Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Battle.net-Acc wurde gehackt nach Echtgeldeinkauf (https://www.trojaner-board.de/119768-battle-net-acc-wurde-gehackt-echtgeldeinkauf.html)

Seraphim137 22.07.2012 17:58
So bin wieder zu hause und an meinem rechner.

im Anhang sämtliche logs die vom tdssKiller erstellt wurden.

Hier das Letzte Log:
Code:
01:22:39.0219 4260        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
01:22:39.0566 4260        ============================================================
01:22:39.0566 4260        Current date / time: 2012/07/21 01:22:39.0566
01:22:39.0566 4260        SystemInfo:
01:22:39.0566 4260       
01:22:39.0566 4260        OS Version: 6.1.7601 ServicePack: 1.0
01:22:39.0566 4260        Product type: Workstation
01:22:39.0566 4260        ComputerName: ANDREAS-PC
01:22:39.0566 4260        UserName: Andreas
01:22:39.0566 4260        Windows directory: C:\Windows
01:22:39.0566 4260        System windows directory: C:\Windows
01:22:39.0566 4260        Running under WOW64
01:22:39.0566 4260        Processor architecture: Intel x64
01:22:39.0566 4260        Number of processors: 4
01:22:39.0566 4260        Page size: 0x1000
01:22:39.0566 4260        Boot type: Normal boot
01:22:39.0566 4260        ============================================================
01:22:40.0695 4260        Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0xA8178, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
01:22:41.0263 4260        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:22:41.0270 4260        ============================================================
01:22:41.0271 4260        \Device\Harddisk0\DR0:
01:22:41.0271 4260        MBR partitions:
01:22:41.0271 4260        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:22:41.0271 4260        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
01:22:41.0271 4260        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x249F0000
01:22:41.0271 4260        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D40000, BlocksNum 0x7DD47000
01:22:41.0271 4260        \Device\Harddisk1\DR1:
01:22:41.0271 4260        MBR partitions:
01:22:41.0271 4260        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:22:41.0271 4260        ============================================================
01:22:41.0302 4260        C: <-> \Device\Harddisk0\DR0\Partition1
01:22:41.0347 4260        D: <-> \Device\Harddisk0\DR0\Partition2
01:22:41.0405 4260        E: <-> \Device\Harddisk0\DR0\Partition3
01:22:41.0436 4260        F: <-> \Device\Harddisk1\DR1\Partition0
01:22:41.0436 4260        ============================================================
01:22:41.0436 4260        Initialize success
01:22:41.0436 4260        ============================================================
01:22:46.0202 7048        ============================================================
01:22:46.0202 7048        Scan started
01:22:46.0202 7048        Mode: Manual; SigCheck; TDLFS;
01:22:46.0202 7048        ============================================================
01:22:47.0030 7048        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:22:47.0108 7048        1394ohci - ok
01:22:47.0168 7048        a2acc          (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
01:22:47.0192 7048        a2acc - ok
01:22:47.0318 7048        a2AntiMalware  (8b75ba256bcada2b73ffa5bd77aa9e6c) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
01:22:47.0371 7048        a2AntiMalware - ok
01:22:47.0577 7048        A2DDA          (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
01:22:47.0592 7048        A2DDA - ok
01:22:47.0693 7048        ABBYY.Licensing.FineReader.Professional.11.0 (656f06850d02baed19f0e2e72b047ce2) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
01:22:47.0715 7048        ABBYY.Licensing.FineReader.Professional.11.0 - ok
01:22:47.0768 7048        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:22:47.0787 7048        ACPI - ok
01:22:47.0802 7048        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:22:47.0821 7048        AcpiPmi - ok
01:22:47.0898 7048        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:22:47.0914 7048        AdobeFlashPlayerUpdateSvc - ok
01:22:47.0961 7048        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:22:47.0982 7048        adp94xx - ok
01:22:48.0006 7048        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:22:48.0025 7048        adpahci - ok
01:22:48.0046 7048        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:22:48.0064 7048        adpu320 - ok
01:22:48.0091 7048        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:22:48.0127 7048        AeLookupSvc - ok
01:22:48.0159 7048        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:22:48.0180 7048        AFD - ok
01:22:48.0197 7048        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:22:48.0212 7048        agp440 - ok
01:22:48.0217 7048        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:22:48.0235 7048        ALG - ok
01:22:48.0242 7048        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:22:48.0258 7048        aliide - ok
01:22:48.0290 7048        AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
01:22:48.0311 7048        AMD External Events Utility - ok
01:22:48.0326 7048        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:22:48.0342 7048        amdide - ok
01:22:48.0359 7048        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:22:48.0379 7048        AmdK8 - ok
01:22:48.0611 7048        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:48.0709 7048        amdkmdag - ok
01:22:48.0765 7048        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
01:22:48.0785 7048        amdkmdap - ok
01:22:48.0805 7048        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:22:48.0822 7048        AmdPPM - ok
01:22:48.0838 7048        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:22:48.0854 7048        amdsata - ok
01:22:48.0875 7048        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:22:48.0894 7048        amdsbs - ok
01:22:48.0904 7048        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:22:48.0919 7048        amdxata - ok
01:22:48.0941 7048        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:22:48.0976 7048        AppID - ok
01:22:48.0989 7048        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:22:49.0024 7048        AppIDSvc - ok
01:22:49.0050 7048        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:22:49.0084 7048        Appinfo - ok
01:22:49.0110 7048        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:22:49.0128 7048        AppMgmt - ok
01:22:49.0139 7048        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:22:49.0155 7048        arc - ok
01:22:49.0165 7048        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:22:49.0181 7048        arcsas - ok
01:22:49.0256 7048        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:22:49.0270 7048        aspnet_state - ok
01:22:49.0287 7048        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:49.0321 7048        AsyncMac - ok
01:22:49.0324 7048        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:22:49.0339 7048        atapi - ok
01:22:49.0372 7048        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:22:49.0388 7048        AtiHDAudioService - ok
01:22:49.0420 7048        AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
01:22:49.0435 7048        AtiHdmiService - ok
01:22:49.0710 7048        atikmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:49.0809 7048        atikmdag - ok
01:22:49.0867 7048        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
01:22:49.0885 7048        atksgt - ok
01:22:49.0936 7048        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:49.0975 7048        AudioEndpointBuilder - ok
01:22:49.0980 7048        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:50.0020 7048        AudioSrv - ok
01:22:50.0079 7048        AVP            (946d70667b0119f2beeae0849e1d46a2) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
01:22:50.0096 7048        AVP - ok
01:22:50.0120 7048        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:22:50.0141 7048        AxInstSV - ok
01:22:50.0174 7048        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:22:50.0194 7048        b06bdrv - ok
01:22:50.0217 7048        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:22:50.0236 7048        b57nd60a - ok
01:22:50.0254 7048        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:22:50.0271 7048        BDESVC - ok
01:22:50.0285 7048        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:22:50.0320 7048        Beep - ok
01:22:50.0365 7048        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:22:50.0404 7048        BFE - ok
01:22:50.0443 7048        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
01:22:50.0486 7048        BITS - ok
01:22:50.0492 7048        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:22:50.0510 7048        blbdrive - ok
01:22:50.0520 7048        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:22:50.0536 7048        bowser - ok
01:22:50.0554 7048        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:22:50.0573 7048        BrFiltLo - ok
01:22:50.0583 7048        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:22:50.0602 7048        BrFiltUp - ok
01:22:50.0626 7048        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:22:50.0660 7048        Browser - ok
01:22:50.0688 7048        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:22:50.0708 7048        Brserid - ok
01:22:50.0723 7048        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:22:50.0744 7048        BrSerWdm - ok
