16:21 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.08 14:16:21 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.08 14:16:21 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.08 14:16:21 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.08 14:12:14 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.08 14:11:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.08 14:11:28 | 2146,762,751 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 12:52:13 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.03.05 08:49:02 | 000,002,123 | ---- | M] () -- D:\Users\Admin\Desktop\Google Chrome.lnk
[2013.02.25 18:47:04 | 000,001,430 | ---- | M] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk
[2013.02.25 18:36:00 | 000,703,117 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar
[2013.02.24 21:37:49 | 000,000,600 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2013.02.24 21:10:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.24 19:40:50 | 000,002,222 | ---- | M] () -- D:\Users\Admin\Desktop\Minecraft.lnk
[2013.02.24 19:03:31 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.02.24 19:03:18 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.24 18:26:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.24 18:26:21 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.24 17:07:19 | 000,001,050 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.24 16:48:22 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.24 16:48:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.24 16:48:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.24 16:14:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.02.10 04:25:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.10 04:25:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2013.03.08 12:52:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.03.05 08:49:02 | 000,002,123 | ---- | C] () -- D:\Users\Admin\Desktop\Google Chrome.lnk
[2013.02.27 10:29:47 | 000,002,222 | ---- | C] () -- D:\Users\Admin\Desktop\Minecraft.lnk
[2013.02.27 10:29:47 | 000,001,430 | ---- | C] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk
[2013.02.25 18:35:57 | 000,703,117 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar
[2013.02.24 21:19:23 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2013.02.24 21:14:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.24 21:10:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.24 18:38:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.24 18:26:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.24 18:26:21 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.24 18:13:13 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.02.24 18:13:07 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007.lnk
[2013.02.24 18:01:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.24 17:12:47 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.24 17:12:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.24 17:07:18 | 000,001,050 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.24 16:27:22 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2013.02.24 16:24:05 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.24 16:21:38 | 000,001,405 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.24 16:21:35 | 000,001,439 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.24 16:15:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.24 16:15:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.24 16:14:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.02.24 16:12:18 | 2146,762,751 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2012.06.19 13:54:28 | 000,038,381 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.203\l.class
[2012.10.25 22:15:26 | 000,000,642 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.250\reifnsk\minimap\n.png
[2012.10.25 22:15:26 | 000,000,268 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.250\reifnsk\minimap\zantextures\n.png
[2012.10.25 22:15:26 | 000,000,642 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.328\reifnsk\minimap\n.png
[2012.10.25 22:15:26 | 000,000,268 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.328\reifnsk\minimap\zantextures\n.png
[2012.06.13 23:11:04 | 000,038,381 | ---- | M] () -- C:\Users\Julian\AppData\Local\Temp\Rar$DR00.906\l.class
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2013.02.25 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.techniclauncher
[2013.02.27 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2013.02.24 21:48:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.02.24 16:40:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.02.25 18:59:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\logs
[2013.02.24 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2013.03.04 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2013.02.24 18:13:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
 OTL Extras logfile created on: 08.03.2013 14:17:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,69 Gb Available Physical Memory | 83,59% Memory free
16,00 Gb Paging File | 14,54 Gb Available in Paging File | 90,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,81 Gb Total Space | 438,19 Gb Free Space | 93,07% Space Free | Partition Type: NTFS
Drive D: | 460,60 Gb Total Space | 450,25 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{252F1E16-E5E6-4971-8A78-46FD091E1A70}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{58676EDE-E938-4B8B-BEAF-3B306A0C1C2B}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5F59F5C6-C673-418E-80AB-8B0FB654A398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FD17122-0BD7-4CC6-A3B7-48101FFD1AC3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63E0170E-ACDF-46DF-976C-E3BEC5061639}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6CB23481-F30E-4AC1-B4CC-36F091BF9DEB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{82323116-8164-4BE9-88EC-E2602B664BF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0380429-0722-4CE0-8B1E-937917EEB810}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA69FA37-F0AC-4DCD-B34B-D4F60E930A0C}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CDDAF99C-CCEF-43E5-99B8-A0D4B623A326}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D57B9187-5522-4BE7-A89A-D0D8B634299D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DC3EABEA-F6B2-4C26-A4C7-7FEB66CB2A10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DC615DFD-05CB-484E-BB24-7B36AB9B6691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{78834E93-0C17-412A-90AD-C808C1175487}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{78C70488-7709-4AF4-A2C5-23AC1FB07B92}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{CFB71FED-8FB6-4577-B0D6-52295FB53622}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{F1AF5481-04C9-4A47-AC1B-D624971DFEEC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{10EF208B-3A2D-4990-A4D4-44CA8967A546}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9057E640-6DF9-4ABE-BD3F-27712BA1AC1A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{909726B0-814E-4BFA-8709-86A60BCE11DB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{E1835FB9-3BD8-43F4-AA93-A78293006CE6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 5.1.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2013 03:42:32 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.03.2013 13:52:11 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.03.2013 05:43:10 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.03.2013 12:01:56 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 14:31:49 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 05:28:57 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 07:59:06 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f5c    Startzeit: 
01ce1bf3b12ad8b3    Endzeit: 0    Anwendungspfad: D:\Users\Julian\Desktop\OTL.exe    Berichts-ID:
   
 
Error - 08.03.2013 09:13:20 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 09:15:54 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ebc    Startzeit: 
01ce1bfeda4546fd    Endzeit: 15    Anwendungspfad: D:\Users\Julian\Desktop\OTL.exe    Berichts-ID:
   
 
Error - 08.03.2013 09:17:19 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 724    Startzeit: 
01ce1bff32b0706d    Endzeit: 3    Anwendungspfad: D:\Users\Julian\Desktop\OTL.exe    Berichts-ID:
   
 
[ System Events ]
Error - 02.03.2013 17:31:25 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 03.03.2013 10:47:01 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 04.03.2013 13:25:07 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 05.03.2013 03:40:58 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 05.03.2013 13:50:40 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 06.03.2013 05:41:27 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 06.03.2013 12:00:09 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 07.03.2013 14:30:08 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 08.03.2013 05:27:10 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 08.03.2013 09:11:43 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
 
< End of report >
         
gmer.log
Code:
ATTFilter
 GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 14:43:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EAVS-00D7B1 rev.01.01A01 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxdiqpod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075551465 2 bytes [55, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755514bb 2 bytes [55, 75]
.text  ...                                                                                                                                      * 2

---- EOF - GMER 2.1 ----
         

Alt 08.03.2013, 16:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Hallo und

Zitat:
C:\Users\Julian\AppData\Local\Temp\Rar$DR00.626\64bit\plugins\GraphicsCapture\injectHelper.exe
Irgendeine Idee was das sein kann?
Sagt dir GraphicsCapture bzw injectHelper etwas?
__________________

__________________

Alt 08.03.2013, 16:59   #3
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und



Irgendeine Idee was das sein kann?
Sagt dir GraphicsCapture bzw injectHelper etwas?
Ich vermute dass gehört zum Open Broadcaster Software (OBS), die ich ja von dem Archiv auf den Desktop gezogen habe.

Vielen Dank für deine schnelle Antwort!
__________________

Geändert von Julian84 (08.03.2013 um 17:13 Uhr) Grund: Ergänzung

Alt 08.03.2013, 17:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 17:42   #5
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Okay, dann werde ich deine Anleitung heute Abend durch arbeiten. Eine Frage noch, muss ich vor den Scanns die Internetverbindung trennen oder AntiVir ausschalten?


Alt 08.03.2013, 19:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Die Internetverbindung muss aktiv sein, da die Tools neue Signaturen runterladen
__________________
--> TR/Crypt.XPACK.Gen7

Alt 08.03.2013, 19:49   #7
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Hier die Logs:

MBAR:
Code:
ATTFilter
 Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: JULIAN-PC [administrator]

