Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pc gesperrt.Zahle 100 Euro.Was nun? (https://www.trojaner-board.de/128658-pc-gesperrt-zahle-100-euro.html)

Jack9183 27.12.2012 15:17
Pc gesperrt.Zahle 100 Euro.Was nun?
 
Hallo zusammen,

erstmal möchte ich sagen das ich es klasse finde das es sowas gibt.
Also folgendes Problem.
Ich starte eben meinen PC und auf einmal ist dort ein Bild von irgendeinem Amt für Datensicherheit oder sowas wo steht das mein Rechner gesperrt wurde.
Direkt daneben rechts in der Ecke ein Feld wo ich per Paysafcard 100 Euro bezahlen soll damit mein Rechner wieder funktioniert.
Ich kam aus diesem Fenster nicht mehr raus und es ließ sich auch nicht weg klicken.
Also habe ich mich abgemeldet,den Abmeldeversuch abgebrochen und so konnte ich das Fenster und das abmelden umgehen.
Nun sitze ich hier lasse den Antivir laufen obwohl ich nicht glaube das er dieses Problem bereinigt.
Ich bin nicht sehr Erfahren was Pcs angeht deswegen hoffe ich hier auf Hilfe die ich auch verstehe.
Danke schon mal im Vorraus für alle eure Mühen.
lg
Jack

markusg 27.12.2012 16:24
Hi,
1. poste das avira log.
2.
Kommst du an einen PC mit Brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner Download - ISO Burner 2.5
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Jack9183 27.12.2012 21:59
erstmal vielen Dank für deine schnelle Antwort.Ich habe es schon anders hin bekommen aber vielen Dank für deine Hilfe.

der Trojaner wurde doch nicht gelöscht.Dann waren die 6 Stunden Arbeit gestern um sonst.Also werde ich heute deine Version ausprobieren Markus.

Hallo Markus,leider besteht der Fehler noch immer meine Variante hat also nicht funtkioniert also werde ich nun deine testen.Danke schon mal im Vorraus

Was sind Logs?Und was soll ich mit dem Text den du da gepostet hast?

markusg 28.12.2012 15:22
Steht ja eig da, du sollst den Inhalt der Codebox in die OTL Textbox kopieren, und die Berichte dann hier posten.

Jack9183 28.12.2012 16:01
OTL Logfile:
Code:
OTL logfile created on: 12/28/2012 1:53:59 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 570.34 Gb Free Space | 61.23% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 488.61 Gb Free Space | 66.37% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 354.92 Gb Free Space | 38.10% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.40 Gb Free Space | 99.29% Space Free | Partition Type: FAT32
Drive H: | 195.31 Gb Total Space | 195.22 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/26 11:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 11:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/06 19:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/17 17:07:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 04:49:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/19 11:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/06/25 19:06:27 | 000,076,888 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/23 05:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/17 10:52:04 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/14 07:18:20 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/29 11:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/07/28 12:05:34 | 000,472,664 | ---- | M] (PacketVideo) [Auto] -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2010/05/28 10:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 06:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/06 00:51:20 | 000,065,536 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/23 01:46:12 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008/04/23 01:46:08 | 002,015,232 | ---- | M] (FirebirdSQL Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006/12/19 03:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/30 06:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/05/11 00:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/03/20 13:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/15 04:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/29 08:36:24 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/24 05:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/11/20 06:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 06:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/07 02:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 02:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/16 01:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/29 09:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/03/18 09:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2012/09/10 10:34:11 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/07/28 04:05:56 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2004/12/31 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 59 24 09 F7 B4 CB 01  [binary data]
IE - HKU\Alex_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.96.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Alex\AppData\Roaming\ProtectDISC\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/17 17:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\ideskbrowser@haufe.de
[2011/11/12 15:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2zh6uscq.default\extensions
[2011/11/12 15:44:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2zh6uscq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/11 13:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hcr05ihw.default\extensions
[2012/09/27 03:39:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hcr05ihw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/17 17:07:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 04:56:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/04 22:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/04 22:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/04 22:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/10 12:49:34 | 000,000,828 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKU\Alex_ON_C..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Alex_ON_C..\Run: [Facebook Update] C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Alex_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Alex_ON_C..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\Alex_ON_C..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyManager.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig:64bit - StartUpReg: 8DDYX0ZBPZ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DW6 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EADM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: spdetector3 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\program files (x86)\steam\steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - 2
MsConfig:64bit - State: "services" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/27 10:41:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/09 09:51:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Alex\AppData\Roaming\pcouffin.sys
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/20 04:18:59 | 000,000,790 | ---- | M] () -- C:\Users\Alex\Desktop\CCleaner.lnk
[2012/12/11 04:58:32 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/10 05:16:54 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2012/06/25 19:06:25 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 17:16:12 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012/04/09 09:51:25 | 000,099,384 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\inst.exe
[2012/04/09 09:51:25 | 000,007,859 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.cat
[2012/04/09 09:51:25 | 000,001,167 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.inf
[2012/01/08 08:25:16 | 000,003,584 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 09:52:03 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/10/14 09:42:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MAS
[2011/10/14 09:42:27 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Licenses
[2011/10/14 09:42:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices
[2011/10/14 09:42:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Licenses
[2011/10/14 09:42:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\Legacy
[2011/09/23 19:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Logs
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Light Machine
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Libraries
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/09/23 07:06:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic
[2011/09/23 07:06:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Nature
[2011/09/11 05:45:09 | 000,001,982 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\logs.dat
[2011/08/25 15:46:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011/08/13 15:40:27 | 000,141,736 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/30 09:23:49 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/06/30 09:19:01 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/12 18:47:50 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/06 16:19:00 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2010/12/17 22:50:52 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2010/10/14 17:11:40 | 000,000,439 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\TheHunterSettings_live.bin
[2010/10/14 17:07:13 | 000,000,043 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\TheHunterSettings_live.cfg
[2010/10/04 14:11:38 | 000,000,082 | ---- | C] () -- C:\Users\Alex\AppData\Local\X-Plane Installer.prf
[2010/10/04 05:22:35 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/26 04:31:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/09 15:29:23 | 001,648,546 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/01 15:55:13 | 002,444,656 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/26 14:09:25 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2010/06/23 19:25:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/18 16:14:32 | 000,000,133 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\default.pls
[2010/06/08 11:31:45 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll
[2010/06/04 03:31:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/03 10:15:29 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/29 08:31:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/29 07:27:52 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 07:27:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 07:27:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 16:17:57 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/15 19:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006/04/21 03:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
 