01:22:50.0751 7048        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:22:50.0770 7048        BrUsbMdm - ok
01:22:50.0778 7048        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:22:50.0795 7048        BrUsbSer - ok
01:22:50.0816 7048        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:22:50.0835 7048        BTHMODEM - ok
01:22:50.0851 7048        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:22:50.0887 7048        bthserv - ok
01:22:50.0893 7048        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:50.0928 7048        cdfs - ok
01:22:50.0955 7048        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:50.0974 7048        cdrom - ok
01:22:50.0988 7048        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:22:51.0023 7048        CertPropSvc - ok
01:22:51.0039 7048        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:22:51.0061 7048        circlass - ok
01:22:51.0094 7048        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:22:51.0113 7048        CLFS - ok
01:22:51.0206 7048        CLPSLS          (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
01:22:51.0234 7048        CLPSLS - ok
01:22:51.0307 7048        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:22:51.0322 7048        clr_optimization_v2.0.50727_32 - ok
01:22:51.0369 7048        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:22:51.0383 7048        clr_optimization_v2.0.50727_64 - ok
01:22:51.0420 7048        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:22:51.0435 7048        clr_optimization_v4.0.30319_32 - ok
01:22:51.0477 7048        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:22:51.0492 7048        clr_optimization_v4.0.30319_64 - ok
01:22:51.0531 7048        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:22:51.0548 7048        CmBatt - ok
01:22:51.0669 7048        cmdAgent        (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
01:22:51.0720 7048        cmdAgent - ok
01:22:51.0762 7048        cmderd          (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
01:22:51.0776 7048        cmderd - ok
01:22:51.0806 7048        cmdGuard        (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
01:22:51.0826 7048        cmdGuard - ok
01:22:51.0841 7048        cmdHlp          (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
01:22:51.0856 7048        cmdHlp - ok
01:22:51.0877 7048        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:22:51.0892 7048        cmdide - ok
01:22:51.0936 7048        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
01:22:51.0961 7048        CNG - ok
01:22:51.0971 7048        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:22:51.0986 7048        Compbatt - ok
01:22:52.0007 7048        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:22:52.0026 7048        CompositeBus - ok
01:22:52.0029 7048        COMSysApp - ok
01:22:52.0062 7048        cpuz130 - ok
01:22:52.0065 7048        cpuz132 - ok
01:22:52.0079 7048        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:22:52.0095 7048        crcdisk - ok
01:22:52.0118 7048        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:22:52.0136 7048        CryptSvc - ok
01:22:52.0169 7048        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:22:52.0190 7048        CSC - ok
01:22:52.0226 7048        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:22:52.0249 7048        CscService - ok
01:22:52.0309 7048        DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) d:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
01:22:52.0322 7048        DAUpdaterSvc - ok
01:22:52.0358 7048        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:22:52.0400 7048        DcomLaunch - ok
01:22:52.0433 7048        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:22:52.0472 7048        defragsvc - ok
01:22:52.0500 7048        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:22:52.0535 7048        DfsC - ok
01:22:52.0556 7048        dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
01:22:52.0570 7048        dgderdrv - ok
01:22:52.0819 7048        dgdersvc        (10b8f89d146d0e20b1284d47bb4ec6c9) C:\Windows\SysWOW64\dgdersvc.exe
01:22:52.0834 7048        dgdersvc - ok
01:22:52.0858 7048        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:22:52.0895 7048        Dhcp - ok
01:22:52.0905 7048        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:22:52.0941 7048        discache - ok
01:22:52.0946 7048        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:22:52.0962 7048        Disk - ok
01:22:52.0991 7048        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:22:53.0009 7048        Dnscache - ok
01:22:53.0034 7048        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:22:53.0069 7048        dot3svc - ok
01:22:53.0094 7048        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:22:53.0129 7048        DPS - ok
01:22:53.0153 7048        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:22:53.0172 7048        drmkaud - ok
01:22:53.0227 7048        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:53.0253 7048        DXGKrnl - ok
01:22:53.0280 7048        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:22:53.0316 7048        EapHost - ok
01:22:53.0446 7048        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:22:53.0492 7048        ebdrv - ok
01:22:53.0555 7048        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:22:53.0573 7048        EFS - ok
01:22:53.0634 7048        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:22:53.0657 7048        ehRecvr - ok
01:22:53.0677 7048        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:22:53.0696 7048        ehSched - ok
01:22:53.0725 7048        ElbyCDFL        (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
01:22:53.0740 7048        ElbyCDFL - ok
01:22:53.0767 7048        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
01:22:53.0782 7048        ElbyCDIO - ok
01:22:53.0818 7048        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:22:53.0839 7048        elxstor - ok
01:22:53.0858 7048        ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
01:22:53.0873 7048        ENTECH64 - ok
01:22:53.0899 7048        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:22:53.0917 7048        ErrDev - ok
01:22:53.0956 7048        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:22:53.0995 7048        EventSystem - ok
01:22:54.0018 7048        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:22:54.0056 7048        exfat - ok
01:22:54.0078 7048        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:22:54.0114 7048        fastfat - ok
01:22:54.0165 7048        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:22:54.0199 7048        Fax - ok
01:22:54.0213 7048        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:22:54.0230 7048        fdc - ok
01:22:54.0247 7048        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:22:54.0282 7048        fdPHost - ok
01:22:54.0293 7048        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:22:54.0330 7048        FDResPub - ok
01:22:54.0344 7048        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:22:54.0360 7048        FileInfo - ok
01:22:54.0375 7048        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:22:54.0410 7048        Filetrace - ok
01:22:54.0417 7048        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:22:54.0435 7048        flpydisk - ok
01:22:54.0448 7048        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:22:54.0466 7048        FltMgr - ok
01:22:54.0539 7048        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:22:54.0565 7048        FontCache - ok
01:22:54.0644 7048        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:22:54.0658 7048        FontCache3.0.0.0 - ok
01:22:54.0672 7048        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:22:54.0688 7048        FsDepends - ok
01:22:54.0709 7048        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:54.0725 7048        Fs_Rec - ok
01:22:54.0749 7048        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:22:54.0769 7048        fvevol - ok
01:22:54.0780 7048        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:22:54.0796 7048        gagp30kx - ok
01:22:54.0823 7048        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:22:54.0836 7048        GEARAspiWDM - ok
01:22:54.0891 7048        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:22:54.0931 7048        gpsvc - ok
01:22:54.0985 7048        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:55.0002 7048        gupdate - ok
01:22:55.0005 7048        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:55.0020 7048        gupdatem - ok
01:22:55.0041 7048        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:22:55.0058 7048        hcw85cir - ok
01:22:55.0086 7048        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:22:55.0108 7048        HdAudAddService - ok
01:22:55.0128 7048        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:22:55.0148 7048        HDAudBus - ok
01:22:55.0168 7048        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:22:55.0185 7048        HidBatt - ok
01:22:55.0204 7048        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:22:55.0224 7048        HidBth - ok
01:22:55.0244 7048        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:22:55.0264 7048        HidIr - ok
01:22:55.0281 7048        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:22:55.0317 7048        hidserv - ok
01:22:55.0346 7048        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:55.0364 7048        HidUsb - ok