08.03.2013 19:27:43
mbar-log-2013-03-08 (19-27-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29229
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR:
Code:
ATTFilter
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 19:30:38
-----------------------------
19:30:38.161    OS Version: Windows x64 6.1.7601 Service Pack 1
19:30:38.161    Number of processors: 4 586 0x170A
19:30:38.161    ComputerName: JULIAN-PC  UserName: Admin
19:30:39.895    Initialize success
19:33:33.141    AVAST engine defs: 13030800
19:34:23.476    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
19:34:23.492    Disk 0 Vendor: WDC_WD10EAVS-00D7B1 01.01A01 Size: 953869MB BusType: 3
19:34:23.492    Disk 0 MBR read successfully
19:34:23.492    Disk 0 MBR scan
19:34:23.492    Disk 0 Windows 7 default MBR code
19:34:23.507    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:34:23.507    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       482114 MB offset 206848
19:34:23.539    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       471652 MB offset 987576320
19:34:23.554    Disk 0 scanning C:\Windows\system32\drivers
19:34:28.500    Service scanning
19:34:42.845    Modules scanning
19:34:42.845    Disk 0 trace - called modules:
19:34:42.861    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:34:42.861    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800786f060]
19:34:42.861    3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80075aa9b0]
19:34:42.876    5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80075c5060]
19:34:44.673    AVAST engine scan C:\Windows
19:34:46.424    AVAST engine scan C:\Windows\system32
19:36:23.000    AVAST engine scan C:\Windows\system32\drivers
19:36:29.411    AVAST engine scan C:\Users\Admin
19:37:47.972    AVAST engine scan C:\ProgramData
19:37:56.894    Scan finished successfully
19:39:49.422    Disk 0 MBR has been saved successfully to "D:\Users\Admin\Desktop\MBR.dat"
19:39:49.422    The log file has been saved successfully to "D:\Users\Admin\Desktop\aswMBR.txt"
19:40:14.797    Disk 0 MBR has been saved successfully to "D:\Users\Julian\Desktop\MBR.dat"
19:40:14.797    The log file has been saved successfully to "D:\Users\Julian\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
 19:43:36.0698 0656  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:43:36.0852 0656  ============================================================
19:43:36.0852 0656  Current date / time: 2013/03/08 19:43:36.0852
19:43:36.0852 0656  SystemInfo:
19:43:36.0852 0656  
19:43:36.0852 0656  OS Version: 6.1.7601 ServicePack: 1.0
19:43:36.0852 0656  Product type: Workstation
19:43:36.0852 0656  ComputerName: JULIAN-PC
19:43:36.0852 0656  UserName: Admin
19:43:36.0852 0656  Windows directory: C:\Windows
19:43:36.0852 0656  System windows directory: C:\Windows
19:43:36.0852 0656  Running under WOW64
19:43:36.0852 0656  Processor architecture: Intel x64
19:43:36.0852 0656  Number of processors: 4
19:43:36.0852 0656  Page size: 0x1000
19:43:36.0852 0656  Boot type: Normal boot
19:43:36.0852 0656  ============================================================
19:43:37.0661 0656  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:37.0663 0656  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:43:38.0096 0656  ============================================================
19:43:38.0096 0656  \Device\Harddisk0\DR0:
19:43:38.0096 0656  MBR partitions:
19:43:38.0096 0656  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:43:38.0096 0656  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3ADA1000
19:43:38.0096 0656  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3ADD3800, BlocksNum 0x39932000
19:43:38.0096 0656  \Device\Harddisk1\DR1:
19:43:38.0106 0656  MBR partitions:
19:43:38.0106 0656  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
19:43:38.0106 0656  ============================================================
19:43:38.0128 0656  C: <-> \Device\Harddisk0\DR0\Partition2
19:43:38.0174 0656  D: <-> \Device\Harddisk0\DR0\Partition3
19:43:38.0188 0656  J: <-> \Device\Harddisk1\DR1\Partition1
19:43:38.0188 0656  ============================================================
19:43:38.0188 0656  Initialize success
19:43:38.0188 0656  ============================================================
19:43:59.0784 3440  ============================================================
19:43:59.0784 3440  Scan started
19:43:59.0784 3440  Mode: Manual; SigCheck; TDLFS; 
19:43:59.0784 3440  ============================================================
19:44:00.0456 3440  ================ Scan system memory ========================
19:44:00.0456 3440  System memory - ok
19:44:00.0456 3440  ================ Scan services =============================
19:44:00.0565 3440  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:44:00.0643 3440  1394ohci - ok
19:44:00.0659 3440  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:44:00.0690 3440  ACPI - ok
19:44:00.0690 3440  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:44:00.0721 3440  AcpiPmi - ok
19:44:00.0737 3440  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:44:00.0752 3440  adp94xx - ok
19:44:00.0768 3440  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:44:00.0799 3440  adpahci - ok
19:44:00.0799 3440  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:44:00.0815 3440  adpu320 - ok
19:44:00.0846 3440  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:44:00.0877 3440  AeLookupSvc - ok
19:44:00.0909 3440  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:44:00.0956 3440  AFD - ok
19:44:00.0987 3440  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:44:01.0002 3440  agp440 - ok
19:44:01.0002 3440  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:44:01.0049 3440  ALG - ok
19:44:01.0065 3440  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:44:01.0081 3440  aliide - ok
19:44:01.0081 3440  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:44:01.0096 3440  amdide - ok
19:44:01.0112 3440  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:44:01.0143 3440  AmdK8 - ok
19:44:01.0143 3440  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:44:01.0174 3440  AmdPPM - ok
19:44:01.0190 3440  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:44:01.0221 3440  amdsata - ok
19:44:01.0221 3440  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:44:01.0237 3440  amdsbs - ok
19:44:01.0252 3440  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:44:01.0268 3440  amdxata - ok
19:44:01.0346 3440  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:44:01.0377 3440  AntiVirSchedulerService - ok
19:44:01.0409 3440  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:44:01.0440 3440  AntiVirService - ok
19:44:01.0487 3440  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:44:01.0534 3440  AppID - ok
19:44:01.0549 3440  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:44:01.0596 3440  AppIDSvc - ok
19:44:01.0627 3440  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:44:01.0674 3440  Appinfo - ok
19:44:01.0721 3440  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:01.0752 3440  Apple Mobile Device - ok
19:44:01.0768 3440  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:44:01.0784 3440  arc - ok
19:44:01.0799 3440  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:44:01.0815 3440  arcsas - ok
19:44:01.0846 3440  [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
19:44:01.0862 3440  AsrAppCharger - ok
19:44:01.0877 3440  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:01.0924 3440  AsyncMac - ok
19:44:01.0924 3440  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:44:01.0940 3440  atapi - ok
19:44:01.0987 3440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:02.0065 3440  AudioEndpointBuilder - ok
19:44:02.0081 3440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:44:02.0127 3440  AudioSrv - ok
19:44:02.0143 3440  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:44:02.0159 3440  avgntflt - ok
19:44:02.0174 3440  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:44:02.0190 3440  avipbb - ok
19:44:02.0206 3440  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:44:02.0206 3440  avkmgr - ok
19:44:02.0221 3440  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:44:02.0268 3440  AxInstSV - ok
19:44:02.0299 3440  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:44:02.0331 3440  b06bdrv - ok
19:44:02.0362 3440  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:02.0409 3440  b57nd60a - ok
19:44:02.0440 3440  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:44:02.0456 3440  BDESVC - ok
19:44:02.0471 3440  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:44:02.0518 3440  Beep - ok
19:44:02.0565 3440  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:44:02.0612 3440  BFE - ok
19:44:02.0659 3440  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:44:02.0706 3440  BITS - ok
19:44:02.0721 3440  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:02.0752 3440  blbdrive - ok
19:44:02.0768 3440  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:44:02.0784 3440  bowser - ok
19:44:02.0815 3440  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:44:02.0846 3440  BrFiltLo - ok
19:44:02.0846 3440  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:44:02.0862 3440  BrFiltUp - ok
19:44:02.0877 3440  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:44:02.0893 3440  Browser - ok
19:44:02.0909 3440  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:44:02.0940 3440  Brserid - ok
19:44:02.0940 3440  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:02.0971 3440  BrSerWdm - ok
19:44:02.0971 3440  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:02.0987 3440  BrUsbMdm - ok
19:44:03.0002 3440  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:03.0018 3440  BrUsbSer - ok
19:44:03.0018 3440  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:44:03.0049 3440  BTHMODEM - ok
19:44:03.0081 3440  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:44:03.0112 3440  bthserv - ok
19:44:03.0143 3440  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:44:03.0174 3440  cdfs - ok
19:44:03.0206 3440  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:44:03.0221 3440  cdrom - ok
19:44:03.0237 3440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:44:03.0299 3440  CertPropSvc - ok
19:44:03.0299 3440  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:44:03.0331 3440  circlass - ok
19:44:03.0346 3440  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:44:03.0377 3440  CLFS - ok
19:44:03.0440 3440  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:03.0456 3440  clr_optimization_v2.0.50727_32 - ok
19:44:03.0487 3440  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:03.0502 3440  clr_optimization_v2.0.50727_64 - ok
19:44:03.0549 3440  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:03.0565 3440  clr_optimization_v4.0.30319_32 - ok
19:44:03.0581 3440  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:03.0596 3440  clr_optimization_v4.0.30319_64 - ok
19:44:03.0627 3440  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:44:03.0659 3440  CmBatt - ok
19:44:03.0659 3440  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:44:03.0674 3440  cmdide - ok
19:44:03.0706 3440  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:44:03.0737 3440  CNG - ok
19:44:03.0752 3440  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:44:03.0752 3440  Compbatt - ok
19:44:03.0768 3440  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:44:03.0799 3440  CompositeBus - ok
19:44:03.0815 3440  COMSysApp - ok
19:44:03.0831 3440  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:44:03.0846 3440  crcdisk - ok
19:44:03.0893 3440  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:44:03.0909 3440  CryptSvc - ok
19:44:03.0940 3440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:44:03.0987 3440  DcomLaunch - ok