========== LOP Check ==========
 
[2012/07/20 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.mono
[2012/06/18 02:50:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\1&1
[2011/10/14 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AKVIS
[2012/08/13 13:15:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AnvSoft
[2010/09/15 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ArmA II Launcher
[2010/06/30 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\astragon Software GmbH
[2012/05/24 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari
[2012/05/13 06:34:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity
[2011/11/07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BF3CC
[2012/08/10 08:27:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2010/10/04 15:44:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BlackBean
[2011/04/08 06:39:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bridge!
[2012/08/19 04:17:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Broad Intelligence
[2011/06/26 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BuddyW
[2010/11/12 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ChartViewer
[2010/05/29 08:45:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2011/07/11 09:48:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Day 1 Studios
[2012/09/21 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/10/18 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2012/09/29 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2012/08/19 04:25:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/20 03:33:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Freemium
[2011/10/13 01:42:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
[2011/06/19 10:46:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Gutscheinmieze
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Haufe Mediengruppe
[2010/07/24 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HU2011
[2012/05/27 19:32:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Kalypso Media
[2010/07/15 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Laix
[2010/11/18 17:37:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2012/03/16 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\lennox
[2012/08/24 06:55:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lexware
[2011/09/29 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LimeWire
[2012/06/07 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lockheed Martin
[2010/07/16 12:27:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Metaversum
[2012/08/13 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MOVAVI
[2012/06/23 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MyPhoneExplorer
[2010/07/28 02:34:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Need for Speed World
[2011/09/29 11:35:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nikon
[2011/05/29 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2012/08/10 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2010/12/07 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ProtectDISC
[2010/08/26 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Quest3D
[2010/12/12 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RapidCRC
[2010/05/29 09:21:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RigNRoll_ger
[2010/08/26 09:38:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Roaming
[2010/09/04 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-rsync
[2010/11/17 11:50:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-updater
[2010/09/04 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spirited Machine
[2011/01/23 18:33:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sytexis Software
[2012/03/11 07:51:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2011/01/25 16:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thunderbird
[2012/08/04 06:16:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2011/11/13 02:19:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ts3overlay
[2012/08/14 08:32:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tunngle
[2012/06/25 18:59:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ubisoft
[2012/07/12 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity
[2012/06/07 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\VAT-Spy
[2012/06/07 11:18:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virtuali
[2012/04/09 10:09:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vso
[2010/12/28 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\wargaming.net
[2012/04/28 06:17:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\YoudaGames
[2012/07/20 19:21:18 | 000,000,000 | ---D | M] -- C:\ProgramData\.mono
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/12/18 07:15:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ClubSanDisk
[2011/09/21 17:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2011/01/23 10:24:07 | 000,000,000 | ---D | M] -- C:\ProgramData\createpart
[2010/05/29 08:42:33 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/12/07 09:11:24 | 000,000,000 | ---D | M] -- C:\ProgramData\DATA BECKER Downloads
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/12 12:20:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2010/05/29 05:21:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/02/24 18:11:39 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011/09/29 21:26:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/09/23 07:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2012/09/07 05:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Esellerate
[2011/01/23 10:17:09 | 000,000,000 | ---D | M] -- C:\ProgramData\explauncher
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012/08/24 06:52:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Haufe
[2010/10/14 15:35:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Hunter
[2012/04/28 06:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2011/01/23 10:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\launcher
[2012/08/24 06:55:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2011/09/23 19:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2012/03/16 17:01:03 | 000,000,000 | ---D | M] -- C:\ProgramData\OMSI AM
[2012/09/22 17:01:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2011/10/21 20:22:32 | 000,000,000 | ---D | M] -- C:\ProgramData\RELOADED
[2011/12/03 18:33:56 | 000,000,000 | ---D | M] -- C:\ProgramData\ROCCAT
[2011/07/01 11:55:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2010/06/26 09:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SEGA Corporation
[2011/09/30 10:51:48 | 000,000,000 | ---D | M] -- C:\ProgramData\sgs
[2011/08/14 05:23:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/10/16 17:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2012/08/29 14:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2012/10/18 10:39:32 | 000,000,000 | ---D | M] -- C:\ProgramData\twonkymedia
[2010/05/29 07:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2011/09/23 07:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2012/01/08 08:24:08 | 000,000,000 | ---D | M] -- C:\ProgramData\VideoConverter
[2012/06/07 11:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Virtuali
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/09 10:03:14 | 000,000,000 | ---D | M] -- C:\ProgramData\vsosdk
[2010/06/21 13:53:15 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/10/17 16:40:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4073651736-2417090932-1084573536-1001Core.job
[2012/10/18 07:40:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4073651736-2417090932-1084573536-1001UA.job
[2012/10/18 10:39:05 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\fsiyim.job
[2012/09/19 10:42:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/11/15 10:09:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/09/04 16:42:31 | 000,000,000 | ---D | M] -- C:\.gem
[2011/10/15 11:53:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/12/23 18:06:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012/11/15 10:28:05 | 000,000,000 | ---D | M] -- C:\DOSBox-0.72
[2012/08/23 05:53:56 | 000,000,000 | ---D | M] -- C:\Games
[2010/05/21 07:56:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012/12/27 16:06:19 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2010/07/15 13:29:22 | 000,000,000 | ---D | M] -- C:\Lichterfelde
[2011/04/17 05:06:20 | 000,000,000 | ---D | M] -- C:\m-r-software
[2012/12/20 18:17:09 | 000,000,000 | -H-D | M] -- C:\msdownld.tmp
[2010/06/13 04:13:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/05/05 05:17:16 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/01 14:38:55 | 000,000,000 | ---D | M] -- C:\Planer2
[2012/09/07 07:34:40 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/11/22 07:55:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/10/09 05:02:16 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010/07/15 11:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData (x86)
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2010/10/02 04:33:17 | 000,000,000 | ---D | M] -- C:\Python26
[2010/05/28 16:17:57 | 000,000,000 | ---D | M] -- C:\RaidTool
[2010/05/28 16:17:29 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/09/06 15:49:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/10/05 02:50:07 | 000,000,000 | ---D | M] -- C:\temp
[2010/06/03 10:29:45 | 000,000,000 | ---D | M] -- C:\TempDump
[2011/09/11 05:45:09 | 000,000,000 | ---D | M] -- C:\timer2tray
[2010/11/20 18:15:10 | 000,000,000 | ---D | M] -- C:\tmp
[2012/08/04 20:21:49 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2012/02/24 06:47:30 | 000,000,000 | R--D | M] -- C:\Users
[2012/10/16 21:01:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/02/18 03:03:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/26 01:46:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/02/18 03:03:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/10/26 01:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/02/18 03:03:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/10/26 01:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/02/18 03:03:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/10/26 01:46:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\OemDrv\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_093f326ff5f9285e\iaStor.sys
[2009/10/02 06:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\Drivers\iastor\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/02/18 03:03:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/02/18 03:03:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:0BB9B46A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:054B9966
< End of report >
--- --- ---


Das ist die Log Datei.Aber das Problem scheint noch zu bestehen ich kann den Task Manager immer noch nicht aufrufen!

markusg 28.12.2012 18:54
hast du jetzt schon selbst was am pc gemurkst? da dort rescue disk etc drauf ist und ich keinen aktieven Starteintrag für ransomware sehe.
kannst du in den normalen Modus?
hast du noch mit nem anderen Programm gelöscht? dann poste die Berichte, und fummel nicht mehr selbst am PC rumm.

Jack9183 28.12.2012 18:58
Ja hatte ich ja auch oben geschrieben.Hatte es mit einer Rescue CD von Kasperky probiert aber das hat ja nicht geklappt.Direkt danach habe ich deine Variante ausprobiert.
Allerdings kam diese Sache"Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes." bei mir nicht vor.Danach das alles schon.Bisher scheint auch alles zu gehen.Den Taskmanager bekomme ich auch auf.!Sonst habe ich nix verändert

markusg 28.12.2012 19:05
du hast gesagt, du hast mit Avira geprüft, wo ist der Bericht bzw die fundmeldungen?
hast du nun Zugriff aufs system, wenn du normal startest? wenn ja:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten


ps avira Funde finden:
http://www.trojaner-board.de/125889-...en-posten.html

Jack9183 28.12.2012 19:12
Nein schau mal ich habe das hier geschrieben "erstmal vielen Dank für deine schnelle Antwort.Ich habe es schon anders hin bekommen aber vielen Dank für deine Hilfe.

der Trojaner wurde doch nicht gelöscht.Dann waren die 6 Stunden Arbeit gestern um sonst.Also werde ich heute deine Version ausprobieren Markus.
"

Danach hatte ich deine Version ausprobiert.Ja ich bin ganz normal im System drin.Das ging alles auch von meinem Rechner und zwar so.Während der PC bzw.der Bildschirm gesperrt war habe ich STRG+ALT+ENTF geklickt und auf Abmelden geklickt.IN dem MOment wo er sich abmelden will habe ich abbrechen geklickt und dann war die Seite weg und ich konnte normal im Windows weiter machen.
Okay dann mache ich jetzt die restlichen Schritte die du mir hier geschrieben hast.Vielen Dank schon mal für deine Hilfe.

also es wurden nun 4 Dinge gefunden aber sag mal wie kann ich davon denn die Log posten?