01:22:55.0388 7048        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:22:55.0424 7048        hkmsvc - ok
01:22:55.0453 7048        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:22:55.0473 7048        HomeGroupListener - ok
01:22:55.0495 7048        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:22:55.0514 7048        HomeGroupProvider - ok
01:22:55.0537 7048        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:22:55.0553 7048        HpSAMD - ok
01:22:55.0604 7048        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:22:55.0644 7048        HTTP - ok
01:22:55.0648 7048        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:22:55.0664 7048        hwpolicy - ok
01:22:55.0680 7048        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:22:55.0697 7048        i8042prt - ok
01:22:55.0734 7048        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:22:55.0753 7048        iaStorV - ok
01:22:55.0793 7048        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:22:55.0816 7048        idsvc - ok
01:22:55.0822 7048        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:22:55.0838 7048        iirsp - ok
01:22:55.0889 7048        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:22:55.0930 7048        IKEEXT - ok
01:22:55.0962 7048        inspect        (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
01:22:55.0978 7048        inspect - ok
01:22:55.0991 7048        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:22:56.0006 7048        intelide - ok
01:22:56.0022 7048        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:56.0041 7048        intelppm - ok
01:22:56.0048 7048        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:22:56.0086 7048        IPBusEnum - ok
01:22:56.0113 7048        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:56.0147 7048        IpFilterDriver - ok
01:22:56.0192 7048        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:22:56.0231 7048        iphlpsvc - ok
01:22:56.0249 7048        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:22:56.0267 7048        IPMIDRV - ok
01:22:56.0288 7048        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:22:56.0324 7048        IPNAT - ok
01:22:56.0398 7048        iPod Service    (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
01:22:56.0421 7048        iPod Service - ok
01:22:56.0434 7048        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:22:56.0454 7048        IRENUM - ok
01:22:56.0471 7048        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:22:56.0486 7048        isapnp - ok
01:22:56.0508 7048        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:22:56.0527 7048        iScsiPrt - ok
01:22:56.0558 7048        ivusb          (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
01:22:56.0572 7048        ivusb - ok
01:22:56.0578 7048        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:56.0594 7048        kbdclass - ok
01:22:56.0607 7048        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:56.0625 7048        kbdhid - ok
01:22:56.0651 7048        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:56.0669 7048        KeyIso - ok
01:22:56.0695 7048        KL1            (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
01:22:56.0713 7048        KL1 - ok
01:22:56.0735 7048        kl2            (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
01:22:56.0749 7048        kl2 - ok
01:22:56.0780 7048        KLIF            (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
01:22:56.0799 7048        KLIF - ok
01:22:56.0818 7048        KLIM6          (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
01:22:56.0831 7048        KLIM6 - ok
01:22:56.0848 7048        klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
01:22:56.0862 7048        klmouflt - ok
01:22:56.0886 7048        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
01:22:56.0903 7048        KSecDD - ok
01:22:56.0929 7048        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
01:22:56.0946 7048        KSecPkg - ok
01:22:56.0969 7048        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:22:57.0005 7048        ksthunk - ok
01:22:57.0033 7048        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:22:57.0072 7048        KtmRm - ok
01:22:57.0098 7048        L8042Kbd        (7d80a55b6d0c2a54728158e846f4696d) C:\Windows\system32\DRIVERS\L8042Kbd.sys
01:22:57.0113 7048        L8042Kbd - ok
01:22:57.0139 7048        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:22:57.0176 7048        LanmanServer - ok
01:22:57.0199 7048        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:22:57.0236 7048        LanmanWorkstation - ok
01:22:57.0313 7048        LBTServ        (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:22:57.0331 7048        LBTServ - ok
01:22:57.0350 7048        LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:22:57.0365 7048        LHidFilt - ok
01:22:57.0397 7048        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
01:22:57.0412 7048        lirsgt - ok
01:22:57.0423 7048        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:22:57.0458 7048        lltdio - ok
01:22:57.0489 7048        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:22:57.0526 7048        lltdsvc - ok
01:22:57.0542 7048        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:22:57.0577 7048        lmhosts - ok
01:22:57.0593 7048        LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:22:57.0608 7048        LMouFilt - ok
01:22:57.0630 7048        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:22:57.0646 7048        LSI_FC - ok
01:22:57.0666 7048        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:22:57.0684 7048        LSI_SAS - ok
01:22:57.0703 7048        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:22:57.0722 7048        LSI_SAS2 - ok
01:22:57.0730 7048        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:22:57.0747 7048        LSI_SCSI - ok
01:22:57.0755 7048        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:22:57.0791 7048        luafv - ok
01:22:57.0816 7048        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:22:57.0834 7048        Mcx2Svc - ok
01:22:57.0850 7048        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:22:57.0866 7048        megasas - ok
01:22:57.0895 7048        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:22:57.0913 7048        MegaSR - ok
01:22:57.0962 7048        Microsoft SharePoint Workspace Audit Service - ok
01:22:57.0974 7048        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:22:58.0011 7048        MMCSS - ok
01:22:58.0031 7048        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:22:58.0065 7048        Modem - ok
01:22:58.0092 7048        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:22:58.0112 7048        monitor - ok
01:22:58.0146 7048        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:22:58.0161 7048        mouclass - ok
01:22:58.0176 7048        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:22:58.0194 7048        mouhid - ok
01:22:58.0207 7048        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:22:58.0223 7048        mountmgr - ok
01:22:58.0262 7048        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:22:58.0277 7048        MozillaMaintenance - ok
01:22:58.0310 7048        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:22:58.0327 7048        mpio - ok
01:22:58.0341 7048        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:22:58.0376 7048        mpsdrv - ok
01:22:58.0431 7048        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:22:58.0472 7048        MpsSvc - ok
01:22:58.0507 7048        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:22:58.0529 7048        MRxDAV - ok
01:22:58.0547 7048        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:22:58.0564 7048        mrxsmb - ok
01:22:58.0591 7048        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:22:58.0610 7048        mrxsmb10 - ok
01:22:58.0621 7048        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:22:58.0638 7048        mrxsmb20 - ok
01:22:58.0656 7048        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:22:58.0672 7048        msahci - ok
01:22:58.0689 7048        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:22:58.0705 7048        msdsm - ok
01:22:58.0731 7048        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:22:58.0752 7048        MSDTC - ok
01:22:58.0763 7048        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:22:58.0798 7048        Msfs - ok
01:22:58.0809 7048        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:22:58.0843 7048        mshidkmdf - ok
01:22:58.0863 7048        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:22:58.0878 7048        msisadrv - ok
01:22:58.0908 7048        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:22:58.0945 7048        MSiSCSI - ok
01:22:58.0950 7048        msiserver - ok
01:22:58.0967 7048        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:22:59.0003 7048        MSKSSRV - ok
01:22:59.0018 7048        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:22:59.0056 7048        MSPCLOCK - ok
01:22:59.0064 7048        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:22:59.0099 7048        MSPQM - ok
01:22:59.0135 7048        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:22:59.0154 7048        MsRPC - ok
01:22:59.0169 7048        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:22:59.0185 7048        mssmbios - ok
01:22:59.0239 7048        MSSQL$SQLEXPRESS - ok
01:22:59.0287 7048        MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
01:22:59.0302 7048        MSSQLServerADHelper100 - ok