19:44:04.0018 3440  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:44:04.0081 3440  defragsvc - ok
19:44:04.0096 3440  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:44:04.0143 3440  DfsC - ok
19:44:04.0159 3440  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:44:04.0190 3440  Dhcp - ok
19:44:04.0206 3440  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:44:04.0252 3440  discache - ok
19:44:04.0268 3440  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:44:04.0299 3440  Disk - ok
19:44:04.0315 3440  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:44:04.0346 3440  Dnscache - ok
19:44:04.0362 3440  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:44:04.0409 3440  dot3svc - ok
19:44:04.0409 3440  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:44:04.0456 3440  DPS - ok
19:44:04.0487 3440  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:44:04.0518 3440  drmkaud - ok
19:44:04.0549 3440  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:44:04.0581 3440  DXGKrnl - ok
19:44:04.0596 3440  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:44:04.0627 3440  EapHost - ok
19:44:04.0706 3440  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:44:04.0752 3440  ebdrv - ok
19:44:04.0784 3440  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:44:04.0815 3440  EFS - ok
19:44:04.0862 3440  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:44:04.0893 3440  ehRecvr - ok
19:44:04.0909 3440  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:44:04.0924 3440  ehSched - ok
19:44:04.0971 3440  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:44:04.0987 3440  elxstor - ok
19:44:05.0002 3440  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:44:05.0018 3440  ErrDev - ok
19:44:05.0049 3440  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:44:05.0112 3440  EventSystem - ok
19:44:05.0127 3440  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:44:05.0159 3440  exfat - ok
19:44:05.0159 3440  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:44:05.0221 3440  fastfat - ok
19:44:05.0252 3440  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:44:05.0284 3440  Fax - ok
19:44:05.0284 3440  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:44:05.0315 3440  fdc - ok
19:44:05.0331 3440  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:44:05.0362 3440  fdPHost - ok
19:44:05.0377 3440  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:44:05.0424 3440  FDResPub - ok
19:44:05.0471 3440  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:44:05.0502 3440  FileInfo - ok
19:44:05.0502 3440  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:44:05.0596 3440  Filetrace - ok
19:44:05.0659 3440  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:44:05.0674 3440  flpydisk - ok
19:44:05.0706 3440  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:44:05.0721 3440  FltMgr - ok
19:44:05.0768 3440  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:44:05.0799 3440  FontCache - ok
19:44:05.0846 3440  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:05.0862 3440  FontCache3.0.0.0 - ok
19:44:05.0862 3440  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:44:05.0877 3440  FsDepends - ok
19:44:05.0893 3440  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:44:05.0909 3440  Fs_Rec - ok
19:44:05.0924 3440  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:44:05.0956 3440  fvevol - ok
19:44:05.0956 3440  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:44:05.0971 3440  gagp30kx - ok
19:44:06.0002 3440  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:06.0018 3440  GEARAspiWDM - ok
19:44:06.0049 3440  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:44:06.0096 3440  gpsvc - ok
19:44:06.0127 3440  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:06.0143 3440  gupdate - ok
19:44:06.0159 3440  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:06.0159 3440  gupdatem - ok
19:44:06.0190 3440  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:44:06.0206 3440  hamachi - ok
19:44:06.0284 3440  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:44:06.0331 3440  Hamachi2Svc - ok
19:44:06.0377 3440  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:44:06.0424 3440  hcw85cir - ok
19:44:06.0487 3440  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:06.0518 3440  HdAudAddService - ok
19:44:06.0534 3440  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:06.0565 3440  HDAudBus - ok
19:44:06.0565 3440  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:44:06.0581 3440  HidBatt - ok
19:44:06.0596 3440  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:44:06.0612 3440  HidBth - ok
19:44:06.0627 3440  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:44:06.0643 3440  HidIr - ok
19:44:06.0674 3440  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:44:06.0706 3440  hidserv - ok
19:44:06.0737 3440  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:44:06.0752 3440  HidUsb - ok
19:44:06.0768 3440  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:44:06.0831 3440  hkmsvc - ok
19:44:06.0831 3440  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:06.0877 3440  HomeGroupListener - ok
19:44:06.0893 3440  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:06.0924 3440  HomeGroupProvider - ok
19:44:06.0940 3440  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:44:06.0956 3440  HpSAMD - ok
19:44:06.0971 3440  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:44:07.0034 3440  HTTP - ok
19:44:07.0034 3440  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:44:07.0049 3440  hwpolicy - ok
19:44:07.0081 3440  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:44:07.0112 3440  i8042prt - ok
19:44:07.0143 3440  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:44:07.0159 3440  iaStorV - ok
19:44:07.0206 3440  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:07.0252 3440  idsvc - ok
19:44:07.0252 3440  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:44:07.0268 3440  iirsp - ok
19:44:07.0299 3440  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:44:07.0346 3440  IKEEXT - ok
19:44:07.0346 3440  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:44:07.0362 3440  intelide - ok
19:44:07.0377 3440  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:44:07.0409 3440  intelppm - ok
19:44:07.0424 3440  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:44:07.0456 3440  IPBusEnum - ok
19:44:07.0471 3440  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:07.0518 3440  IpFilterDriver - ok
19:44:07.0534 3440  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:44:07.0565 3440  iphlpsvc - ok
19:44:07.0581 3440  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:44:07.0596 3440  IPMIDRV - ok
19:44:07.0596 3440  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:44:07.0643 3440  IPNAT - ok
19:44:07.0721 3440  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:44:07.0737 3440  iPod Service - ok
19:44:07.0768 3440  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:44:07.0799 3440  IRENUM - ok
19:44:07.0815 3440  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:44:07.0831 3440  isapnp - ok
19:44:07.0831 3440  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:44:07.0862 3440  iScsiPrt - ok
19:44:07.0862 3440  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:07.0877 3440  kbdclass - ok
19:44:07.0893 3440  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:07.0924 3440  kbdhid - ok
19:44:07.0940 3440  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:44:07.0940 3440  KeyIso - ok
19:44:07.0956 3440  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:44:07.0987 3440  KSecDD - ok
19:44:08.0002 3440  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:44:08.0018 3440  KSecPkg - ok
19:44:08.0034 3440  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:44:08.0081 3440  ksthunk - ok
19:44:08.0096 3440  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:44:08.0143 3440  KtmRm - ok
19:44:08.0190 3440  [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:44:08.0190 3440  L1C - ok
19:44:08.0221 3440  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:44:08.0284 3440  LanmanServer - ok
19:44:08.0315 3440  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:08.0362 3440  LanmanWorkstation - ok
19:44:08.0393 3440  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
19:44:08.0409 3440  LGBusEnum - ok
19:44:08.0424 3440  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:44:08.0424 3440  LGVirHid - ok
19:44:08.0471 3440  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:44:08.0518 3440  lltdio - ok
19:44:08.0534 3440  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:44:08.0581 3440  lltdsvc - ok
19:44:08.0596 3440  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:44:08.0643 3440  lmhosts - ok
19:44:08.0659 3440  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:44:08.0674 3440  LSI_FC - ok
19:44:08.0674 3440  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:44:08.0690 3440  LSI_SAS - ok
19:44:08.0690 3440  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:44:08.0706 3440  LSI_SAS2 - ok
19:44:08.0721 3440  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:44:08.0737 3440  LSI_SCSI - ok
19:44:08.0752 3440  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:44:08.0799 3440  luafv - ok
19:44:08.0815 3440  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:44:08.0846 3440  Mcx2Svc - ok
19:44:08.0846 3440  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:44:08.0862 3440  megasas - ok
19:44:08.0862 3440  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:44:08.0893 3440  MegaSR - ok
19:44:08.0909 3440  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:44:08.0956 3440  MMCSS - ok
19:44:08.0956 3440  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:44:09.0002 3440  Modem - ok
19:44:09.0018 3440  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:44:09.0049 3440  monitor - ok
19:44:09.0049 3440  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:44:09.0065 3440  mouclass - ok
19:44:09.0081 3440  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:44:09.0112 3440  mouhid - ok
19:44:09.0127 3440  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:44:09.0143 3440  mountmgr - ok
19:44:09.0143 3440  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:44:09.0159 3440  mpio - ok
19:44:09.0174 3440  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:44:09.0206 3440  mpsdrv - ok
19:44:09.0237 3440  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:44:09.0268 3440  MpsSvc - ok
19:44:09.0299 3440  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:44:09.0315 3440  MRxDAV - ok
19:44:09.0346 3440  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:09.0377 3440  mrxsmb - ok
19:44:09.0393 3440  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:09.0409 3440  mrxsmb10 - ok
19:44:09.0424 3440  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:09.0440 3440  mrxsmb20 - ok
19:44:09.0440 3440  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:44:09.0456 3440  msahci - ok
19:44:09.0471 3440  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:44:09.0487 3440  msdsm - ok
19:44:09.0502 3440  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:44:09.0518 3440  MSDTC - ok
19:44:09.0534 3440  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:44:09.0581 3440  Msfs - ok
19:44:09.0581 3440  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:44:09.0627 3440  mshidkmdf - ok
19:44:09.0627 3440  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:44:09.0643 3440  msisadrv - ok
19:44:09.0659 3440  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:44:09.0706 3440  MSiSCSI - ok
19:44:09.0706 3440  msiserver - ok
19:44:09.0721 3440  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:44:09.0784 3440  MSKSSRV - ok
19:44:09.0784 3440  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:09.0815 3440  MSPCLOCK - ok