01:00:03.0258 9752 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:00:03.0379 9752 ============================================================
01:00:03.0379 9752 Current date / time: 2012/12/29 01:00:03.0379
01:00:03.0380 9752 SystemInfo:
01:00:03.0380 9752
01:00:03.0380 9752 OS Version: 6.1.7601 ServicePack: 1.0
01:00:03.0380 9752 Product type: Workstation
01:00:03.0380 9752 ComputerName: ALEX-PC
01:00:03.0380 9752 UserName: Alex
01:00:03.0380 9752 Windows directory: C:\Windows
01:00:03.0380 9752 System windows directory: C:\Windows
01:00:03.0380 9752 Running under WOW64
01:00:03.0380 9752 Processor architecture: Intel x64
01:00:03.0380 9752 Number of processors: 8
01:00:03.0380 9752 Page size: 0x1000
01:00:03.0380 9752 Boot type: Normal boot
01:00:03.0380 9752 ============================================================
01:00:14.0047 9752 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:00:14.0057 9752 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:00:14.0060 9752 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:00:21.0020 9752 Drive \Device\Harddisk3\DR3 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:00:21.0137 9752 ============================================================
01:00:21.0137 9752 \Device\Harddisk0\DR0:
01:00:21.0137 9752 MBR partitions:
01:00:21.0137 9752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
01:00:21.0137 9752 \Device\Harddisk1\DR1:
01:00:21.0139 9752 MBR partitions:
01:00:21.0139 9752 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5C065982
01:00:21.0139 9752 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5C066000, BlocksNum 0x186A0000
01:00:21.0139 9752 \Device\Harddisk2\DR2:
01:00:21.0139 9752 MBR partitions:
01:00:21.0140 9752 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:00:21.0140 9752 \Device\Harddisk3\DR3:
01:00:21.0140 9752 MBR partitions:
01:00:21.0140 9752 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
01:00:21.0140 9752 ============================================================
01:00:21.0157 9752 C: <-> \Device\Harddisk1\DR1\Partition1
01:00:21.0182 9752 F: <-> \Device\Harddisk0\DR0\Partition1
01:00:21.0203 9752 G: <-> \Device\Harddisk2\DR2\Partition1
01:00:21.0237 9752 E: <-> \Device\Harddisk1\DR1\Partition2
01:00:21.0238 9752 ============================================================
01:00:21.0238 9752 Initialize success
01:00:21.0238 9752 ============================================================
01:00:39.0233 10216 ============================================================
01:00:39.0233 10216 Scan started
01:00:39.0233 10216 Mode: Manual; SigCheck; TDLFS;
01:00:39.0233 10216 ============================================================
01:00:40.0936 10216 ================ Scan system memory ========================
01:00:40.0936 10216 System memory - ok
01:00:40.0937 10216 ================ Scan services =============================
01:00:41.0049 10216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:00:41.0115 10216 1394ohci - ok
01:00:41.0173 10216 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
01:00:41.0222 10216 acedrv11 - ok
01:00:41.0262 10216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:00:41.0274 10216 ACPI - ok
01:00:41.0299 10216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:00:41.0341 10216 AcpiPmi - ok
01:00:41.0400 10216 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:00:41.0408 10216 AdobeARMservice - ok
01:00:41.0460 10216 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:00:41.0468 10216 AdobeFlashPlayerUpdateSvc - ok
01:00:41.0505 10216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:00:41.0524 10216 adp94xx - ok
01:00:41.0550 10216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:00:41.0566 10216 adpahci - ok
01:00:41.0575 10216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:00:41.0588 10216 adpu320 - ok
01:00:41.0613 10216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:00:41.0702 10216 AeLookupSvc - ok
01:00:41.0744 10216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:00:41.0799 10216 AFD - ok
01:00:41.0836 10216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:00:41.0847 10216 agp440 - ok
01:00:41.0867 10216 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:00:41.0896 10216 ALG - ok
01:00:41.0914 10216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:00:41.0924 10216 aliide - ok
01:00:41.0926 10216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:00:41.0937 10216 amdide - ok
01:00:41.0960 10216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:00:42.0013 10216 AmdK8 - ok
01:00:42.0025 10216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:00:42.0053 10216 AmdPPM - ok
01:00:42.0076 10216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:00:42.0088 10216 amdsata - ok
01:00:42.0104 10216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:00:42.0117 10216 amdsbs - ok
01:00:42.0130 10216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:00:42.0138 10216 amdxata - ok
01:00:42.0180 10216 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:00:42.0187 10216 AntiVirSchedulerService - ok
01:00:42.0195 10216 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:00:42.0202 10216 AntiVirService - ok
01:00:42.0239 10216 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:00:42.0323 10216 AppID - ok
01:00:42.0357 10216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:00:42.0394 10216 AppIDSvc - ok
01:00:42.0407 10216 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:00:42.0448 10216 Appinfo - ok
01:00:42.0473 10216 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:00:42.0485 10216 arc - ok
01:00:42.0498 10216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:00:42.0510 10216 arcsas - ok
01:00:42.0585 10216 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:00:42.0630 10216 aspnet_state - ok
01:00:42.0647 10216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:42.0683 10216 AsyncMac - ok
01:00:42.0705 10216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:00:42.0713 10216 atapi - ok
01:00:42.0747 10216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:00:42.0792 10216 AudioEndpointBuilder - ok
01:00:42.0799 10216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:00:42.0825 10216 AudioSrv - ok
01:00:42.0836 10216 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:00:42.0844 10216 avgntflt - ok
01:00:42.0858 10216 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:00:42.0871 10216 avipbb - ok
01:00:42.0877 10216 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:00:42.0886 10216 avkmgr - ok
01:00:42.0923 10216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:00:42.0954 10216 AxInstSV - ok
01:00:42.0983 10216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:00:43.0018 10216 b06bdrv - ok
01:00:43.0041 10216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:00:43.0082 10216 b57nd60a - ok
01:00:43.0111 10216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:00:43.0151 10216 BDESVC - ok
01:00:43.0176 10216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:00:43.0238 10216 Beep - ok
01:00:43.0288 10216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:00:43.0323 10216 BFE - ok
01:00:43.0358 10216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:00:43.0420 10216 BITS - ok
01:00:43.0442 10216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:00:43.0459 10216 blbdrive - ok
01:00:43.0488 10216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:00:43.0511 10216 bowser - ok
01:00:43.0529 10216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:00:43.0577 10216 BrFiltLo - ok
01:00:43.0579 10216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:00:43.0590 10216 BrFiltUp - ok
01:00:43.0622 10216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:00:43.0643 10216 Browser - ok
01:00:43.0652 10216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:00:43.0680 10216 Brserid - ok
01:00:43.0692 10216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:00:43.0715 10216 BrSerWdm - ok
01:00:43.0721 10216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:00:43.0732 10216 BrUsbMdm - ok
01:00:43.0735 10216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:00:43.0755 10216 BrUsbSer - ok
01:00:43.0761 10216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:00:43.0775 10216 BTHMODEM - ok
01:00:43.0798 10216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:00:43.0836 10216 bthserv - ok
01:00:43.0853 10216 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:00:43.0884 10216 cdfs - ok
01:00:43.0918 10216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:00:43.0947 10216 cdrom - ok
01:00:43.0984 10216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:00:44.0011 10216 CertPropSvc - ok
01:00:44.0028 10216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:00:44.0053 10216 circlass - ok
01:00:44.0078 10216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:00:44.0090 10216 CLFS - ok
01:00:44.0126 10216 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:00:44.0139 10216 clr_optimization_v2.0.50727_32 - ok
01:00:44.0164 10216 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:00:44.0176 10216 clr_optimization_v2.0.50727_64 - ok
01:00:44.0232 10216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:00:44.0308 10216 clr_optimization_v4.0.30319_32 - ok
01:00:44.0321 10216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:00:44.0329 10216 clr_optimization_v4.0.30319_64 - ok
01:00:44.0352 10216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:00:44.0379 10216 CmBatt - ok
01:00:44.0407 10216 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:00:44.0417 10216 cmdide - ok
01:00:44.0446 10216 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:00:44.0464 10216 CNG - ok
01:00:44.0477 10216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:00:44.0488 10216 Compbatt - ok
01:00:44.0522 10216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:00:44.0546 10216 CompositeBus - ok
01:00:44.0556 10216 COMSysApp - ok
01:00:44.0570 10216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:00:44.0580 10216 crcdisk - ok
01:00:44.0611 10216 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:00:44.0644 10216 CryptSvc - ok