01:22:59.0307 7048        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:22:59.0342 7048        MSTEE - ok
01:22:59.0353 7048        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:22:59.0369 7048        MTConfig - ok
01:22:59.0396 7048        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
01:22:59.0410 7048        MTsensor - ok
01:22:59.0423 7048        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:22:59.0439 7048        Mup - ok
01:22:59.0477 7048        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:22:59.0514 7048        napagent - ok
01:22:59.0541 7048        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:22:59.0564 7048        NativeWifiP - ok
01:22:59.0658 7048        NBService      (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
01:22:59.0680 7048        NBService - ok
01:22:59.0730 7048        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:22:59.0756 7048        NDIS - ok
01:22:59.0771 7048        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:22:59.0807 7048        NdisCap - ok
01:22:59.0820 7048        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:22:59.0855 7048        NdisTapi - ok
01:22:59.0884 7048        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:22:59.0918 7048        Ndisuio - ok
01:22:59.0942 7048        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:22:59.0977 7048        NdisWan - ok
01:23:00.0000 7048        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:23:00.0034 7048        NDProxy - ok
01:23:00.0041 7048        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:23:00.0076 7048        NetBIOS - ok
01:23:00.0095 7048        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:23:00.0130 7048        NetBT - ok
01:23:00.0155 7048        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:00.0173 7048        Netlogon - ok
01:23:00.0203 7048        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:23:00.0243 7048        Netman - ok
01:23:00.0316 7048        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0330 7048        NetMsmqActivator - ok
01:23:00.0334 7048        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0349 7048        NetPipeActivator - ok
01:23:00.0378 7048        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:23:00.0419 7048        netprofm - ok
01:23:00.0424 7048        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0439 7048        NetTcpActivator - ok
01:23:00.0444 7048        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:00.0459 7048        NetTcpPortSharing - ok
01:23:00.0498 7048        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:23:00.0514 7048        nfrd960 - ok
01:23:00.0547 7048        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:23:00.0584 7048        NlaSvc - ok
01:23:00.0627 7048        NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
01:23:00.0642 7048        NMIndexingService - ok
01:23:00.0649 7048        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:23:00.0685 7048        Npfs - ok
01:23:00.0710 7048        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:23:00.0747 7048        nsi - ok
01:23:00.0752 7048        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:23:00.0788 7048        nsiproxy - ok
01:23:00.0858 7048        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:23:00.0892 7048        Ntfs - ok
01:23:00.0965 7048        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:23:01.0000 7048        Null - ok
01:23:01.0031 7048        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:23:01.0048 7048        nvraid - ok
01:23:01.0070 7048        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:23:01.0087 7048        nvstor - ok
01:23:01.0101 7048        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:23:01.0118 7048        nv_agp - ok
01:23:01.0136 7048        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:23:01.0154 7048        ohci1394 - ok
01:23:01.0196 7048        ose64          (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:23:01.0211 7048        ose64 - ok
01:23:01.0390 7048        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:23:01.0465 7048        osppsvc - ok
01:23:01.0527 7048        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:01.0548 7048        p2pimsvc - ok
01:23:01.0574 7048        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:23:01.0595 7048        p2psvc - ok
01:23:01.0621 7048        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:23:01.0639 7048        Parport - ok
01:23:01.0702 7048        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:23:01.0718 7048        partmgr - ok
01:23:01.0735 7048        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:23:01.0758 7048        PcaSvc - ok
01:23:01.0772 7048        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:23:01.0789 7048        pci - ok
01:23:01.0804 7048        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:23:01.0819 7048        pciide - ok
01:23:01.0857 7048        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:23:01.0875 7048        pcmcia - ok
01:23:01.0882 7048        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:23:01.0898 7048        pcw - ok
01:23:01.0936 7048        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:23:01.0977 7048        PEAUTH - ok
01:23:02.0048 7048        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:23:02.0077 7048        PeerDistSvc - ok
01:23:02.0123 7048        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:23:02.0142 7048        PerfHost - ok
01:23:02.0254 7048        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:23:02.0301 7048        pla - ok
01:23:02.0358 7048        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
01:23:02.0364 7048        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
01:23:02.0365 7048        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
01:23:02.0438 7048        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:23:02.0460 7048        PlugPlay - ok
01:23:02.0480 7048        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:23:02.0499 7048        PNRPAutoReg - ok
01:23:02.0520 7048        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:02.0541 7048        PNRPsvc - ok
01:23:02.0578 7048        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:23:02.0617 7048        PolicyAgent - ok
01:23:02.0632 7048        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:23:02.0669 7048        Power - ok
01:23:02.0694 7048        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:23:02.0729 7048        PptpMiniport - ok
01:23:02.0748 7048        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:23:02.0767 7048        Processor - ok
01:23:02.0807 7048        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:23:02.0839 7048        ProfSvc - ok
01:23:02.0855 7048        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:02.0873 7048        ProtectedStorage - ok
01:23:02.0914 7048        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:23:02.0949 7048        Psched - ok
01:23:02.0962 7048        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:23:02.0976 7048        PxHlpa64 - ok
01:23:03.0047 7048        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:23:03.0082 7048        ql2300 - ok
01:23:03.0130 7048        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:23:03.0146 7048        ql40xx - ok
01:23:03.0178 7048        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:23:03.0201 7048        QWAVE - ok
01:23:03.0221 7048        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:23:03.0241 7048        QWAVEdrv - ok
01:23:03.0262 7048        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:23:03.0298 7048        RasAcd - ok
01:23:03.0323 7048        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:23:03.0359 7048        RasAgileVpn - ok
01:23:03.0388 7048        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:23:03.0425 7048        RasAuto - ok
01:23:03.0435 7048        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:23:03.0471 7048        Rasl2tp - ok
01:23:03.0512 7048        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:23:03.0550 7048        RasMan - ok
01:23:03.0558 7048        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:23:03.0594 7048        RasPppoe - ok
01:23:03.0602 7048        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:23:03.0639 7048        RasSstp - ok
01:23:03.0663 7048        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:23:03.0699 7048        rdbss - ok
01:23:03.0706 7048        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:23:03.0726 7048        rdpbus - ok
01:23:03.0739 7048        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:23:03.0773 7048        RDPCDD - ok
01:23:03.0802 7048        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:23:03.0820 7048        RDPDR - ok
01:23:03.0826 7048        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:23:03.0861 7048        RDPENCDD - ok
01:23:03.0871 7048        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:23:03.0907 7048        RDPREFMP - ok
01:23:03.0967 7048        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:23:03.0984 7048        RdpVideoMiniport - ok
01:23:04.0020 7048        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:23:04.0038 7048        RDPWD - ok
01:23:04.0065 7048        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:23:04.0083 7048        rdyboost - ok
01:23:04.0114 7048        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:23:04.0150 7048        RemoteAccess - ok
01:23:04.0166 7048        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:23:04.0202 7048        RemoteRegistry - ok