19:44:09.0831 3440  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:44:09.0862 3440  MSPQM - ok
19:44:09.0877 3440  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:44:09.0893 3440  MsRPC - ok
19:44:09.0909 3440  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:09.0924 3440  mssmbios - ok
19:44:09.0924 3440  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:44:09.0971 3440  MSTEE - ok
19:44:09.0987 3440  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:44:10.0002 3440  MTConfig - ok
19:44:10.0002 3440  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:44:10.0018 3440  Mup - ok
19:44:10.0049 3440  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:44:10.0096 3440  napagent - ok
19:44:10.0127 3440  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:44:10.0159 3440  NativeWifiP - ok
19:44:10.0206 3440  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:44:10.0237 3440  NDIS - ok
19:44:10.0252 3440  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:10.0284 3440  NdisCap - ok
19:44:10.0315 3440  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:10.0346 3440  NdisTapi - ok
19:44:10.0346 3440  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:10.0393 3440  Ndisuio - ok
19:44:10.0393 3440  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:10.0440 3440  NdisWan - ok
19:44:10.0440 3440  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:44:10.0471 3440  NDProxy - ok
19:44:10.0471 3440  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:44:10.0518 3440  NetBIOS - ok
19:44:10.0534 3440  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:44:10.0565 3440  NetBT - ok
19:44:10.0581 3440  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:44:10.0596 3440  Netlogon - ok
19:44:10.0627 3440  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:44:10.0674 3440  Netman - ok
19:44:10.0722 3440  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:44:10.0800 3440  netprofm - ok
19:44:10.0847 3440  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:10.0863 3440  NetTcpPortSharing - ok
19:44:10.0894 3440  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:44:10.0910 3440  nfrd960 - ok
19:44:10.0925 3440  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:44:10.0957 3440  NlaSvc - ok
19:44:11.0019 3440  [ D36107465E716CF2335A25C54B6D11C2 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
19:44:11.0050 3440  NMIndexingService - ok
19:44:11.0066 3440  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:44:11.0113 3440  Npfs - ok
19:44:11.0128 3440  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:44:11.0175 3440  nsi - ok
19:44:11.0191 3440  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:44:11.0238 3440  nsiproxy - ok
19:44:11.0285 3440  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:44:11.0316 3440  Ntfs - ok
19:44:11.0332 3440  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:44:11.0363 3440  Null - ok
19:44:11.0582 3440  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:11.0753 3440  nvlddmkm - ok
19:44:11.0785 3440  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:44:11.0800 3440  nvraid - ok
19:44:11.0832 3440  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:44:11.0847 3440  nvstor - ok
19:44:11.0894 3440  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:44:11.0925 3440  nvsvc - ok
19:44:11.0957 3440  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:12.0003 3440  nvUpdatusService - ok
19:44:12.0003 3440  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:44:12.0019 3440  nv_agp - ok
19:44:12.0050 3440  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:44:12.0066 3440  ohci1394 - ok
19:44:12.0097 3440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:44:12.0128 3440  p2pimsvc - ok
19:44:12.0144 3440  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:44:12.0175 3440  p2psvc - ok
19:44:12.0191 3440  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:44:12.0207 3440  Parport - ok
19:44:12.0222 3440  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:44:12.0238 3440  partmgr - ok
19:44:12.0253 3440  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:44:12.0300 3440  PcaSvc - ok
19:44:12.0300 3440  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:44:12.0316 3440  pci - ok
19:44:12.0332 3440  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:44:12.0332 3440  pciide - ok
19:44:12.0347 3440  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:44:12.0378 3440  pcmcia - ok
19:44:12.0378 3440  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:44:12.0394 3440  pcw - ok
19:44:12.0410 3440  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:44:12.0472 3440  PEAUTH - ok
19:44:12.0519 3440  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:44:12.0550 3440  PerfHost - ok
19:44:12.0597 3440  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:44:12.0644 3440  pla - ok
19:44:12.0691 3440  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:44:12.0738 3440  PlugPlay - ok
19:44:12.0753 3440  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:44:12.0785 3440  PNRPAutoReg - ok
19:44:12.0800 3440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:44:12.0816 3440  PNRPsvc - ok
19:44:12.0832 3440  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:44:12.0878 3440  PolicyAgent - ok
19:44:12.0910 3440  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:44:12.0957 3440  Power - ok
19:44:13.0003 3440  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:44:13.0050 3440  PptpMiniport - ok
19:44:13.0066 3440  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:44:13.0097 3440  Processor - ok
19:44:13.0128 3440  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:44:13.0160 3440  ProfSvc - ok
19:44:13.0160 3440  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:13.0175 3440  ProtectedStorage - ok
19:44:13.0222 3440  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:44:13.0269 3440  Psched - ok
19:44:13.0300 3440  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:44:13.0332 3440  ql2300 - ok
19:44:13.0347 3440  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:44:13.0363 3440  ql40xx - ok
19:44:13.0394 3440  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:44:13.0410 3440  QWAVE - ok
19:44:13.0425 3440  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:44:13.0441 3440  QWAVEdrv - ok
19:44:13.0457 3440  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:44:13.0488 3440  RasAcd - ok
19:44:13.0519 3440  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:13.0550 3440  RasAgileVpn - ok
19:44:13.0566 3440  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:44:13.0628 3440  RasAuto - ok
19:44:13.0660 3440  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:13.0707 3440  Rasl2tp - ok
19:44:13.0722 3440  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:44:13.0769 3440  RasMan - ok
19:44:13.0769 3440  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:13.0832 3440  RasPppoe - ok
19:44:13.0832 3440  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:44:13.0863 3440  RasSstp - ok
19:44:13.0878 3440  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:44:13.0925 3440  rdbss - ok
19:44:13.0925 3440  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:44:13.0957 3440  rdpbus - ok
19:44:13.0957 3440  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:13.0988 3440  RDPCDD - ok
19:44:14.0003 3440  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:44:14.0035 3440  RDPENCDD - ok
19:44:14.0050 3440  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:44:14.0082 3440  RDPREFMP - ok
19:44:14.0113 3440  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:44:14.0128 3440  RdpVideoMiniport - ok
19:44:14.0160 3440  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:44:14.0191 3440  RDPWD - ok
19:44:14.0207 3440  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:44:14.0222 3440  rdyboost - ok
19:44:14.0238 3440  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:44:14.0285 3440  RemoteAccess - ok
19:44:14.0316 3440  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:44:14.0363 3440  RemoteRegistry - ok
19:44:14.0394 3440  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:44:14.0425 3440  RpcEptMapper - ok
19:44:14.0441 3440  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:44:14.0457 3440  RpcLocator - ok
19:44:14.0488 3440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:44:14.0519 3440  RpcSs - ok
19:44:14.0550 3440  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:44:14.0582 3440  rspndr - ok
19:44:14.0628 3440  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:44:14.0644 3440  RTL8167 - ok
19:44:14.0660 3440  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:44:14.0660 3440  SamSs - ok
19:44:14.0675 3440  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:44:14.0691 3440  sbp2port - ok
19:44:14.0707 3440  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:44:14.0753 3440  SCardSvr - ok
19:44:14.0753 3440  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:44:14.0785 3440  scfilter - ok
19:44:14.0816 3440  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:44:14.0894 3440  Schedule - ok
19:44:14.0910 3440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:44:14.0941 3440  SCPolicySvc - ok
19:44:14.0957 3440  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:44:14.0972 3440  SDRSVC - ok
19:44:14.0988 3440  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:44:15.0019 3440  secdrv - ok
19:44:15.0035 3440  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:44:15.0066 3440  seclogon - ok
19:44:15.0082 3440  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:44:15.0128 3440  SENS - ok
19:44:15.0144 3440  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:44:15.0160 3440  SensrSvc - ok
19:44:15.0175 3440  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:44:15.0207 3440  Serenum - ok
19:44:15.0238 3440  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:44:15.0253 3440  Serial - ok
19:44:15.0269 3440  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:44:15.0300 3440  sermouse - ok
19:44:15.0332 3440  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:44:15.0378 3440  SessionEnv - ok
19:44:15.0378 3440  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:44:15.0410 3440  sffdisk - ok
19:44:15.0410 3440  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:44:15.0425 3440  sffp_mmc - ok
19:44:15.0425 3440  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:44:15.0457 3440  sffp_sd - ok
19:44:15.0457 3440  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:44:15.0488 3440  sfloppy - ok
19:44:15.0503 3440  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:44:15.0550 3440  SharedAccess - ok
19:44:15.0597 3440  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:15.0644 3440  ShellHWDetection - ok
19:44:15.0660 3440  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:44:15.0675 3440  SiSRaid2 - ok
19:44:15.0691 3440  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:44:15.0707 3440  SiSRaid4 - ok
19:44:15.0722 3440  [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:15.0785 3440  SkypeUpdate - ok
19:44:15.0800 3440  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:44:15.0847 3440  Smb - ok
19:44:15.0863 3440  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:44:15.0894 3440  SNMPTRAP - ok
19:44:15.0894 3440  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:44:15.0910 3440  spldr - ok
19:44:15.0925 3440  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:44:15.0957 3440  Spooler - ok
19:44:16.0019 3440  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:44:16.0113 3440  sppsvc - ok
19:44:16.0113 3440  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:44:16.0160 3440  sppuinotify - ok
19:44:16.0175 3440  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:44:16.0207 3440  srv - ok