01:00:44.0677 10216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:00:44.0711 10216 DcomLaunch - ok
01:00:44.0738 10216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:00:44.0798 10216 defragsvc - ok
01:00:44.0826 10216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:00:44.0855 10216 DfsC - ok
01:00:44.0875 10216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:00:44.0916 10216 Dhcp - ok
01:00:44.0938 10216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:00:44.0971 10216 discache - ok
01:00:44.0994 10216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:00:45.0002 10216 Disk - ok
01:00:45.0030 10216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:00:45.0075 10216 Dnscache - ok
01:00:45.0103 10216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:00:45.0143 10216 dot3svc - ok
01:00:45.0169 10216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:00:45.0201 10216 DPS - ok
01:00:45.0222 10216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:00:45.0233 10216 drmkaud - ok
01:00:45.0268 10216 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:00:45.0293 10216 DXGKrnl - ok
01:00:45.0310 10216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:00:45.0345 10216 EapHost - ok
01:00:45.0403 10216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:00:45.0461 10216 ebdrv - ok
01:00:45.0487 10216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:00:45.0511 10216 EFS - ok
01:00:45.0570 10216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:00:45.0608 10216 ehRecvr - ok
01:00:45.0622 10216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:00:45.0645 10216 ehSched - ok
01:00:45.0689 10216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:00:45.0708 10216 elxstor - ok
01:00:45.0729 10216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:00:45.0748 10216 ErrDev - ok
01:00:45.0778 10216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:00:45.0813 10216 EventSystem - ok
01:00:45.0820 10216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:00:45.0859 10216 exfat - ok
01:00:45.0868 10216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:00:45.0907 10216 fastfat - ok
01:00:45.0952 10216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:00:45.0978 10216 Fax - ok
01:00:45.0988 10216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:00:45.0999 10216 fdc - ok
01:00:46.0017 10216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:00:46.0048 10216 fdPHost - ok
01:00:46.0056 10216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:00:46.0093 10216 FDResPub - ok
01:00:46.0101 10216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:00:46.0109 10216 FileInfo - ok
01:00:46.0123 10216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:00:46.0165 10216 Filetrace - ok
01:00:46.0222 10216 FirebirdGuardianDefaultInstance - ok
01:00:46.0223 10216 FirebirdServerDefaultInstance - ok
01:00:46.0277 10216 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:00:46.0305 10216 FLEXnet Licensing Service - ok
01:00:46.0319 10216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:00:46.0330 10216 flpydisk - ok
01:00:46.0365 10216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:00:46.0376 10216 FltMgr - ok
01:00:46.0413 10216 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
01:00:46.0457 10216 FontCache - ok
01:00:46.0513 10216 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:00:46.0529 10216 FontCache3.0.0.0 - ok
01:00:46.0550 10216 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:00:46.0562 10216 FsDepends - ok
01:00:46.0581 10216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:00:46.0592 10216 Fs_Rec - ok
01:00:46.0626 10216 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:00:46.0639 10216 fvevol - ok
01:00:46.0659 10216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:00:46.0671 10216 gagp30kx - ok
01:00:46.0705 10216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:00:46.0740 10216 gpsvc - ok
01:00:46.0780 10216 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:00:46.0786 10216 gupdate - ok
01:00:46.0804 10216 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:00:46.0810 10216 gupdatem - ok
01:00:46.0819 10216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:00:46.0844 10216 hcw85cir - ok
01:00:46.0892 10216 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:00:46.0910 10216 HdAudAddService - ok
01:00:46.0947 10216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:00:46.0966 10216 HDAudBus - ok
01:00:46.0976 10216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:00:47.0008 10216 HidBatt - ok
01:00:47.0024 10216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:00:47.0045 10216 HidBth - ok
01:00:47.0047 10216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:00:47.0075 10216 HidIr - ok
01:00:47.0105 10216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:00:47.0131 10216 hidserv - ok
01:00:47.0178 10216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:00:47.0188 10216 HidUsb - ok
01:00:47.0210 10216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:00:47.0250 10216 hkmsvc - ok
01:00:47.0284 10216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:00:47.0315 10216 HomeGroupListener - ok
01:00:47.0336 10216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:00:47.0354 10216 HomeGroupProvider - ok
01:00:47.0390 10216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:00:47.0402 10216 HpSAMD - ok
01:00:47.0439 10216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:00:47.0474 10216 HTTP - ok
01:00:47.0496 10216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:00:47.0504 10216 hwpolicy - ok
01:00:47.0537 10216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:00:47.0550 10216 i8042prt - ok
01:00:47.0592 10216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:00:47.0609 10216 iaStorV - ok
01:00:47.0660 10216 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:00:47.0683 10216 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:00:47.0683 10216 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:00:47.0732 10216 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:00:47.0760 10216 idsvc - ok
01:00:47.0792 10216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:00:47.0803 10216 iirsp - ok
01:00:47.0841 10216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:00:47.0888 10216 IKEEXT - ok
01:00:47.0903 10216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:00:47.0913 10216 intelide - ok
01:00:47.0928 10216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:00:47.0945 10216 intelppm - ok
01:00:47.0966 10216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:00:48.0000 10216 IPBusEnum - ok
01:00:48.0027 10216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:00:48.0053 10216 IpFilterDriver - ok
01:00:48.0076 10216 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:00:48.0109 10216 iphlpsvc - ok
01:00:48.0131 10216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:00:48.0154 10216 IPMIDRV - ok
01:00:48.0175 10216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:00:48.0208 10216 IPNAT - ok
01:00:48.0230 10216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:00:48.0247 10216 IRENUM - ok
01:00:48.0273 10216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:00:48.0284 10216 isapnp - ok
01:00:48.0308 10216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:00:48.0324 10216 iScsiPrt - ok
01:00:48.0348 10216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:00:48.0359 10216 kbdclass - ok
01:00:48.0378 10216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:00:48.0400 10216 kbdhid - ok
01:00:48.0412 10216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:00:48.0420 10216 KeyIso - ok
01:00:48.0441 10216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:00:48.0450 10216 KSecDD - ok
01:00:48.0458 10216 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:00:48.0468 10216 KSecPkg - ok
01:00:48.0482 10216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:00:48.0517 10216 ksthunk - ok
01:00:48.0538 10216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:00:48.0584 10216 KtmRm - ok
01:00:48.0613 10216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:00:48.0647 10216 LanmanServer - ok
01:00:48.0667 10216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:00:48.0701 10216 LanmanWorkstation - ok
01:00:48.0729 10216 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:00:48.0763 10216 lltdio - ok
01:00:48.0789 10216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:00:48.0831 10216 lltdsvc - ok
01:00:48.0846 10216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:00:48.0871 10216 lmhosts - ok
01:00:48.0888 10216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:00:48.0901 10216 LSI_FC - ok
01:00:48.0907 10216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:00:48.0919 10216 LSI_SAS - ok
01:00:48.0927 10216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:00:48.0938 10216 LSI_SAS2 - ok
01:00:48.0949 10216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:00:48.0968 10216 LSI_SCSI - ok
01:00:48.0997 10216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:00:49.0020 10216 luafv - ok
01:00:49.0060 10216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:00:49.0102 10216 Mcx2Svc - ok
01:00:49.0116 10216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:00:49.0126 10216 megasas - ok
01:00:49.0141 10216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:00:49.0156 10216 MegaSR - ok
01:00:49.0196 10216 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:00:49.0208 10216 Microsoft Office Groove Audit Service - ok
01:00:49.0233 10216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:00:49.0269 10216 MMCSS - ok
01:00:49.0291 10216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:00:49.0319 10216 Modem - ok
01:00:49.0331 10216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:00:49.0347 10216 monitor - ok
01:00:49.0367 10216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:00:49.0378 10216 mouclass - ok
01:00:49.0396 10216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:00:49.0407 10216 mouhid - ok