01:23:04.0219 7048        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:23:04.0255 7048        RpcEptMapper - ok
01:23:04.0272 7048        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:23:04.0292 7048        RpcLocator - ok
01:23:04.0333 7048        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:23:04.0373 7048        RpcSs - ok
01:23:04.0402 7048        RsFx0103        (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
01:23:04.0420 7048        RsFx0103 - ok
01:23:04.0439 7048        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:23:04.0477 7048        rspndr - ok
01:23:04.0503 7048        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:23:04.0520 7048        s3cap - ok
01:23:04.0547 7048        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:04.0564 7048        SamSs - ok
01:23:04.0588 7048        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:23:04.0605 7048        sbp2port - ok
01:23:04.0637 7048        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:23:04.0675 7048        SCardSvr - ok
01:23:04.0695 7048        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:23:04.0729 7048        scfilter - ok
01:23:04.0800 7048        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:23:04.0844 7048        Schedule - ok
01:23:04.0872 7048        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:23:04.0906 7048        SCPolicySvc - ok
01:23:04.0932 7048        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:23:04.0951 7048        SDRSVC - ok
01:23:04.0977 7048        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:23:05.0012 7048        secdrv - ok
01:23:05.0030 7048        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:23:05.0064 7048        seclogon - ok
01:23:05.0084 7048        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:23:05.0121 7048        SENS - ok
01:23:05.0134 7048        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:23:05.0164 7048        SensrSvc - ok
01:23:05.0178 7048        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:23:05.0195 7048        Serenum - ok
01:23:05.0219 7048        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:23:05.0236 7048        Serial - ok
01:23:05.0273 7048        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:23:05.0291 7048        sermouse - ok
01:23:05.0552 7048        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:23:05.0589 7048        SessionEnv - ok
01:23:05.0620 7048        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:23:05.0640 7048        sffdisk - ok
01:23:05.0659 7048        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:23:05.0679 7048        sffp_mmc - ok
01:23:05.0694 7048        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:23:05.0714 7048        sffp_sd - ok
01:23:05.0726 7048        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:23:05.0745 7048        sfloppy - ok
01:23:05.0797 7048        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:23:05.0836 7048        SharedAccess - ok
01:23:05.0880 7048        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:23:05.0919 7048        ShellHWDetection - ok
01:23:05.0937 7048        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:23:05.0953 7048        SiSRaid2 - ok
01:23:05.0979 7048        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:23:05.0996 7048        SiSRaid4 - ok
01:23:06.0016 7048        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:23:06.0051 7048        Smb - ok
01:23:06.0079 7048        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:23:06.0098 7048        SNMPTRAP - ok
01:23:06.0111 7048        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:23:06.0127 7048        spldr - ok
01:23:06.0161 7048        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:23:06.0200 7048        Spooler - ok
01:23:06.0338 7048        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:23:06.0406 7048        sppsvc - ok
01:23:06.0475 7048        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:23:06.0513 7048        sppuinotify - ok
01:23:06.0573 7048        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
01:23:06.0598 7048        sptd - ok
01:23:06.0690 7048        SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
01:23:06.0709 7048        SQLAgent$SQLEXPRESS - ok
01:23:06.0769 7048        SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:23:06.0785 7048        SQLBrowser - ok
01:23:06.0831 7048        SQLWriter      (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:23:06.0847 7048        SQLWriter - ok
01:23:06.0905 7048        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:23:06.0925 7048        srv - ok
01:23:06.0945 7048        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:23:06.0966 7048        srv2 - ok
01:23:06.0978 7048        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:23:06.0997 7048        srvnet - ok
01:23:07.0021 7048        ssadbus        (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
01:23:07.0040 7048        ssadbus - ok
01:23:07.0053 7048        ssadmdfl        (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
01:23:07.0071 7048        ssadmdfl - ok
01:23:07.0093 7048        ssadmdm        (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
01:23:07.0113 7048        ssadmdm - ok
01:23:07.0138 7048        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:23:07.0177 7048        SSDPSRV - ok
01:23:07.0199 7048        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:23:07.0238 7048        SstpSvc - ok
01:23:07.0254 7048        Steam Client Service - ok
01:23:07.0267 7048        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:23:07.0284 7048        stexstor - ok
01:23:07.0323 7048        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:23:07.0351 7048        stisvc - ok
01:23:07.0371 7048        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:23:07.0387 7048        storflt - ok
01:23:07.0404 7048        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:23:07.0420 7048        storvsc - ok
01:23:07.0433 7048        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:23:07.0449 7048        swenum - ok
01:23:07.0504 7048        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:23:07.0517 7048        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
01:23:07.0517 7048        SwitchBoard - detected UnsignedFile.Multi.Generic (1)
01:23:07.0551 7048        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:23:07.0592 7048        swprv - ok
01:23:07.0599 7048        Synth3dVsc - ok
01:23:07.0696 7048        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:23:07.0734 7048        SysMain - ok
01:23:07.0767 7048        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:23:07.0790 7048        TabletInputService - ok
01:23:07.0821 7048        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:23:07.0860 7048        TapiSrv - ok
01:23:07.0874 7048        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:23:07.0911 7048        TBS - ok
01:23:07.0985 7048        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:23:08.0024 7048        Tcpip - ok
01:23:08.0128 7048        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:23:08.0166 7048        TCPIP6 - ok
01:23:08.0212 7048        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:23:08.0247 7048        tcpipreg - ok
01:23:08.0272 7048        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:23:08.0289 7048        TDPIPE - ok
01:23:08.0318 7048        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:23:08.0335 7048        TDTCP - ok
01:23:08.0376 7048        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:23:08.0414 7048        tdx - ok
01:23:08.0422 7048        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:23:08.0439 7048        TermDD - ok
01:23:08.0477 7048        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:23:08.0518 7048        TermService - ok
01:23:08.0542 7048        TFsExDisk      (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
01:23:08.0557 7048        TFsExDisk - ok
01:23:08.0570 7048        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:23:08.0593 7048        Themes - ok
01:23:08.0624 7048        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:23:08.0661 7048        THREADORDER - ok
01:23:08.0681 7048        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:23:08.0719 7048        TrkWks - ok
01:23:08.0736 7048        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:23:08.0771 7048        TrustedInstaller - ok
01:23:08.0811 7048        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:23:08.0845 7048        tssecsrv - ok
01:23:08.0868 7048        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:23:08.0885 7048        TsUsbFlt - ok
01:23:08.0892 7048        tsusbhub - ok
01:23:09.0017 7048        TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
01:23:09.0055 7048        TuneUp.UtilitiesSvc - ok
01:23:09.0075 7048        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
01:23:09.0089 7048        TuneUpUtilitiesDrv - ok
01:23:09.0124 7048        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:23:09.0159 7048        tunnel - ok
01:23:09.0179 7048        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:23:09.0195 7048        uagp35 - ok
01:23:09.0227 7048        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:23:09.0264 7048        udfs - ok
01:23:09.0290 7048        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:23:09.0310 7048        UI0Detect - ok
01:23:09.0328 7048        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:23:09.0345 7048        uliagpkx - ok