19:44:16.0222 3440  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:44:16.0253 3440  srv2 - ok
19:44:16.0269 3440  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:44:16.0285 3440  srvnet - ok
19:44:16.0300 3440  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:44:16.0332 3440  SSDPSRV - ok
19:44:16.0347 3440  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:44:16.0394 3440  SstpSvc - ok
19:44:16.0425 3440  [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:44:16.0457 3440  Stereo Service - ok
19:44:16.0472 3440  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:44:16.0488 3440  stexstor - ok
19:44:16.0519 3440  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:44:16.0566 3440  stisvc - ok
19:44:16.0582 3440  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:44:16.0597 3440  swenum - ok
19:44:16.0613 3440  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:44:16.0644 3440  swprv - ok
19:44:16.0691 3440  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:44:16.0738 3440  SysMain - ok
19:44:16.0753 3440  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:16.0785 3440  TabletInputService - ok
19:44:16.0800 3440  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:44:16.0863 3440  TapiSrv - ok
19:44:16.0863 3440  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:44:16.0910 3440  TBS - ok
19:44:16.0957 3440  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:44:17.0003 3440  Tcpip - ok
19:44:17.0066 3440  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:44:17.0097 3440  TCPIP6 - ok
19:44:17.0128 3440  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:44:17.0128 3440  tcpipreg - ok
19:44:17.0160 3440  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:44:17.0175 3440  TDPIPE - ok
19:44:17.0191 3440  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:44:17.0222 3440  TDTCP - ok
19:44:17.0253 3440  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:44:17.0300 3440  tdx - ok
19:44:17.0300 3440  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:44:17.0316 3440  TermDD - ok
19:44:17.0363 3440  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:44:17.0394 3440  TermService - ok
19:44:17.0410 3440  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:44:17.0441 3440  Themes - ok
19:44:17.0457 3440  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:44:17.0488 3440  THREADORDER - ok
19:44:17.0503 3440  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:44:17.0550 3440  TrkWks - ok
19:44:17.0582 3440  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:17.0613 3440  TrustedInstaller - ok
19:44:17.0628 3440  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:17.0660 3440  tssecsrv - ok
19:44:17.0707 3440  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:44:17.0722 3440  TsUsbFlt - ok
19:44:17.0753 3440  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:44:17.0769 3440  TsUsbGD - ok
19:44:17.0816 3440  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:44:17.0863 3440  tunnel - ok
19:44:17.0863 3440  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:44:17.0878 3440  uagp35 - ok
19:44:17.0894 3440  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:44:17.0941 3440  udfs - ok
19:44:17.0957 3440  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:44:17.0988 3440  UI0Detect - ok
19:44:18.0003 3440  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:44:18.0019 3440  uliagpkx - ok
19:44:18.0035 3440  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:44:18.0066 3440  umbus - ok
19:44:18.0066 3440  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:44:18.0082 3440  UmPass - ok
19:44:18.0097 3440  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:44:18.0160 3440  upnphost - ok
19:44:18.0175 3440  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:44:18.0191 3440  USBAAPL64 - ok
19:44:18.0207 3440  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:18.0222 3440  usbccgp - ok
19:44:18.0238 3440  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:44:18.0269 3440  usbcir - ok
19:44:18.0269 3440  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:44:18.0300 3440  usbehci - ok
19:44:18.0332 3440  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:44:18.0347 3440  usbhub - ok
19:44:18.0378 3440  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:44:18.0410 3440  usbohci - ok
19:44:18.0441 3440  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:44:18.0472 3440  usbprint - ok
19:44:18.0488 3440  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:18.0519 3440  USBSTOR - ok
19:44:18.0535 3440  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:44:18.0566 3440  usbuhci - ok
19:44:18.0597 3440  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:44:18.0644 3440  UxSms - ok
19:44:18.0691 3440  [ 5581BB749DDE273F92A1E4A4D6CDF15A ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
19:44:18.0707 3440  UxTuneUp - ok
19:44:18.0722 3440  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:44:18.0739 3440  VaultSvc - ok
19:44:18.0754 3440  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:44:18.0770 3440  vdrvroot - ok
19:44:18.0801 3440  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:44:18.0848 3440  vds - ok
19:44:18.0864 3440  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:18.0879 3440  vga - ok
19:44:18.0879 3440  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:44:18.0926 3440  VgaSave - ok
19:44:18.0926 3440  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:44:18.0942 3440  vhdmp - ok
19:44:19.0020 3440  [ D928C90CC759499E916B8FB5B8F32DDC ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:44:19.0067 3440  VIAHdAudAddService - ok
19:44:19.0067 3440  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:44:19.0083 3440  viaide - ok
19:44:19.0114 3440  [ 224153C26FABE55CD6D751BFDF94FD3B ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:44:19.0129 3440  VIAKaraokeService - ok
19:44:19.0129 3440  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:44:19.0145 3440  volmgr - ok
19:44:19.0161 3440  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:44:19.0176 3440  volmgrx - ok
19:44:19.0192 3440  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:44:19.0223 3440  volsnap - ok
19:44:19.0223 3440  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:44:19.0239 3440  vsmraid - ok
19:44:19.0301 3440  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:44:19.0348 3440  VSS - ok
19:44:19.0364 3440  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:44:19.0379 3440  vwifibus - ok
19:44:19.0395 3440  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:44:19.0426 3440  W32Time - ok
19:44:19.0442 3440  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:44:19.0458 3440  WacomPen - ok
19:44:19.0489 3440  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:44:19.0520 3440  WANARP - ok
19:44:19.0536 3440  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:44:19.0567 3440  Wanarpv6 - ok
19:44:19.0598 3440  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:44:19.0645 3440  wbengine - ok
19:44:19.0645 3440  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:44:19.0676 3440  WbioSrvc - ok
19:44:19.0676 3440  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:44:19.0708 3440  wcncsvc - ok
19:44:19.0723 3440  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:19.0754 3440  WcsPlugInService - ok
19:44:19.0786 3440  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:44:19.0801 3440  Wd - ok
19:44:19.0833 3440  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:44:19.0864 3440  Wdf01000 - ok
19:44:19.0879 3440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:44:19.0911 3440  WdiServiceHost - ok
19:44:19.0926 3440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:44:19.0942 3440  WdiSystemHost - ok
19:44:19.0958 3440  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:44:19.0989 3440  WebClient - ok
19:44:20.0004 3440  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:44:20.0051 3440  Wecsvc - ok
19:44:20.0067 3440  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:44:20.0098 3440  wercplsupport - ok
19:44:20.0114 3440  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:44:20.0145 3440  WerSvc - ok
19:44:20.0176 3440  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:20.0208 3440  WfpLwf - ok
19:44:20.0223 3440  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:44:20.0239 3440  WIMMount - ok
19:44:20.0254 3440  WinDefend - ok
19:44:20.0254 3440  WinHttpAutoProxySvc - ok
19:44:20.0286 3440  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:44:20.0333 3440  Winmgmt - ok
19:44:20.0364 3440  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:44:20.0426 3440  WinRM - ok
19:44:20.0458 3440  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:44:20.0489 3440  WinUsb - ok
19:44:20.0520 3440  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:44:20.0567 3440  Wlansvc - ok
19:44:20.0583 3440  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:44:20.0598 3440  WmiAcpi - ok
19:44:20.0614 3440  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:44:20.0645 3440  wmiApSrv - ok
19:44:20.0676 3440  WMPNetworkSvc - ok
19:44:20.0692 3440  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:44:20.0708 3440  WPCSvc - ok
19:44:20.0723 3440  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:44:20.0754 3440  WPDBusEnum - ok
19:44:20.0754 3440  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:44:20.0786 3440  ws2ifsl - ok
19:44:20.0801 3440  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:44:20.0833 3440  wscsvc - ok
19:44:20.0833 3440  WSearch - ok
19:44:21.0051 3440  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:44:21.0098 3440  wuauserv - ok
19:44:21.0129 3440  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:44:21.0161 3440  WudfPf - ok
19:44:21.0176 3440  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:21.0192 3440  WUDFRd - ok
19:44:21.0223 3440  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:44:21.0254 3440  wudfsvc - ok
19:44:21.0286 3440  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:44:21.0301 3440  WwanSvc - ok
19:44:21.0317 3440  ================ Scan global ===============================
19:44:21.0348 3440  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:44:21.0379 3440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:44:21.0395 3440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:44:21.0426 3440  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:44:21.0458 3440  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:44:21.0473 3440  [Global] - ok
19:44:21.0473 3440  ================ Scan MBR ==================================
19:44:21.0473 3440  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:21.0692 3440  \Device\Harddisk0\DR0 - ok
19:44:21.0692 3440  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
19:44:22.0162 3440  \Device\Harddisk1\DR1 - ok
19:44:22.0162 3440  ================ Scan VBR ==================================
19:44:22.0177 3440  [ A15F5002CA054FDC255985D86943CF91 ] \Device\Harddisk0\DR0\Partition1
19:44:22.0177 3440  \Device\Harddisk0\DR0\Partition1 - ok
19:44:22.0193 3440  [ 578B41B9C84F60E4868653FBC053BC3D ] \Device\Harddisk0\DR0\Partition2
19:44:22.0193 3440  \Device\Harddisk0\DR0\Partition2 - ok
19:44:22.0208 3440  [ 78B84C45337F783090936E8DBFB7123B ] \Device\Harddisk0\DR0\Partition3
19:44:22.0224 3440  \Device\Harddisk0\DR0\Partition3 - ok
19:44:22.0240 3440  [ F5B413385A59F7FBD6E903DE45EDD3D3 ] \Device\Harddisk1\DR1\Partition1
19:44:22.0240 3440  \Device\Harddisk1\DR1\Partition1 - ok
19:44:22.0240 3440  ============================================================
19:44:22.0240 3440  Scan finished
19:44:22.0240 3440  ============================================================
19:44:22.0255 3808  Detected object count: 0
19:44:22.0255 3808  Actual detected object count: 0
19:44:42.0781 3428  Deinitialize success
         