01:00:49.0432 10216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:00:49.0441 10216 mountmgr - ok
01:00:49.0479 10216 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:00:49.0493 10216 MozillaMaintenance - ok
01:00:49.0521 10216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:00:49.0535 10216 mpio - ok
01:00:49.0560 10216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:00:49.0596 10216 mpsdrv - ok
01:00:49.0635 10216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:00:49.0676 10216 MpsSvc - ok
01:00:49.0687 10216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:00:49.0724 10216 MRxDAV - ok
01:00:49.0754 10216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:00:49.0790 10216 mrxsmb - ok
01:00:49.0821 10216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:00:49.0850 10216 mrxsmb10 - ok
01:00:49.0869 10216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:00:49.0878 10216 mrxsmb20 - ok
01:00:49.0905 10216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:00:49.0916 10216 msahci - ok
01:00:49.0936 10216 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:00:49.0950 10216 msdsm - ok
01:00:49.0972 10216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:00:49.0997 10216 MSDTC - ok
01:00:50.0014 10216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:00:50.0037 10216 Msfs - ok
01:00:50.0050 10216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:00:50.0080 10216 mshidkmdf - ok
01:00:50.0107 10216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:00:50.0115 10216 msisadrv - ok
01:00:50.0132 10216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:00:50.0168 10216 MSiSCSI - ok
01:00:50.0170 10216 msiserver - ok
01:00:50.0193 10216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:00:50.0225 10216 MSKSSRV - ok
01:00:50.0234 10216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:00:50.0269 10216 MSPCLOCK - ok
01:00:50.0285 10216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:00:50.0315 10216 MSPQM - ok
01:00:50.0343 10216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:00:50.0355 10216 MsRPC - ok
01:00:50.0382 10216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:00:50.0390 10216 mssmbios - ok
01:00:50.0406 10216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:00:50.0438 10216 MSTEE - ok
01:00:50.0450 10216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:00:50.0469 10216 MTConfig - ok
01:00:50.0483 10216 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:00:50.0491 10216 Mup - ok
01:00:50.0522 10216 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:00:50.0556 10216 napagent - ok
01:00:50.0575 10216 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:00:50.0601 10216 NativeWifiP - ok
01:00:50.0643 10216 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:00:50.0663 10216 NDIS - ok
01:00:50.0690 10216 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:00:50.0715 10216 NdisCap - ok
01:00:50.0729 10216 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:00:50.0766 10216 NdisTapi - ok
01:00:50.0791 10216 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:00:50.0822 10216 Ndisuio - ok
01:00:50.0834 10216 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:00:50.0871 10216 NdisWan - ok
01:00:50.0909 10216 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:00:50.0946 10216 NDProxy - ok
01:00:51.0047 10216 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
01:00:51.0064 10216 Nero BackItUp Scheduler 3 - ok
01:00:51.0080 10216 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:00:51.0110 10216 NetBIOS - ok
01:00:51.0131 10216 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:00:51.0170 10216 NetBT - ok
01:00:51.0178 10216 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:00:51.0186 10216 Netlogon - ok
01:00:51.0213 10216 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:00:51.0245 10216 Netman - ok
01:00:51.0275 10216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:00:51.0299 10216 NetMsmqActivator - ok
01:00:51.0301 10216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:00:51.0308 10216 NetPipeActivator - ok
01:00:51.0314 10216 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:00:51.0359 10216 netprofm - ok
01:00:51.0361 10216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:00:51.0368 10216 NetTcpActivator - ok
01:00:51.0371 10216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:00:51.0378 10216 NetTcpPortSharing - ok
01:00:51.0403 10216 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:00:51.0415 10216 nfrd960 - ok
01:00:51.0440 10216 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:00:51.0457 10216 NlaSvc - ok
01:00:51.0528 10216 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
01:00:51.0540 10216 NMIndexingService - ok
01:00:51.0545 10216 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:00:51.0568 10216 Npfs - ok
01:00:51.0585 10216 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:00:51.0625 10216 nsi - ok
01:00:51.0643 10216 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:00:51.0673 10216 nsiproxy - ok
01:00:51.0721 10216 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:00:51.0750 10216 Ntfs - ok
01:00:51.0756 10216 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:00:51.0781 10216 Null - ok
01:00:51.0810 10216 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:00:51.0823 10216 NVHDA - ok
01:00:52.0000 10216 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:00:52.0292 10216 nvlddmkm - ok
01:00:52.0315 10216 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:00:52.0327 10216 nvraid - ok
01:00:52.0353 10216 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:00:52.0366 10216 nvstor - ok
01:00:52.0415 10216 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
01:00:52.0433 10216 nvsvc - ok
01:00:52.0481 10216 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:00:52.0503 10216 nvUpdatusService - ok
01:00:52.0525 10216 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:00:52.0538 10216 nv_agp - ok
01:00:52.0584 10216 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:00:52.0603 10216 odserv - ok
01:00:52.0621 10216 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:00:52.0640 10216 ohci1394 - ok
01:00:52.0672 10216 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:00:52.0684 10216 ose - ok
01:00:52.0712 10216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:00:52.0731 10216 p2pimsvc - ok
01:00:52.0748 10216 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:00:52.0765 10216 p2psvc - ok
01:00:52.0788 10216 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:00:52.0800 10216 Parport - ok
01:00:52.0820 10216 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:00:52.0829 10216 partmgr - ok
01:00:52.0840 10216 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:00:52.0866 10216 PcaSvc - ok
01:00:52.0888 10216 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:00:52.0898 10216 pci - ok
01:00:52.0915 10216 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:00:52.0923 10216 pciide - ok
01:00:52.0927 10216 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:00:52.0942 10216 pcmcia - ok
01:00:52.0947 10216 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:00:52.0964 10216 pcw - ok
01:00:52.0983 10216 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:00:53.0030 10216 PEAUTH - ok
01:00:53.0076 10216 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:00:53.0091 10216 PerfHost - ok
01:00:53.0135 10216 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:00:53.0189 10216 pla - ok
01:00:53.0228 10216 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
01:00:53.0239 10216 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
01:00:53.0239 10216 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
01:00:53.0304 10216 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:00:53.0323 10216 PlugPlay - ok
01:00:53.0331 10216 PnkBstrA - ok
01:00:53.0367 10216 PnkBstrB - ok
01:00:53.0383 10216 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:00:53.0406 10216 PNRPAutoReg - ok
01:00:53.0420 10216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:00:53.0430 10216 PNRPsvc - ok
01:00:53.0465 10216 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:00:53.0506 10216 PolicyAgent - ok
01:00:53.0527 10216 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:00:53.0557 10216 Power - ok
01:00:53.0584 10216 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:00:53.0622 10216 PptpMiniport - ok
01:00:53.0641 10216 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:00:53.0662 10216 Processor - ok
01:00:53.0698 10216 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:00:53.0722 10216 ProfSvc - ok
01:00:53.0736 10216 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:00:53.0744 10216 ProtectedStorage - ok
01:00:53.0776 10216 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:00:53.0810 10216 Psched - ok
01:00:53.0839 10216 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:00:53.0871 10216 ql2300 - ok
01:00:53.0886 10216 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:00:53.0900 10216 ql40xx - ok
01:00:53.0925 10216 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:00:53.0953 10216 QWAVE - ok
01:00:53.0965 10216 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:00:53.0991 10216 QWAVEdrv - ok
01:00:54.0006 10216 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:00:54.0038 10216 RasAcd - ok
01:00:54.0075 10216 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:00:54.0100 10216 RasAgileVpn - ok
01:00:54.0124 10216 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:00:54.0151 10216 RasAuto - ok
01:00:54.0178 10216 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:00:54.0214 10216 Rasl2tp - ok
01:00:54.0226 10216 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:00:54.0258 10216 RasMan - ok
01:00:54.0268 10216 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:00:54.0304 10216 RasPppoe - ok
01:00:54.0337 10216 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:00:54.0370 10216 RasSstp - ok
01:00:54.0386 10216 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:00:54.0421 10216 rdbss - ok