01:23:09.0369 7048        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:23:09.0387 7048        umbus - ok
01:23:09.0403 7048        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:23:09.0421 7048        UmPass - ok
01:23:09.0451 7048        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:23:09.0472 7048        UmRdpService - ok
01:23:09.0507 7048        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:23:09.0546 7048        upnphost - ok
01:23:09.0569 7048        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:23:09.0587 7048        usbccgp - ok
01:23:09.0625 7048        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:23:09.0645 7048        usbcir - ok
01:23:09.0662 7048        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:23:09.0680 7048        usbehci - ok
01:23:09.0698 7048        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:23:09.0718 7048        usbhub - ok
01:23:09.0742 7048        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:23:09.0760 7048        usbohci - ok
01:23:09.0773 7048        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:23:09.0795 7048        usbprint - ok
01:23:09.0819 7048        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:23:09.0839 7048        usbscan - ok
01:23:09.0865 7048        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:09.0882 7048        USBSTOR - ok
01:23:09.0910 7048        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
01:23:09.0926 7048        usbuhci - ok
01:23:09.0950 7048        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:23:09.0986 7048        UxSms - ok
01:23:10.0007 7048        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:10.0026 7048        VaultSvc - ok
01:23:10.0051 7048        VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
01:23:10.0066 7048        VClone - ok
01:23:10.0074 7048        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:23:10.0090 7048        vdrvroot - ok
01:23:10.0134 7048        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:23:10.0174 7048        vds - ok
01:23:10.0186 7048        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:23:10.0205 7048        vga - ok
01:23:10.0218 7048        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:23:10.0253 7048        VgaSave - ok
01:23:10.0260 7048        VGPU - ok
01:23:10.0295 7048        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:23:10.0313 7048        vhdmp - ok
01:23:10.0337 7048        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:23:10.0353 7048        viaide - ok
01:23:10.0367 7048        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:23:10.0385 7048        vmbus - ok
01:23:10.0403 7048        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:23:10.0420 7048        VMBusHID - ok
01:23:10.0431 7048        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:23:10.0447 7048        volmgr - ok
01:23:10.0481 7048        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:23:10.0501 7048        volmgrx - ok
01:23:10.0518 7048        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:23:10.0537 7048        volsnap - ok
01:23:10.0759 7048        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:23:10.0778 7048        vsmraid - ok
01:23:10.0901 7048        VSPerfDrv100    (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
01:23:10.0915 7048        VSPerfDrv100 - ok
01:23:10.0987 7048        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:23:11.0036 7048        VSS - ok
01:23:11.0129 7048        vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
01:23:11.0154 7048        vToolbarUpdater11.2.0 - ok
01:23:11.0233 7048        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:23:11.0252 7048        vwifibus - ok
01:23:11.0292 7048        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:23:11.0330 7048        W32Time - ok
01:23:11.0350 7048        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:23:11.0369 7048        WacomPen - ok
01:23:11.0386 7048        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:11.0420 7048        WANARP - ok
01:23:11.0427 7048        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:11.0461 7048        Wanarpv6 - ok
01:23:11.0535 7048        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:23:11.0566 7048        wbengine - ok
01:23:11.0610 7048        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:23:11.0635 7048        WbioSrvc - ok
01:23:11.0659 7048        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:23:11.0684 7048        wcncsvc - ok
01:23:11.0697 7048        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:23:11.0729 7048        WcsPlugInService - ok
01:23:11.0754 7048        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:23:11.0770 7048        Wd - ok
01:23:11.0808 7048        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:23:11.0831 7048        Wdf01000 - ok
01:23:11.0854 7048        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:11.0878 7048        WdiServiceHost - ok
01:23:11.0885 7048        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:11.0909 7048        WdiSystemHost - ok
01:23:11.0939 7048        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:23:11.0964 7048        WebClient - ok
01:23:11.0996 7048        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:23:12.0034 7048        Wecsvc - ok
01:23:12.0057 7048        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:23:12.0095 7048        wercplsupport - ok
01:23:12.0117 7048        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:23:12.0157 7048        WerSvc - ok
01:23:12.0173 7048        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:23:12.0209 7048        WfpLwf - ok
01:23:12.0228 7048        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:23:12.0244 7048        WIMMount - ok
01:23:12.0252 7048        WinDefend - ok
01:23:12.0272 7048        WinHttpAutoProxySvc - ok
01:23:12.0341 7048        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:23:12.0378 7048        Winmgmt - ok
01:23:12.0473 7048        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:23:12.0526 7048        WinRM - ok
01:23:12.0607 7048        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:23:12.0627 7048        WinUsb - ok
01:23:12.0683 7048        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:23:12.0713 7048        Wlansvc - ok
01:23:12.0731 7048        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:23:12.0748 7048        WmiAcpi - ok
01:23:12.0787 7048        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:23:12.0807 7048        wmiApSrv - ok
01:23:12.0820 7048        WMPNetworkSvc - ok
01:23:12.0837 7048        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:23:12.0857 7048        WPCSvc - ok
01:23:12.0882 7048        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:23:12.0903 7048        WPDBusEnum - ok
01:23:12.0938 7048        WPFFontCache_v0400 - ok
01:23:12.0957 7048        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:23:12.0994 7048        ws2ifsl - ok
01:23:13.0017 7048        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
01:23:13.0041 7048        wscsvc - ok
01:23:13.0049 7048        WSearch - ok
01:23:13.0177 7048        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:23:13.0223 7048        wuauserv - ok
01:23:13.0283 7048        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:23:13.0318 7048        WudfPf - ok
01:23:13.0344 7048        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:23:13.0380 7048        WUDFRd - ok
01:23:13.0393 7048        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:23:13.0430 7048        wudfsvc - ok
01:23:13.0455 7048        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:23:13.0479 7048        WwanSvc - ok
01:23:13.0528 7048        yukonw7        (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
01:23:13.0561 7048        yukonw7 - ok
01:23:13.0575 7048        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:23:13.0825 7048        \Device\Harddisk0\DR0 - ok
01:23:14.0386 7048        MBR (0x1B8)    (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
01:23:14.0454 7048        \Device\Harddisk1\DR1 - ok
01:23:14.0456 7048        Boot (0x1200)  (8b5a34ebe9d99b0c4d314aef9413df4c) \Device\Harddisk0\DR0\Partition0
01:23:14.0457 7048        \Device\Harddisk0\DR0\Partition0 - ok
01:23:14.0463 7048        Boot (0x1200)  (b8cc99e2a928b98ad2ba0031f6ac398c) \Device\Harddisk0\DR0\Partition1
01:23:14.0464 7048        \Device\Harddisk0\DR0\Partition1 - ok
01:23:14.0472 7048        Boot (0x1200)  (afe4928df62ef707e48aeda5e3b390f2) \Device\Harddisk0\DR0\Partition2
01:23:14.0474 7048        \Device\Harddisk0\DR0\Partition2 - ok
01:23:14.0489 7048        Boot (0x1200)  (adce4d9f1b2212db9cac9c1a3c5c6309) \Device\Harddisk0\DR0\Partition3
01:23:14.0490 7048        \Device\Harddisk0\DR0\Partition3 - ok
01:23:14.0492 7048        Boot (0x1200)  (ab8649a553ec7da82db52ad79994770a) \Device\Harddisk1\DR1\Partition0
01:23:14.0493 7048        \Device\Harddisk1\DR1\Partition0 - ok
01:23:14.0494 7048        ============================================================
01:23:14.0494 7048        Scan finished
01:23:14.0494 7048        ============================================================
01:23:14.0500 2696        Detected object count: 2
01:23:14.0500 2696        Actual detected object count: 2
01:24:12.0431 2696        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:24:12.0431 2696        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:24:12.0433 2696        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
01:24:12.0433 2696        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:24:14.0572 0236        Deinitialize success