Alt 08.03.2013, 19:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 20:11   #9
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



AntiVir hat beim Start des Scans gemeckert, dass es irgendwas mit der Registry blockiert hat. Hier das Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-07.03 - Admin 08.03.2013  20:02:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6330 [GMT 1:00]
ausgeführt von:: d:\users\Julian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-08 bis 2013-03-08  ))))))))))))))))))))))))))))))
.
.
2013-03-08 19:06 . 2013-03-08 19:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 09:37 . 2013-03-08 09:37	--------	d-----w-	c:\programdata\boost_interprocess
2013-03-05 07:48 . 2013-03-05 07:48	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-05 07:48 . 2013-03-05 07:48	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-05 07:48 . 2013-03-05 07:48	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-05 07:48 . 2013-03-05 07:48	188320	----a-w-	c:\windows\system32\java.exe
2013-03-05 07:48 . 2013-03-05 07:48	--------	d-----w-	c:\program files\Java
2013-03-02 21:31 . 2009-03-18 15:35	33856	---ha-w-	c:\windows\system32\hamachi.sys
2013-03-02 21:31 . 2013-03-02 21:31	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-03-01 13:28 . 2013-03-01 13:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-27 09:25 . 2013-02-27 09:54	--------	d-----w-	c:\users\Julian
2013-02-25 19:23 . 2013-02-25 19:23	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-02-25 15:52 . 2013-02-25 15:53	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2013-02-25 15:52 . 2013-02-25 15:52	--------	d-----w-	c:\programdata\Nero
2013-02-25 15:52 . 2013-02-25 15:52	--------	d-----w-	c:\program files (x86)\Nero
2013-02-24 20:15 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-24 20:15 . 2013-02-24 20:15	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 20:15 . 2013-02-24 20:15	--------	d-----w-	c:\program files\iTunes
2013-02-24 20:15 . 2013-02-24 20:15	--------	d-----w-	c:\program files (x86)\iTunes
2013-02-24 20:15 . 2013-02-24 20:15	--------	d-----w-	c:\program files\iPod
2013-02-24 20:14 . 2013-02-24 20:14	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-02-24 20:14 . 2013-02-24 20:14	--------	d-----w-	c:\program files\Common Files\Apple
2013-02-24 20:13 . 2013-02-24 20:15	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-02-24 18:45 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 18:45 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 18:17 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-02-24 18:11 . 2013-02-24 18:11	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-02-24 18:01 . 2013-02-24 18:01	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-02-24 18:01 . 2013-02-24 18:01	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-02-24 17:43 . 2013-02-04 21:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-24 17:38 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-02-24 17:38 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-02-24 17:38 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-02-24 17:38 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-02-24 17:28 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-02-24 17:13 . 2007-04-26 14:57	19976	----a-w-	c:\windows\system32\authuitu.dll
2013-02-24 17:13 . 2007-04-26 14:57	16904	----a-w-	c:\windows\SysWow64\authuitu.dll
2013-02-24 17:13 . 2007-03-28 18:42	29704	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2013-02-24 17:13 . 2007-03-28 18:42	36360	----a-w-	c:\windows\system32\uxtuneup.dll
2013-02-24 17:13 . 2013-02-24 17:13	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2007
2013-02-24 17:12 . 2013-02-24 17:12	--------	d-----w-	c:\programdata\TuneUp Software
2013-02-24 17:00 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-02-24 17:00 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-02-24 17:00 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-02-24 17:00 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-02-24 17:00 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-02-24 16:56 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2013-02-24 16:55 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2013-02-24 16:53 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2013-02-24 16:51 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2013-02-24 16:46 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-02-24 16:46 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-02-24 16:46 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-02-24 16:46 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-02-24 16:46 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-02-24 16:46 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-02-24 16:46 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2013-02-24 16:46 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-02-24 16:45 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-02-24 16:45 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2013-02-24 16:45 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2013-02-24 16:45 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-02-24 16:12 . 2013-03-02 18:18	--------	d-----w-	c:\program files (x86)\Google
2013-02-24 16:10 . 2013-02-24 16:10	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-24 16:10 . 2013-02-24 16:10	--------	d-----r-	c:\program files (x86)\Skype
2013-02-24 16:03 . 2013-02-24 20:15	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-02-24 16:03 . 2013-02-24 20:15	--------	d-----w-	c:\programdata\Apple Computer
2013-02-24 16:00 . 2013-02-24 16:29	--------	d-----w-	c:\programdata\Apple
2013-02-24 15:56 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2013-02-24 15:56 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2013-02-24 15:56 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2013-02-24 15:49 . 2013-02-24 15:48	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-02-24 15:49 . 2013-02-24 15:48	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-24 15:49 . 2013-02-24 15:48	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-24 15:49 . 2013-02-24 15:49	--------	d-----w-	c:\programdata\Avira
2013-02-24 15:49 . 2013-02-24 15:49	--------	d-----w-	c:\program files (x86)\Avira
2013-02-24 15:45 . 2013-03-05 07:48	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-24 15:45 . 2013-03-05 07:48	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-24 15:44 . 2013-02-27 11:07	--------	d-----w-	c:\programdata\Skype
2013-02-24 15:43 . 2013-02-24 15:43	--------	d-----w-	c:\program files (x86)\WinSCP
2013-02-24 15:42 . 2013-02-24 15:42	--------	d-----w-	c:\program files (x86)\Notepad++
2013-02-24 15:41 . 2013-03-04 18:06	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2013-02-24 15:39 . 2013-02-24 15:39	--------	d-----w-	c:\programdata\LogiShrd
2013-02-24 15:39 . 2013-02-24 15:39	--------	d-----w-	c:\program files\Logitech Gaming Software
2013-02-24 15:32 . 2013-02-24 15:32	--------	d-----w-	c:\program files\ASRock Utility
2013-02-24 15:32 . 2010-06-11 13:37	15368	----a-w-	c:\windows\system32\drivers\AsrAppCharger.sys
2013-02-24 15:31 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-02-24 15:31 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-02-24 15:31 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-02-24 15:31 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-02-24 15:31 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2013-02-24 15:31 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2013-02-24 15:31 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2013-02-24 15:31 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2013-02-24 15:31 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2013-02-24 15:30 . 2013-02-24 15:30	--------	d-----w-	c:\program files (x86)\Intel
2013-02-24 15:30 . 2009-08-26 14:04	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-02-24 15:28 . 2013-02-24 15:28	--------	d-----w-	c:\windows\SysWow64\Atheros_L1e
2013-02-24 15:27 . 2013-02-24 15:28	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2013-02-24 15:26 . 2013-02-24 15:27	--------	d-----w-	c:\program files (x86)\VIA
2013-02-24 15:26 . 2007-04-11 14:35	414632	------w-	c:\windows\difxapi.dll
2013-02-24 15:26 . 2013-02-24 15:26	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-02-24 15:26 . 2013-02-24 15:26	--------	d-----w-	C:\Intel
2013-02-24 15:23 . 2013-02-24 15:23	--------	d-----w-	C:\NVIDIA
2013-02-24 15:11 . 2013-02-24 15:20	--------	d-----w-	c:\windows\Panther
2013-02-24 14:26 . 2010-08-24 16:55	76912	----a-w-	c:\windows\system32\drivers\L1C62x64.sys
2013-02-09 17:43 . 2013-02-09 17:43	555808	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 04:43 . 2013-02-24 16:55	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-13 12:50 . 2012-12-13 12:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50	54784	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 3019376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-24 385248]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="d:\users\Julian\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-24 86752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-02-17 27760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-02-17 2153072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 07:50	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:08]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 16:12]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 16:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{448EAC2C-0FC3-449F-8DC5-6D3597F2E9D6}: NameServer = 192.168.2.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-08  20:07:47
ComboFix-quarantined-files.txt  2013-03-08 19:07
.
Vor Suchlauf: 8 Verzeichnis(se), 470.243.913.728 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 470.698.422.272 Bytes frei
.
- - End Of File - - 6801FD27F99864D7EBDEF010D19FE690
         