01:00:54.0431 10216 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:00:54.0452 10216 rdpbus - ok
01:00:54.0462 10216 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:00:54.0485 10216 RDPCDD - ok
01:00:54.0491 10216 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:00:54.0522 10216 RDPENCDD - ok
01:00:54.0526 10216 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:00:54.0548 10216 RDPREFMP - ok
01:00:54.0574 10216 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:00:54.0597 10216 RDPWD - ok
01:00:54.0638 10216 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:00:54.0649 10216 rdyboost - ok
01:00:54.0671 10216 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:00:54.0708 10216 RemoteAccess - ok
01:00:54.0716 10216 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:00:54.0750 10216 RemoteRegistry - ok
01:00:54.0769 10216 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:00:54.0796 10216 RpcEptMapper - ok
01:00:54.0802 10216 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:00:54.0821 10216 RpcLocator - ok
01:00:54.0850 10216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:00:54.0876 10216 RpcSs - ok
01:00:54.0902 10216 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:00:54.0928 10216 rspndr - ok
01:00:54.0950 10216 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:00:54.0962 10216 RTL8167 - ok
01:00:54.0977 10216 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:00:54.0985 10216 SamSs - ok
01:00:55.0046 10216 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys
01:00:55.0055 10216 SANDRA - ok
01:00:55.0082 10216 [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
01:00:55.0106 10216 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
01:00:55.0106 10216 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
01:00:55.0140 10216 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:00:55.0152 10216 sbp2port - ok
01:00:55.0170 10216 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:00:55.0215 10216 SCardSvr - ok
01:00:55.0234 10216 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:00:55.0267 10216 scfilter - ok
01:00:55.0300 10216 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:00:55.0342 10216 Schedule - ok
01:00:55.0373 10216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:00:55.0396 10216 SCPolicySvc - ok
01:00:55.0421 10216 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:00:55.0436 10216 SDRSVC - ok
01:00:55.0457 10216 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:00:55.0501 10216 secdrv - ok
01:00:55.0521 10216 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:00:55.0560 10216 seclogon - ok
01:00:55.0584 10216 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:00:55.0614 10216 SENS - ok
01:00:55.0626 10216 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:00:55.0648 10216 SensrSvc - ok
01:00:55.0656 10216 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:00:55.0672 10216 Serenum - ok
01:00:55.0688 10216 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:00:55.0700 10216 Serial - ok
01:00:55.0724 10216 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:00:55.0734 10216 sermouse - ok
01:00:55.0762 10216 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:00:55.0790 10216 SessionEnv - ok
01:00:55.0814 10216 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:00:55.0832 10216 sffdisk - ok
01:00:55.0854 10216 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:00:55.0874 10216 sffp_mmc - ok
01:00:55.0885 10216 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:00:55.0904 10216 sffp_sd - ok
01:00:55.0925 10216 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:00:55.0935 10216 sfloppy - ok
01:00:55.0959 10216 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:00:55.0997 10216 SharedAccess - ok
01:00:56.0024 10216 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:00:56.0061 10216 ShellHWDetection - ok
01:00:56.0078 10216 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:00:56.0090 10216 SiSRaid2 - ok
01:00:56.0102 10216 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:00:56.0114 10216 SiSRaid4 - ok
01:00:56.0155 10216 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:00:56.0163 10216 SkypeUpdate - ok
01:00:56.0184 10216 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:00:56.0219 10216 Smb - ok
01:00:56.0239 10216 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:00:56.0255 10216 SNMPTRAP - ok
01:00:56.0270 10216 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:00:56.0278 10216 spldr - ok
01:00:56.0316 10216 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:00:56.0345 10216 Spooler - ok
01:00:56.0407 10216 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:00:56.0485 10216 sppsvc - ok
01:00:56.0504 10216 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:00:56.0540 10216 sppuinotify - ok
01:00:56.0594 10216 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
01:00:56.0594 10216 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
01:00:56.0595 10216 sptd ( LockedFile.Multi.Generic ) - warning
01:00:56.0595 10216 sptd - detected LockedFile.Multi.Generic (1)
01:00:56.0621 10216 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:00:56.0654 10216 srv - ok
01:00:56.0682 10216 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:00:56.0698 10216 srv2 - ok
01:00:56.0726 10216 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:00:56.0744 10216 srvnet - ok
01:00:56.0764 10216 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:00:56.0802 10216 SSDPSRV - ok
01:00:56.0810 10216 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:00:56.0837 10216 SstpSvc - ok
01:00:56.0859 10216 Steam Client Service - ok
01:00:56.0902 10216 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:00:56.0913 10216 Stereo Service - ok
01:00:56.0926 10216 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:00:56.0937 10216 stexstor - ok
01:00:56.0975 10216 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:00:56.0998 10216 stisvc - ok
01:00:57.0025 10216 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:00:57.0036 10216 swenum - ok
01:00:57.0060 10216 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:00:57.0112 10216 swprv - ok
01:00:57.0158 10216 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:00:57.0193 10216 SysMain - ok
01:00:57.0224 10216 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:00:57.0240 10216 TabletInputService - ok
01:00:57.0265 10216 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:00:57.0303 10216 TapiSrv - ok
01:00:57.0317 10216 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:00:57.0340 10216 TBS - ok
01:00:57.0402 10216 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:00:57.0442 10216 Tcpip - ok
01:00:57.0464 10216 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:00:57.0489 10216 TCPIP6 - ok
01:00:57.0500 10216 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:00:57.0510 10216 tcpipreg - ok
01:00:57.0531 10216 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:00:57.0551 10216 TDPIPE - ok
01:00:57.0569 10216 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:00:57.0585 10216 TDTCP - ok
01:00:57.0616 10216 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:00:57.0641 10216 tdx - ok
01:00:57.0727 10216 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:00:57.0770 10216 TeamViewer7 - ok
01:00:57.0791 10216 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:00:57.0802 10216 TermDD - ok
01:00:57.0835 10216 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:00:57.0871 10216 TermService - ok
01:00:57.0913 10216 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
01:00:57.0922 10216 TFsExDisk - ok
01:00:57.0949 10216 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:00:57.0972 10216 Themes - ok
01:00:57.0990 10216 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:00:58.0013 10216 THREADORDER - ok
01:00:58.0020 10216 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:00:58.0052 10216 TrkWks - ok
01:00:58.0094 10216 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:00:58.0128 10216 TrustedInstaller - ok
01:00:58.0152 10216 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:00:58.0177 10216 tssecsrv - ok
01:00:58.0206 10216 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:00:58.0229 10216 TsUsbFlt - ok
01:00:58.0276 10216 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:00:58.0308 10216 tunnel - ok
01:00:58.0322 10216 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:00:58.0333 10216 uagp35 - ok
01:00:58.0350 10216 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:00:58.0394 10216 udfs - ok
01:00:58.0421 10216 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:00:58.0441 10216 UI0Detect - ok
01:00:58.0452 10216 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:00:58.0464 10216 uliagpkx - ok
01:00:58.0484 10216 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:00:58.0500 10216 umbus - ok
01:00:58.0513 10216 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:00:58.0527 10216 UmPass - ok
01:00:58.0539 10216 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:00:58.0569 10216 upnphost - ok
01:00:58.0607 10216 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:00:58.0632 10216 usbaudio - ok
01:00:58.0667 10216 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:00:58.0690 10216 usbccgp - ok
01:00:58.0711 10216 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:00:58.0726 10216 usbcir - ok
01:00:58.0737 10216 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:00:58.0764 10216 usbehci - ok
01:00:58.0788 10216 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:00:58.0812 10216 usbhub - ok
01:00:58.0829 10216 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:00:58.0839 10216 usbohci - ok
01:00:58.0853 10216 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:00:58.0875 10216 usbprint - ok
01:00:58.0898 10216 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:00:58.0910 10216 usbscan - ok
01:00:58.0939 10216 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:00:58.0958 10216 USBSTOR - ok
01:00:58.0979 10216 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:00:59.0000 10216 usbuhci - ok