nach dem ich wieder zu hause war und den rechner angeschaltet habe wurde vom system aus ScanDisk ausgeführt.
-schwarzer Screen
-ScanDisk Fortschritt wurde angezeigt
-danach hat der Rechner ganz normal wieder hochgefahren

wo finde ich die Logs von diesem Scan?
Damit ich den posten kann falls er relevant ist.

t'john 24.07.2012 00:47
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.


Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Seraphim137 24.07.2012 11:43
so hier is es.


OTL Logfile:
Code:
OTL logfile created on: 24.07.2012 12:14:19 - Run 5
OTL by OldTimer - Version 3.2.54.1    Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,47% Memory free
8,00 Gb Paging File | 5,78 Gb Available in Paging File | 72,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 18,70 Gb Free Space | 19,17% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive E: | 1006,64 Gb Total Space | 941,92 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 191,33 Gb Free Space | 20,54% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- d:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 75 1C AA 2E 96 CA 01  [binary data]
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.31 00:47:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 20:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 20:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.09.22 17:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:35:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
 
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.19 10:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions
[2012.07.15 22:34:06 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2012.04.26 22:12:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.04.11 16:58:54 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\4f8550d2151bf@4f8550d2151c1.info
[2010.04.03 21:35:58 | 000,002,055 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\daemon-search.xml
[2012.07.22 23:25:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-1.xml
[2010.10.31 13:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-2.xml
[2010.12.11 21:33:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-3.xml
[2011.01.09 21:05:19 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-4.xml
[2011.03.05 18:26:32 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-5.xml
[2011.03.25 08:46:28 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-6.xml
[2011.04.16 11:50:18 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-7.xml
[2011.06.11 00:31:16 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-8.xml
[2011.06.24 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin.xml
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.24 00:56:08 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.19 05:58:00 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\mozilla firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010.09.25 11:51:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.06.06 07:05:45 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2011.04.16 12:07:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012.05.24 22:38:37 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI
[2012.07.18 16:35:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.10.11 20:48:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 20:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:48:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:48:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:48:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:48:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin:  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.01.31 01:33:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-18..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3969835353-475460927-3880056956-1000..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe ( )
O4 - HKU\S-1-5-21-3969835353-475460927-3880056956-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 23:14:28 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- E:\Eigene Dateien\Desktop\TDSSKiller.exe
[2012.07.19 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.19 22:03:24 | 002,322,184 | ---- | C] (ESET) -- E:\Eigene Dateien\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 10:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.07.19 10:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.19 10:41:10 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Anti-Malware
[2012.07.19 10:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.18 14:07:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\otl stand 1405
[2012.07.18 13:52:26 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Otl stand vor  1350
[2012.07.17 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 20:54:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 20:35:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.17 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.06 23:02:33 | 000,000,000 | ---D | C] -- C:\tmp
[2012.07.02 16:48:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Eigene G700-Profile
[2012.07.02 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logishrd
[2012.07.02 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.07.02 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012.07.02 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.07.02 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Logishrd
[2012.06.27 03:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.06.27 03:41:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.06.27 03:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2012.06.27 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.06.27 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ABBYY
[2012.06.27 00:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.06.27 00:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11
[2012.06.25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\COMODO
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 12:02:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.22 18:56:46 | 000,133,241 | ---- | M] () -- E:\Eigene Dateien\Desktop\TDSSKiller.2.7.46.0_20.07.2012_23.15.03_log-2.rar
[2012.07.22 18:43:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 18:43:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 18:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 18:38:13 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.21 01:24:07 | 000,129,946 | ---- | M] () -- E:\Eigene Dateien\Desktop\1234567.PNG
[2012.07.21 00:57:45 | 000,567,820 | ---- | M] () -- E:\Eigene Dateien\Desktop\12345.PNG
[2012.07.21 00:56:45 | 000,148,908 | ---- | M] () -- E:\Eigene Dateien\Desktop\1.PNG
[2012.07.21 00:55:47 | 000,455,273 | ---- | M] () -- E:\Eigene Dateien\Desktop\12.PNG
[2012.07.21 00:54:53 | 000,597,179 | ---- | M] () -- E:\Eigene Dateien\Desktop\123456.PNG
[2012.07.21 00:53:16 | 000,114,678 | ---- | M] () -- E:\Eigene Dateien\Desktop\1234.PNG
[2012.07.21 00:52:47 | 000,126,335 | ---- | M] () -- E:\Eigene Dateien\Desktop\123.PNG
[2012.07.20 15:11:48 | 001,808,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.20 15:11:48 | 000,765,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.20 15:11:48 | 000,721,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.20 15:11:48 | 000,174,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.20 15:11:48 | 000,147,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.20 09:31:35 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.07.19 22:03:26 | 002,322,184 | ---- | M] (ESET) -- E:\Eigene Dateien\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 10:41:26 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.18 16:49:11 | 000,624,883 | ---- | M] () -- E:\Eigene Dateien\Desktop\adwcleaner.exe
[2012.07.18 15:34:22 | 000,013,149 | ---- | M] () -- E:\Eigene Dateien\Desktop\hijackthis2
[2012.07.18 13:03:11 | 000,115,735 | ---- | M] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG
[2012.07.17 20:42:00 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:12:57 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- E:\Eigene Dateien\Desktop\TDSSKiller.exe
[2012.07.16 17:46:11 | 000,010,545 | ---- | M] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.12 07:27:14 | 004,991,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.05 14:07:13 | 000,522,059 | ---- | M] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:56 | 000,392,357 | ---- | M] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:57 | 000,033,242 | ---- | M] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:39 | 000,081,278 | ---- | M] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 19:29:54 | 000,002,727 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | M] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
 