--- --- ---

Alt 08.03.2013, 20:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 21:29   #11
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Bei der Software Junkware Removal Tool gab es ein Bug, dass ich entweder nach dem Scan den Desktop vom Benutzerkonto "Admin" hatte, oder ich ganz als Benutzer "Admin" eingeloggt war. Daraufhin habe ich den Computer neu gestartet und ich hatte meinen Desktop wieder, das Log fehlt allerdings.
Hier noch die Logs von adwCleaner und OTL:

adwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 08/03/2013 um 21:07:52 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - JULIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Julian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [833 octets] - [08/03/2013 21:07:52]

########## EOF - \AdwCleaner[S1].txt - [892 octets] ##########
         
--- --- ---


OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.03.2013 21:13:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,48% Memory free
16,00 Gb Paging File | 14,55 Gb Available in Paging File | 90,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,81 Gb Total Space | 438,40 Gb Free Space | 93,12% Space Free | Partition Type: NTFS
Drive D: | 460,60 Gb Total Space | 450,22 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Julian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\..\SearchScopes\{14B63DCC-8949-4A54-B7D8-298BC8B8BD5D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1001\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 60 6B 57 CF 14 CE 01  [binary data]
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: NotScripts = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000..\RunOnce: [Report] \AdwCleaner[S1].txt File not found
O4 - HKU\S-1-5-21-4161934161-3653760989-346012480-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4161934161-3653760989-346012480-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448EAC2C-0FC3-449F-8DC5-6D3597F2E9D6}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 20:56:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.08 20:56:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.08 20:13:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.08 20:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.08 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2013.03.08 20:00:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.08 20:00:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.08 20:00:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.08 20:00:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.08 20:00:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.05 08:48:29 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.05 08:48:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.05 08:48:23 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.05 08:48:23 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.05 08:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.02 22:31:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.03.02 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.03.02 19:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.01 14:28:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.03.01 14:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.02.27 10:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.27 10:29:34 | 000,000,000 | ---D | C] -- D:\Users\Admin\Desktop\Meine Dateien
[2013.02.27 10:21:41 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 10:21:41 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 10:21:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 10:21:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 10:21:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 10:21:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 10:21:37 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 10:21:37 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 10:21:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 10:21:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 10:21:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 10:21:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 10:21:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 10:21:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 10:21:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 10:21:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 10:21:36 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 10:21:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 10:21:36 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 10:21:36 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 10:21:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 10:21:36 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 10:21:36 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 10:21:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 10:21:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 10:21:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 10:21:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 10:21:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 10:21:35 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 10:21:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 10:21:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 10:21:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 10:21:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 10:21:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 10:21:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.25 20:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\logs
[2013.02.25 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.techniclauncher
[2013.02.25 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nero
[2013.02.25 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Ahead
[2013.02.25 16:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.02.25 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.02.25 16:50:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.02.25 16:50:55 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.02.24 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games
[2013.02.24 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps
[2013.02.24 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.02.24 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.24 21:15:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.24 21:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.24 21:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.24 21:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.02.24 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.02.24 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
[2013.02.24 19:31:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.24 19:31:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.24 19:31:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.24 19:31:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.24 19:31:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.24 19:31:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.24 19:31:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.24 19:31:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.24 19:31:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.24 19:31:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.24 19:31:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.24 19:31:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.24 19:31:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.24 19:31:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.24 19:31:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.24 19:17:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.02.24 19:17:12 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013.02.24 19:17:08 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.02.24 19:17:08 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.02.24 19:17:08 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.02.24 19:17:08 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013.02.24 19:17:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013.02.24 19:17:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013.02.24 19:17:08 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013.02.24 19:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.24 18:38:53 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.02.24 18:38:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.02.24 18:34:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.02.24 18:34:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.24 18:34:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.24 18:34:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.02.24 18:34:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.02.24 18:34:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.02.24 18:34:43 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.02.24 18:34:43 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.02.24 18:34:43 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.02.24 18:34:43 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.02.24 18:34:43 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.02.24 18:34:43 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.02.24 18:34:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.02.24 18:34:43 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.02.24 18:34:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.02.24 18:34:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.02.24 18:34:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.02.24 18:34:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.02.24 18:34:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.02.24 18:34:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.02.24 18:34:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.02.24 18:34:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.02.24 18:34:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.02.24 18:34:42 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.02.24 18:34:42 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.02.24 18:28:07 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.02.24 18:26:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.02.24 18:26:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.02.24 18:26:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.24 18:26:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.02.24 18:26:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.02.24 18:26:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.02.24 18:26:22 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.02.24 18:26:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.24 18:26:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.02.24 18:26:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.24 18:26:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.02.24 18:26:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.02.24 18:26:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.02.24 18:26:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.24 18:26:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.02.24 18:26:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.02.24 18:26:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.02.24 18:26:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.02.24 18:26:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.24 18:26:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.24 18:26:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.24 18:26:21 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.02.24 18:26:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.02.24 18:26:21 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.02.24 18:26:21 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.24 18:26:21 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.02.24 18:26:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.02.24 18:26:21 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.02.24 18:26:21 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.02.24 18:26:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.24 18:26:21 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.02.24 18:26:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.02.24 18:26:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.02.24 18:26:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.02.24 18:26:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.02.24 18:26:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.02.24 18:26:21 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.24 18:26:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.02.24 18:26:21 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.02.24 18:26:21 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.02.24 18:26:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.24 18:26:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.02.24 18:26:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.02.24 18:26:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.02.24 18:26:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.02.24 18:26:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.24 18:26:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.02.24 18:26:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.02.24 18:26:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.02.24 18:26:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.02.24 18:26:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.02.24 18:26:21 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.02.24 18:26:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.02.24 18:26:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.02.24 18:26:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.24 18:26:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.02.24 18:26:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.24 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2013.02.24 18:13:10 | 000,019,976 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\authuitu.dll
[2013.02.24 18:13:10 | 000,016,904 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\authuitu.dll
[2013.02.24 18:13:09 | 000,029,704 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.02.24 18:13:08 | 000,036,360 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll
[2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007
[2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2007
[2013.02.24 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2013.02.24 18:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.02.24 18:01:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.02.24 18:01:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.02.24 18:01:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.02.24 18:01:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.02.24 18:01:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.02.24 18:01:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.02.24 18:01:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.02.24 18:01:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.02.24 18:01:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.02.24 18:01:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.02.24 18:00:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.02.24 18:00:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013.02.24 17:57:21 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.02.24 17:57:21 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.02.24 17:57:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.02.24 17:57:10 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.02.24 17:57:08 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.02.24 17:57:08 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013.02.24 17:57:03 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.24 17:57:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.24 17:57:02 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.24 17:56:59 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.02.24 17:56:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.02.24 17:56:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2013.02.24 17:56:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2013.02.24 17:56:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2013.02.24 17:56:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2013.02.24 17:56:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2013.02.24 17:56:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2013.02.24 17:56:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2013.02.24 17:56:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2013.02.24 17:56:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2013.02.24 17:56:56 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.02.24 17:56:56 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.02.24 17:56:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2013.02.24 17:56:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.02.24 17:56:52 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.02.24 17:56:51 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.02.24 17:56:51 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.02.24 17:56:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.02.24 17:56:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.02.24 17:56:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.02.24 17:56:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.02.24 17:56:38 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.02.24 17:56:38 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.02.24 17:56:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.02.24 17:56:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.02.24 17:56:38 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.02.24 17:56:38 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.02.24 17:56:38 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.02.24 17:56:38 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.02.24 17:56:38 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.02.24 17:56:38 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.02.24 17:56:38 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.02.24 17:56:37 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.02.24 17:56:37 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.02.24 17:56:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.02.24 17:56:37 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.02.24 17:56:37 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.02.24 17:56:37 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.02.24 17:56:37 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.02.24 17:56:37 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.02.24 17:56:37 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.02.24 17:56:37 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.02.24 17:56:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.02.24 17:56:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.02.24 17:56:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.24 17:56:19 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.24 17:56:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.24 17:56:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.24 17:56:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.24 17:56:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.24 17:56:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.24 17:56:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.24 17:56:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.24 17:56:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.24 17:56:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.24 17:56:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.24 17:56:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.24 17:56:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.24 17:56:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.24 17:56:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.24 17:56:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.24 17:56:03 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2013.02.24 17:56:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2013.02.24 17:56:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2013.02.24 17:56:03 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2013.02.24 17:56:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2013.02.24 17:56:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2013.02.24 17:55:57 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013.02.24 17:55:55 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013.02.24 17:55:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013.02.24 17:55:54 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.02.24 17:55:54 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.02.24 17:55:54 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.02.24 17:55:54 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.02.24 17:55:54 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.02.24 17:55:54 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.02.24 17:55:54 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.02.24 17:55:54 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.02.24 17:55:54 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.02.24 17:55:53 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.02.24 17:55:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013.02.24 17:55:53 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.02.24 17:55:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013.02.24 17:55:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.02.24 17:55:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.02.24 17:55:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.02.24 17:55:48 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2013.02.24 17:55:48 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2013.02.24 17:55:48 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013.02.24 17:55:48 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013.02.24 17:55:46 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013.02.24 17:55:46 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013.02.24 17:55:43 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013.02.24 17:55:43 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013.02.24 17:55:40 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013.02.24 17:55:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.02.24 17:55:40 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013.02.24 17:55:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.02.24 17:55:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.02.24 17:55:28 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.02.24 17:55:28 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.02.24 17:55:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.02.24 17:55:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.02.24 17:55:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.02.24 17:55:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.02.24 17:55:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.02.24 17:55:25 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.02.24 17:55:25 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.24 17:55:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.24 17:55:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.24 17:55:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.24 17:55:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.24 17:55:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.24 17:55:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.24 17:55:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.02.24 17:55:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.02.24 17:55:17 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.02.24 17:55:16 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2013.02.24 17:55:15 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2013.02.24 17:55:15 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2013.02.24 17:55:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2013.02.24 17:55:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013.02.24 17:55:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013.02.24 17:55:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013.02.24 17:55:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.02.24 17:55:11 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2013.02.24 17:55:10 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.02.24 17:55:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.02.24 17:55:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.02.24 17:55:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.02.24 17:53:27 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.02.24 17:53:23 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.02.24 17:53:23 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.02.24 17:53:23 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.02.24 17:53:23 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.02.24 17:53:23 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2013.02.24 17:53:23 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2013.02.24 17:53:23 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2013.02.24 17:53:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.02.24 17:53:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.02.24 17:53:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.02.24 17:53:21 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013.02.24 17:53:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2013.02.24 17:53:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.02.24 17:53:19 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013.02.24 17:53:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013.02.24 17:53:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2013.02.24 17:53:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2013.02.24 17:53:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2013.02.24 17:53:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2013.02.24 17:53:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.02.24 17:51:29 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013.02.24 17:51:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013.02.24 17:51:27 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.02.24 17:51:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.02.24 17:46:13 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.02.24 17:46:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.02.24 17:46:01 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.02.24 17:45:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.02.24 17:45:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.02.24 17:45:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.02.24 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2013.02.24 17:29:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2013.02.24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.24 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.24 17:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.02.24 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.24 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype
[2013.02.24 17:10:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.24 17:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.24 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.02.24 17:05:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2013.02.24 17:03:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.24 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.02.24 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2013.02.24 17:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.02.24 16:56:45 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013.02.24 16:56:45 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013.02.24 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2013.02.24 16:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google
[2013.02.24 16:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.24 16:49:06 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.24 16:49:06 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.24 16:49:06 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.24 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.24 16:45:54 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.02.24 16:45:54 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.24 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013.02.24 16:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.02.24 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2013.02.24 16:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.02.24 16:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.24 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NVIDIA
[2013.02.24 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Logitech
[2013.02.24 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.02.24 16:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.24 16:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.24 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech
[2013.02.24 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd
[2013.02.24 16:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.02.24 16:32:08 | 000,015,368 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013.02.24 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013.02.24 16:31:30 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.02.24 16:31:30 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.02.24 16:31:30 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.02.24 16:31:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.02.24 16:31:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.02.24 16:31:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.02.24 16:31:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.02.24 16:31:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.02.24 16:30:33 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.02.24 16:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.02.24 16:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013.02.24 16:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.24 16:26:59 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2013.02.24 16:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013.02.24 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.24 16:26:27 | 000,000,000 | ---D | C] -- C:\Intel
[2013.02.24 16:24:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.24 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.02.24 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.02.24 16:24:42 | 006,393,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.02.24 16:24:42 | 003,472,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.02.24 16:24:42 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.02.24 16:24:42 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.02.24 16:24:42 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.02.24 16:24:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.24 16:24:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.24 16:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.24 16:24:05 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.24 16:24:05 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.24 16:24:05 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.24 16:24:05 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.24 16:24:05 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.24 16:24:05 | 015,275,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.24 16:24:05 | 015,038,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.24 16:24:05 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.24 16:24:05 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.24 16:24:05 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.24 16:24:05 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.24 16:24:05 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.24 16:24:05 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.24 16:24:05 | 002,854,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.24 16:24:05 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.24 16:24:05 | 002,528,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.24 16:24:05 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.24 16:24:05 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.24 16:24:05 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.02.24 16:24:05 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.02.24 16:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.02.24 16:23:32 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.24 16:20:47 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.24 16:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2013.02.24 16:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2013.02.24 16:20:22 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.24 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten
[2013.02.24 16:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2013.02.24 16:20:22 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2013.02.24 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.24 16:20:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.24 16:20:16 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.02.24 16:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.24 16:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.02.24 16:12:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.02.24 16:11:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.02.24 15:27:17 | 002,153,072 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2013.02.24 15:27:16 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2013.02.24 15:27:16 | 000,866,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2013.02.24 15:27:16 | 000,202,864 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2013.02.24 15:27:16 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2013.02.24 15:27:16 | 000,087,152 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2013.02.24 15:27:16 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013.02.24 15:27:16 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013.02.24 15:27:16 | 000,074,240 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2013.02.24 15:27:16 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2013.02.24 15:27:16 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2013.02.24 15:27:16 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2013.02.24 15:27:15 | 000,993,392 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2013.02.24 15:27:15 | 000,732,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2013.02.24 15:27:15 | 000,553,072 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2013.02.24 15:27:15 | 000,248,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013.02.24 15:27:15 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2013.02.24 15:26:02 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013.02.09 18:43:52 | 000,555,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.08 21:16:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.08 21:16:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.08 21:16:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.08 21:16:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.08 21:16:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.08 21:10:52 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.08 21:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.08 21:10:35 | 2146,762,751 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 21:10:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 21:10:02 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 20:57:59 | 000,002,123 | ---- | M] () -- D:\Users\Admin\Desktop\Google Chrome.lnk
[2013.03.08 20:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.08 12:52:13 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.03.05 08:48:20 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.05 08:48:19 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.03.05 08:48:19 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.03.05 08:48:19 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.05 08:48:19 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.05 08:48:19 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.25 18:47:04 | 000,001,430 | ---- | M] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk
[2013.02.25 18:36:00 | 000,703,117 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar
[2013.02.24 21:37:49 | 000,000,600 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2013.02.24 21:10:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.24 19:40:50 | 000,002,222 | ---- | M] () -- D:\Users\Admin\Desktop\Minecraft.lnk
[2013.02.24 19:03:31 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.02.24 19:03:18 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.24 18:26:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.02.24 18:26:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.02.24 18:26:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.24 18:26:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.02.24 18:26:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.02.24 18:26:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.02.24 18:26:22 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.02.24 18:26:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.24 18:26:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.02.24 18:26:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.24 18:26:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.02.24 18:26:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.02.24 18:26:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.02.24 18:26:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.24 18:26:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.02.24 18:26:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.24 18:26:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.02.24 18:26:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.02.24 18:26:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.02.24 18:26:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.24 18:26:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.24 18:26:22 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.24 18:26:21 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.02.24 18:26:21 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.02.24 18:26:21 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.02.24 18:26:21 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.24 18:26:21 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.02.24 18:26:21 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.02.24 18:26:21 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.02.24 18:26:21 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.02.24 18:26:21 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.24 18:26:21 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.02.24 18:26:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.02.24 18:26:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.02.24 18:26:21 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.02.24 18:26:21 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.02.24 18:26:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.02.24 18:26:21 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.24 18:26:21 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.02.24 18:26:21 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.02.24 18:26:21 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.02.24 18:26:21 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.24 18:26:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.02.24 18:26:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.02.24 18:26:21 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.02.24 18:26:21 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.02.24 18:26:21 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.24 18:26:21 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.02.24 18:26:21 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.02.24 18:26:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.02.24 18:26:21 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.24 18:26:21 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.02.24 18:26:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.02.24 18:26:21 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.02.24 18:26:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.02.24 18:26:21 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.02.24 18:26:21 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.24 18:26:21 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.02.24 18:26:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.24 17:07:19 | 000,001,050 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.24 16:48:22 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.24 16:48:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.24 16:48:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.24 16:16:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.24 16:14:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.02.10 04:25:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.10 04:25:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.02.09 18:43:52 | 000,555,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files Created - No Company Name ==========
 