Jack9183 29.12.2012 01:06
01:00:59.0030 10216 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
01:00:59.0040 10216 usb_rndisx - ok
01:00:59.0055 10216 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:00:59.0085 10216 UxSms - ok
01:00:59.0093 10216 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:00:59.0101 10216 VaultSvc - ok
01:00:59.0115 10216 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:00:59.0123 10216 vdrvroot - ok
01:00:59.0158 10216 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:00:59.0191 10216 vds - ok
01:00:59.0223 10216 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:00:59.0235 10216 vga - ok
01:00:59.0245 10216 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:00:59.0275 10216 VgaSave - ok
01:00:59.0304 10216 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:00:59.0319 10216 vhdmp - ok
01:00:59.0342 10216 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:00:59.0352 10216 viaide - ok
01:00:59.0366 10216 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:00:59.0374 10216 volmgr - ok
01:00:59.0398 10216 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:00:59.0410 10216 volmgrx - ok
01:00:59.0422 10216 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:00:59.0433 10216 volsnap - ok
01:00:59.0466 10216 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:00:59.0480 10216 vsmraid - ok
01:00:59.0535 10216 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:00:59.0588 10216 VSS - ok
01:00:59.0600 10216 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:00:59.0619 10216 vwifibus - ok
01:00:59.0647 10216 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:00:59.0695 10216 W32Time - ok
01:00:59.0715 10216 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:00:59.0736 10216 WacomPen - ok
01:00:59.0777 10216 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:00:59.0811 10216 WANARP - ok
01:00:59.0813 10216 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:00:59.0835 10216 Wanarpv6 - ok
01:00:59.0876 10216 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:00:59.0905 10216 wbengine - ok
01:00:59.0933 10216 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:00:59.0950 10216 WbioSrvc - ok
01:00:59.0977 10216 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:01:00.0014 10216 wcncsvc - ok
01:01:00.0032 10216 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:01:00.0044 10216 WcsPlugInService - ok
01:01:00.0063 10216 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:01:00.0074 10216 Wd - ok
01:01:00.0111 10216 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:01:00.0130 10216 Wdf01000 - ok
01:01:00.0138 10216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:01:00.0179 10216 WdiServiceHost - ok
01:01:00.0181 10216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:01:00.0193 10216 WdiSystemHost - ok
01:01:00.0208 10216 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:01:00.0239 10216 WebClient - ok
01:01:00.0258 10216 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:01:00.0288 10216 Wecsvc - ok
01:01:00.0304 10216 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:01:00.0343 10216 wercplsupport - ok
01:01:00.0361 10216 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:01:00.0389 10216 WerSvc - ok
01:01:00.0413 10216 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:01:00.0437 10216 WfpLwf - ok
01:01:00.0448 10216 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:01:00.0458 10216 WIMMount - ok
01:01:00.0468 10216 WinDefend - ok
01:01:00.0474 10216 WinHttpAutoProxySvc - ok
01:01:00.0511 10216 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:01:00.0544 10216 Winmgmt - ok
01:01:00.0596 10216 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:01:00.0645 10216 WinRM - ok
01:01:00.0707 10216 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:01:00.0727 10216 WinUsb - ok
01:01:00.0755 10216 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:01:00.0798 10216 Wlansvc - ok
01:01:00.0823 10216 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:01:00.0833 10216 WmiAcpi - ok
01:01:00.0870 10216 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:01:00.0895 10216 wmiApSrv - ok
01:01:00.0917 10216 WMPNetworkSvc - ok
01:01:00.0936 10216 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:01:00.0947 10216 WPCSvc - ok
01:01:00.0971 10216 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:01:00.0986 10216 WPDBusEnum - ok
01:01:01.0002 10216 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:01:01.0033 10216 ws2ifsl - ok
01:01:01.0044 10216 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:01:01.0067 10216 wscsvc - ok
01:01:01.0069 10216 WSearch - ok
01:01:01.0119 10216 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:01:01.0159 10216 wuauserv - ok
01:01:01.0180 10216 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:01:01.0199 10216 WudfPf - ok
01:01:01.0211 10216 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:01:01.0224 10216 WUDFRd - ok
01:01:01.0241 10216 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:01:01.0257 10216 wudfsvc - ok
01:01:01.0276 10216 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:01:01.0300 10216 WwanSvc - ok
01:01:01.0309 10216 ================ Scan global ===============================
01:01:01.0337 10216 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:01:01.0372 10216 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:01:01.0377 10216 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:01:01.0396 10216 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:01:01.0408 10216 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:01:01.0412 10216 [Global] - ok
01:01:01.0412 10216 ================ Scan MBR ==================================
01:01:01.0413 10216 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:01:01.0574 10216 \Device\Harddisk0\DR0 - ok
01:01:01.0583 10216 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
01:01:01.0750 10216 \Device\Harddisk1\DR1 - ok
01:01:01.0761 10216 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
01:01:01.0876 10216 \Device\Harddisk2\DR2 - ok
01:01:01.0882 10216 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
01:01:02.0206 10216 \Device\Harddisk3\DR3 - ok
01:01:02.0207 10216 ================ Scan VBR ==================================
01:01:02.0208 10216 [ 35E85FDE3DA4D1873BF22BC5D452E893 ] \Device\Harddisk0\DR0\Partition1
01:01:02.0209 10216 \Device\Harddisk0\DR0\Partition1 - ok
01:01:02.0210 10216 [ A8AE9DABE6F58246C31C7BA88DD604F4 ] \Device\Harddisk1\DR1\Partition1
01:01:02.0211 10216 \Device\Harddisk1\DR1\Partition1 - ok
01:01:02.0229 10216 [ 0D0526BAF4BC3B0FD9E913613D16D585 ] \Device\Harddisk1\DR1\Partition2
01:01:02.0230 10216 \Device\Harddisk1\DR1\Partition2 - ok
01:01:02.0232 10216 [ 65173EA24E1306D17A53FB04E6A7FFE0 ] \Device\Harddisk2\DR2\Partition1
01:01:02.0234 10216 \Device\Harddisk2\DR2\Partition1 - ok
01:01:02.0236 10216 [ BE4323B7799E9662C2CC8109B4A1DBD5 ] \Device\Harddisk3\DR3\Partition1
01:01:02.0237 10216 \Device\Harddisk3\DR3\Partition1 - ok
01:01:02.0237 10216 ============================================================
01:01:02.0237 10216 Scan finished
01:01:02.0237 10216 ============================================================
01:01:02.0243 10188 Detected object count: 4
01:01:02.0243 10188 Actual detected object count: 4
01:01:23.0539 10188 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:23.0539 10188 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:01:23.0540 10188 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:23.0540 10188 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:01:23.0541 10188 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:23.0541 10188 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:01:23.0542 10188 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:01:23.0542 10188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:01:27.0439 10232 ============================================================
01:01:27.0439 10232 Scan started
01:01:27.0439 10232 Mode: Manual; SigCheck; TDLFS;
01:01:27.0439 10232 ============================================================
01:01:27.0781 10232 ================ Scan system memory ========================
01:01:27.0781 10232 System memory - ok
01:01:27.0781 10232 ================ Scan services =============================
01:01:27.0874 10232 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:01:27.0888 10232 1394ohci - ok
01:01:27.0915 10232 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
01:01:27.0924 10232 acedrv11 - ok
01:01:27.0954 10232 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:01:27.0965 10232 ACPI - ok
01:01:27.0975 10232 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:01:27.0984 10232 AcpiPmi - ok
01:01:28.0025 10232 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:01:28.0033 10232 AdobeARMservice - ok
01:01:28.0094 10232 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:01:28.0102 10232 AdobeFlashPlayerUpdateSvc - ok
01:01:28.0130 10232 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:01:28.0143 10232 adp94xx - ok
01:01:28.0159 10232 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:01:28.0169 10232 adpahci - ok
01:01:28.0183 10232 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:01:28.0192 10232 adpu320 - ok
01:01:28.0222 10232 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:01:28.0245 10232 AeLookupSvc - ok
01:01:28.0270 10232 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:01:28.0281 10232 AFD - ok
01:01:28.0311 10232 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:01:28.0319 10232 agp440 - ok
01:01:28.0326 10232 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:01:28.0335 10232 ALG - ok
01:01:28.0339 10232 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:01:28.0347 10232 aliide - ok
01:01:28.0349 10232 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:01:28.0359 10232 amdide - ok
01:01:28.0369 10232 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:01:28.0377 10232 AmdK8 - ok
01:01:28.0392 10232 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:01:28.0400 10232 AmdPPM - ok
01:01:28.0418 10232 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:01:28.0427 10232 amdsata - ok
01:01:28.0446 10232 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:01:28.0455 10232 amdsbs - ok
01:01:28.0463 10232 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:01:28.0471 10232 amdxata - ok
01:01:28.0505 10232 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:01:28.0512 10232 AntiVirSchedulerService - ok
01:01:28.0529 10232 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:01:28.0535 10232 AntiVirService - ok
01:01:28.0564 10232 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:01:28.0586 10232 AppID - ok
01:01:28.0607 10232 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:01:28.0629 10232 AppIDSvc - ok
01:01:28.0640 10232 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:01:28.0662 10232 Appinfo - ok
01:01:28.0682 10232 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:01:28.0690 10232 arc - ok
01:01:28.0698 10232 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:01:28.0707 10232 arcsas - ok
01:01:28.0777 10232 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:01:28.0784 10232 aspnet_state - ok