========== Files Created - No Company Name ==========
 
[2012.07.22 18:57:05 | 000,133,241 | ---- | C] () -- E:\Eigene Dateien\Desktop\TDSSKiller.2.7.46.0_20.07.2012_23.15.03_log-2.rar
[2012.07.21 01:24:07 | 000,129,946 | ---- | C] () -- E:\Eigene Dateien\Desktop\1234567.PNG
[2012.07.21 00:57:45 | 000,567,820 | ---- | C] () -- E:\Eigene Dateien\Desktop\12345.PNG
[2012.07.21 00:56:45 | 000,148,908 | ---- | C] () -- E:\Eigene Dateien\Desktop\1.PNG
[2012.07.21 00:55:46 | 000,455,273 | ---- | C] () -- E:\Eigene Dateien\Desktop\12.PNG
[2012.07.21 00:54:53 | 000,597,179 | ---- | C] () -- E:\Eigene Dateien\Desktop\123456.PNG
[2012.07.21 00:53:16 | 000,114,678 | ---- | C] () -- E:\Eigene Dateien\Desktop\1234.PNG
[2012.07.21 00:52:47 | 000,126,335 | ---- | C] () -- E:\Eigene Dateien\Desktop\123.PNG
[2012.07.19 10:41:25 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.18 16:49:10 | 000,624,883 | ---- | C] () -- E:\Eigene Dateien\Desktop\adwcleaner.exe
[2012.07.18 15:34:22 | 000,013,149 | ---- | C] () -- E:\Eigene Dateien\Desktop\hijackthis2
[2012.07.18 13:03:11 | 000,115,735 | ---- | C] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG
[2012.07.17 20:42:00 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:12:56 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 17:46:10 | 000,010,545 | ---- | C] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.05 14:07:12 | 000,522,059 | ---- | C] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:55 | 000,392,357 | ---- | C] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:51 | 000,033,242 | ---- | C] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:34 | 000,081,278 | ---- | C] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.06.27 19:29:54 | 000,002,727 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | C] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
[2011.12.21 20:00:48 | 000,001,044 | ---- | C] () -- C:\Users\Andreas\SciTE.session
[2011.11.27 21:39:21 | 086,933,066 | ---- | C] () -- C:\Users\Andreas\stricheSymetrisch.xcf
[2011.11.20 17:04:58 | 049,994,484 | ---- | C] () -- C:\Users\Andreas\Kreis6Abstract.xcf
[2011.07.24 17:40:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\SuhfhvvMxq455337.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\ShvwxduvMxq455337.dat
[2011.03.28 15:52:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.06 15:22:46 | 000,001,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.02.05 02:41:03 | 000,000,132 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.31 21:51:25 | 000,000,062 | ---- | C] () -- C:\Windows\Contribute.INI
[2011.01.16 17:29:49 | 000,000,938 | ---- | C] () -- C:\Windows\page.ini
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.28 20:39:33 | 000,019,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\WebpageIcons.db
[2010.09.28 20:09:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.09.28 20:09:38 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.09.28 20:09:38 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.08.10 02:29:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.03.10 10:39:38 | 000,007,597 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.01.21 14:13:11 | 000,217,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon
[2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor
[2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games
[2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder
[2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation
[2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer
[2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro
[2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre
[2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design
[2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro
[2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON
[2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla
[2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn
[2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media
[2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder
[2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy
[2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball
[2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++
[2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu
[2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC
[2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder
[2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite
[2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player
[2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool
[2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd
[2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de
[2012.01.10 21:56:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon
[2011.02.06 15:37:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2011.10.07 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ahead
[2010.06.28 11:25:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer
[2010.01.16 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ATI
[2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor
[2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games
[2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder
[2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation
[2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer
[2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro
[2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre
[2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design
[2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro
[2010.05.25 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DivX
[2012.06.05 01:19:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVD Flick
[2012.06.20 06:54:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\dvdcss
[2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON
[2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla
[2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2010.01.15 23:41:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities
[2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn
[2010.01.22 03:52:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\InstallShield
[2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media
[2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2012.07.02 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logishrd
[2012.07.02 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logitech
[2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder
[2010.01.15 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia
[2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy
[2012.07.17 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs
[2012.06.22 02:46:17 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft
[2011.03.05 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft Corporation
[2010.01.16 00:08:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla
[2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball
[2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++
[2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu
[2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC
[2011.02.17 08:55:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RealWorld
[2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder
[2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.01.19 16:12:12 | 000,000,000 | RH-D | M] -- C:\Users\Andreas\AppData\Roaming\SecuROM
[2011.09.05 01:17:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype
[2011.07.26 16:40:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM
[2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite
[2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player
[2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool
[2012.07.11 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\vlc
[2011.02.28 03:54:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Winamp
[2010.01.16 07:06:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WinRAR
[2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd
[2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de
[2010.08.10 02:28:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.05.11 02:01:36 | 000,272,384 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2011.01.31 00:41:19 | 000,010,134 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2011.10.23 17:06:49 | 000,088,102 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{0507A8FD-AA20-7691-C2AA-CDE6B5182675}\ARPPRODUCTICON.exe
[2011.02.17 08:55:29 | 000,124,902 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe
[2011.02.17 08:55:29 | 000,009,062 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe
[2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe
[2011.02.17 08:55:29 | 000,124,902 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe
[2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe
[2011.02.17 08:55:29 | 000,011,310 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe
[2010.02.01 03:25:53 | 000,010,134 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.04.13 15:48:33 | 000,188,152 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\FlashGot.exe
[2010.11.09 05:12:22 | 000,266,552 | ---- | M] (ml) -- C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

t'john 25.07.2012 00:19
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-18..\Run: [Steam] "E:\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
 
:Files

C:\Windows\SysWow64\ff_vfw.dll

C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Seraphim137 25.07.2012 10:46
heute um 11:45 durchgefürht:

Code:

All processes killed
========== OTL ==========
No active process named Program Files was found!
Service vToolbarUpdater11.2.0 stopped successfully!
Service vToolbarUpdater11.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3969835353-475460927-3880056956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Steam not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS deleted successfully.
C:\Windows\SysWOW64\ff_vfw.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysWow64\ff_vfw.dll not found.
C:\Users\Andreas\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe moved successfully.
C:\Users\Andreas\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
E:\Eigene Dateien\Desktop\cmd.bat deleted successfully.
E:\Eigene Dateien\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andreas
->Temp folder emptied: 2670033 bytes
->Temporary Internet Files folder emptied: 2773777 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130014702 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4941 bytes
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10291478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66617 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 139,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andreas
->Flash cache emptied: 0 bytes
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 07252012_113941

Files\Folders moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
gibt es einen grund meinen Flashplayer zu löschen?

t'john 31.07.2012 16:13
Zitat:
gibt es einen grund meinen Flashplayer zu löschen?
Ja, kannst du neu installieren.

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

t'john 21.08.2012 03:39
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:49 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131