[2013.03.08 20:00:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.08 20:00:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.08 20:00:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.08 20:00:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.08 20:00:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.08 12:52:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.03.05 08:49:02 | 000,002,123 | ---- | C] () -- D:\Users\Admin\Desktop\Google Chrome.lnk
[2013.02.27 10:29:47 | 000,002,222 | ---- | C] () -- D:\Users\Admin\Desktop\Minecraft.lnk
[2013.02.27 10:29:47 | 000,001,430 | ---- | C] () -- D:\Users\Admin\Desktop\TechnicLauncher.lnk
[2013.02.25 18:35:57 | 000,703,117 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\technic-launcher.jar
[2013.02.24 21:19:23 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2013.02.24 21:14:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.24 21:10:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.24 18:38:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.24 18:26:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.24 18:26:21 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.24 18:13:13 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.02.24 18:13:07 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2007.lnk
[2013.02.24 18:01:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.24 17:12:47 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.24 17:12:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.24 17:07:18 | 000,001,050 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.24 16:27:22 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2013.02.24 16:24:05 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.24 16:21:38 | 000,001,405 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.24 16:21:35 | 000,001,439 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.24 16:15:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.24 16:15:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.24 16:14:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.02.24 16:12:18 | 2146,762,751 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.03.2013 21:13:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,48% Memory free
16,00 Gb Paging File | 14,55 Gb Available in Paging File | 90,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,81 Gb Total Space | 438,40 Gb Free Space | 93,12% Space Free | Partition Type: NTFS
Drive D: | 460,60 Gb Total Space | 450,22 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 844,11 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{252F1E16-E5E6-4971-8A78-46FD091E1A70}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{58676EDE-E938-4B8B-BEAF-3B306A0C1C2B}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5F59F5C6-C673-418E-80AB-8B0FB654A398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FD17122-0BD7-4CC6-A3B7-48101FFD1AC3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63E0170E-ACDF-46DF-976C-E3BEC5061639}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6CB23481-F30E-4AC1-B4CC-36F091BF9DEB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{82323116-8164-4BE9-88EC-E2602B664BF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0380429-0722-4CE0-8B1E-937917EEB810}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA69FA37-F0AC-4DCD-B34B-D4F60E930A0C}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CDDAF99C-CCEF-43E5-99B8-A0D4B623A326}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D57B9187-5522-4BE7-A89A-D0D8B634299D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DC3EABEA-F6B2-4C26-A4C7-7FEB66CB2A10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DC615DFD-05CB-484E-BB24-7B36AB9B6691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{78834E93-0C17-412A-90AD-C808C1175487}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{78C70488-7709-4AF4-A2C5-23AC1FB07B92}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{CFB71FED-8FB6-4577-B0D6-52295FB53622}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{F1AF5481-04C9-4A47-AC1B-D624971DFEEC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{10EF208B-3A2D-4990-A4D4-44CA8967A546}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9057E640-6DF9-4ABE-BD3F-27712BA1AC1A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{909726B0-814E-4BFA-8709-86A60BCE11DB}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{E1835FB9-3BD8-43F4-AA93-A78293006CE6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 5.1.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4161934161-3653760989-346012480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4161934161-3653760989-346012480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2013 16:05:29 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 16:12:26 | Computer Name = Julian-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.03.2013 16:03:44 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 08.03.2013 16:10:45 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
 
< End of report >
         
--- --- ---

Alt 10.03.2013, 15:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Das Log von JRT ist direkt auf dem Desktop
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 16:37   #13
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Zitat:
Zitat von cosinus Beitrag anzeigen
Das Log von JRT ist direkt auf dem Desktop
Nein es ist nicht vorhanden, wegen dem Bug mit dem Desktop. Das Log hat sich zwar nach dem Scan geöffnet, ich habe es aber nicht abgespeichert weil ich davon ausgegangen bin, dass es sich abspeichert. Falls es dir was hilft, es hat nur ein Ordner oder eine Datei im ProgramFiles Ordner gelöscht.

PS. Ich habe schon vor der Eröffnung des Themas den Fund mit Verdacht auf Fehlalarm bei AntiVir eingeschickt, und es kam eine Mail dass der Fund ein Fehlalarm war und es im Nächten VDF Update gepatscht wird.

Geändert von Julian84 (10.03.2013 um 16:40 Uhr) Grund: Ergänzung

Alt 10.03.2013, 19:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Was für ein Desktop-Bug? Bei "unseren" Tools ist es völlig normal, dass der Desktop mal verschwindet
Führ JRT nochmal aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 20:19   #15
Julian84
 
TR/Crypt.XPACK.Gen7 - Standard

TR/Crypt.XPACK.Gen7



Zitat:
Zitat von cosinus Beitrag anzeigen
Was für ein Desktop-Bug? Bei "unseren" Tools ist es völlig normal, dass der Desktop mal verschwindet
Den Desktop-Bug wie in Antwort #11 beschrieben. Dieses mal hab ich das Tool mit dem Admin Konto ausgeführt und der Desktop wurde wieder so hingesetzt wie er zuvor war. Das alte Log wo was gelöscht wurde ist leider verloren gegangen.
Hier das Log:

JRT Logfile:
Code:
ATTFilter
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 10.03.2013 at 20:04:23,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.03.2013 at 20:10:41,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Geändert von Julian84 (10.03.2013 um 20:20 Uhr) Grund: Ergänzung

Antwort

Themen zu TR/Crypt.XPACK.Gen7
adblock, antivir, autorun, bonjour, desktop, error, fehlalarm, firefox, helper.exe, home, homepage, install.exe, installation, launch, logfile, nvidia update, programm, prozesse, realtek, registry, rundll, scan, security, software, svchost.exe, taskhost.exe, teamspeak, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner-board, vdeck.exe, virus, windows, windows xp



Ähnliche Themen: TR/Crypt.XPACK.Gen7


  1. TR/Crypt.XPACK.GEN7
    Log-Analyse und Auswertung - 30.03.2015 (5)
  2. Windows 7: TR/Crypt.XPACK.Gen7, ADWARE/Adware.Gen7
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (9)
  3. TR/Crypt.XPACK.Gen7 und Malewarebites Meldungen
    Plagegeister aller Art und deren Bekämpfung - 21.02.2015 (9)
  4. windows 7: Trojaner TR/Crypt.XPACK.gen7 gefangen
    Log-Analyse und Auswertung - 01.02.2015 (16)
  5. TR/Crypt.XPACK.Gen7 auf Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (8)
  6. Windows 8.1: Avira meldet TR/Crypt.XPACK.Gen7
    Log-Analyse und Auswertung - 04.06.2014 (9)
  7. Win7 - TR/Crypt.XPACK.Gen7
    Log-Analyse und Auswertung - 21.11.2013 (3)
  8. Virus (TR/Crypt.XPACK.Gen7) oder Fehlalarm?
    Log-Analyse und Auswertung - 23.03.2013 (10)
  9. TR/Crypt.XPACK.Gen7 auf WHS und win7 Rechner eingezogen
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (7)
  10. TR/Crypt.XPACK.Gen7 von Avira in StarMoney-Datei gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (6)
  11. tr/crypt.xpack.gen7 auf wc3 tft cd
    Log-Analyse und Auswertung - 20.11.2012 (14)
  12. Trojaner crypt.xpack.gen7 Schreiben von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (9)
  13. Avira hat TR/Crypt-XPACK.Gen7 entdeckt.
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (5)
  14. TR/Crypt.XPACK.Gen7 von AntiVir gefunden
    Log-Analyse und Auswertung - 08.10.2012 (30)
  15. Avira findet Trojaner TR/Crypt.XPACK.Gen7 in jdk-7u2-windows-i586.exe
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (14)
  16. 'TR/Crypt.XPACK.Gen7'
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (3)
  17. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)

Zum Thema TR/Crypt.XPACK.Gen7 - Hallo Trojaner-Board! Ich weiß nicht ganz ob es ein Fehlalarm war, aber ich geh lieber mal auf Nummer sicher. Also ich habe mir heute eine Software (.zip Archiv) auf dem - TR/Crypt.XPACK.Gen7...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.