01:01:28.0797 10232 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:01:28.0819 10232 AsyncMac - ok
01:01:28.0848 10232 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:01:28.0855 10232 atapi - ok
01:01:28.0889 10232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:01:28.0914 10232 AudioEndpointBuilder - ok
01:01:28.0921 10232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:01:28.0947 10232 AudioSrv - ok
01:01:28.0953 10232 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:01:28.0960 10232 avgntflt - ok
01:01:28.0975 10232 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:01:28.0983 10232 avipbb - ok
01:01:28.0994 10232 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:01:29.0000 10232 avkmgr - ok
01:01:29.0031 10232 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:01:29.0043 10232 AxInstSV - ok
01:01:29.0067 10232 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:01:29.0077 10232 b06bdrv - ok
01:01:29.0091 10232 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:01:29.0100 10232 b57nd60a - ok
01:01:29.0119 10232 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:01:29.0127 10232 BDESVC - ok
01:01:29.0134 10232 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:01:29.0156 10232 Beep - ok
01:01:29.0179 10232 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:01:29.0206 10232 BFE - ok
01:01:29.0241 10232 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:01:29.0268 10232 BITS - ok
01:01:29.0275 10232 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:01:29.0283 10232 blbdrive - ok
01:01:29.0305 10232 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:01:29.0312 10232 bowser - ok
01:01:29.0329 10232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:01:29.0338 10232 BrFiltLo - ok
01:01:29.0340 10232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:01:29.0349 10232 BrFiltUp - ok
01:01:29.0380 10232 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:01:29.0389 10232 Browser - ok
01:01:29.0402 10232 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:01:29.0411 10232 Brserid - ok
01:01:29.0425 10232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:01:29.0435 10232 BrSerWdm - ok
01:01:29.0445 10232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:01:29.0454 10232 BrUsbMdm - ok
01:01:29.0457 10232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:01:29.0465 10232 BrUsbSer - ok
01:01:29.0469 10232 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:01:29.0479 10232 BTHMODEM - ok
01:01:29.0506 10232 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:01:29.0529 10232 bthserv - ok
01:01:29.0536 10232 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:01:29.0559 10232 cdfs - ok
01:01:29.0585 10232 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:01:29.0593 10232 cdrom - ok
01:01:29.0617 10232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:01:29.0639 10232 CertPropSvc - ok
01:01:29.0653 10232 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:01:29.0662 10232 circlass - ok
01:01:29.0677 10232 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:01:29.0688 10232 CLFS - ok
01:01:29.0725 10232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:01:29.0733 10232 clr_optimization_v2.0.50727_32 - ok
01:01:29.0763 10232 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:01:29.0770 10232 clr_optimization_v2.0.50727_64 - ok
01:01:29.0806 10232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:01:29.0813 10232 clr_optimization_v4.0.30319_32 - ok
01:01:29.0821 10232 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:01:29.0828 10232 clr_optimization_v4.0.30319_64 - ok
01:01:29.0843 10232 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:01:29.0851 10232 CmBatt - ok
01:01:29.0873 10232 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:01:29.0881 10232 cmdide - ok
01:01:29.0904 10232 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:01:29.0920 10232 CNG - ok
01:01:29.0926 10232 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:01:29.0937 10232 Compbatt - ok
01:01:29.0964 10232 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:01:29.0973 10232 CompositeBus - ok
01:01:29.0975 10232 COMSysApp - ok
01:01:29.0986 10232 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:01:29.0994 10232 crcdisk - ok
01:01:30.0019 10232 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:01:30.0027 10232 CryptSvc - ok
01:01:30.0060 10232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:01:30.0086 10232 DcomLaunch - ok
01:01:30.0104 10232 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:01:30.0128 10232 defragsvc - ok
01:01:30.0159 10232 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:01:30.0181 10232 DfsC - ok
01:01:30.0192 10232 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:01:30.0202 10232 Dhcp - ok
01:01:30.0221 10232 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:01:30.0244 10232 discache - ok
01:01:30.0252 10232 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:01:30.0260 10232 Disk - ok
01:01:30.0288 10232 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:01:30.0297 10232 Dnscache - ok
01:01:30.0327 10232 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:01:30.0350 10232 dot3svc - ok
01:01:30.0377 10232 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:01:30.0399 10232 DPS - ok
01:01:30.0414 10232 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:01:30.0423 10232 drmkaud - ok
01:01:30.0460 10232 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:01:30.0476 10232 DXGKrnl - ok
01:01:30.0493 10232 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:01:30.0516 10232 EapHost - ok
01:01:30.0570 10232 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:01:30.0599 10232 ebdrv - ok
01:01:30.0629 10232 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:01:30.0637 10232 EFS - ok
01:01:30.0686 10232 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:01:30.0699 10232 ehRecvr - ok
01:01:30.0713 10232 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:01:30.0722 10232 ehSched - ok
01:01:30.0747 10232 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:01:30.0759 10232 elxstor - ok
01:01:30.0787 10232 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:01:30.0795 10232 ErrDev - ok
01:01:30.0811 10232 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:01:30.0836 10232 EventSystem - ok
01:01:30.0853 10232 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:01:30.0877 10232 exfat - ok
01:01:30.0885 10232 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:01:30.0908 10232 fastfat - ok
01:01:30.0935 10232 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:01:30.0947 10232 Fax - ok
01:01:30.0971 10232 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:01:30.0979 10232 fdc - ok
01:01:30.0992 10232 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:01:31.0017 10232 fdPHost - ok
01:01:31.0023 10232 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:01:31.0046 10232 FDResPub - ok
01:01:31.0050 10232 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:01:31.0059 10232 FileInfo - ok
01:01:31.0072 10232 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:01:31.0094 10232 Filetrace - ok
01:01:31.0138 10232 FirebirdGuardianDefaultInstance - ok
01:01:31.0140 10232 FirebirdServerDefaultInstance - ok
01:01:31.0177 10232 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:01:31.0192 10232 FLEXnet Licensing Service - ok
01:01:31.0202 10232 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:01:31.0210 10232 flpydisk - ok
01:01:31.0240 10232 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:01:31.0250 10232 FltMgr - ok
01:01:31.0288 10232 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
01:01:31.0317 10232 FontCache - ok
01:01:31.0362 10232 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:01:31.0369 10232 FontCache3.0.0.0 - ok
01:01:31.0392 10232 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:01:31.0400 10232 FsDepends - ok
01:01:31.0423 10232 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:01:31.0430 10232 Fs_Rec - ok
01:01:31.0459 10232 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:01:31.0471 10232 fvevol - ok
01:01:31.0484 10232 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:01:31.0492 10232 gagp30kx - ok
01:01:31.0530 10232 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:01:31.0557 10232 gpsvc - ok
01:01:31.0588 10232 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:01:31.0594 10232 gupdate - ok
01:01:31.0597 10232 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:01:31.0603 10232 gupdatem - ok
01:01:31.0619 10232 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:01:31.0627 10232 hcw85cir - ok
01:01:31.0675 10232 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:01:31.0687 10232 HdAudAddService - ok
01:01:31.0713 10232 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:01:31.0723 10232 HDAudBus - ok
01:01:31.0734 10232 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:01:31.0742 10232 HidBatt - ok
01:01:31.0749 10232 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:01:31.0759 10232 HidBth - ok
01:01:31.0761 10232 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:01:31.0771 10232 HidIr - ok
01:01:31.0788 10232 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:01:31.0811 10232 hidserv - ok
01:01:31.0819 10232 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:01:31.0827 10232 HidUsb - ok
01:01:31.0860 10232 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:01:31.0882 10232 hkmsvc - ok
01:01:31.0909 10232 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:01:31.0918 10232 HomeGroupListener - ok
01:01:31.0944 10232 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:01:31.0953 10232 HomeGroupProvider - ok
01:01:31.0973 10232 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:01:31.0982 10232 HpSAMD - ok
01:01:32.0014 10232 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:01:32.0040 10232 HTTP - ok
01:01:32.0063 10232 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:01:32.0071 10232 hwpolicy - ok
01:01:32.0095 10232 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:01:32.0104 10232 i8042prt - ok
01:01:32.0133 10232 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:01:32.0144 10232 iaStorV - ok
01:01:32.0185 10232 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:01:32.0188 10232 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:01:32.0188 10232 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:01:32.0232 10232 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:01:32.0245 10232 idsvc - ok
01:01:32.0266 10232 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:01:32.0274 10232 iirsp - ok
01:01:32.0315 10232 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:01:32.0343 10232 IKEEXT - ok
01:01:32.0352 10232 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:01:32.0360 10232 intelide - ok
01:01:32.0369 10232 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:01:32.0377 10232 intelppm - ok
01:01:32.0399 10232 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:01:32.0422 10232 IPBusEnum - ok
01:01:32.0436 10232 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:01:32.0458 10232 IpFilterDriver - ok
01:01:32.0493 10232 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:01:32.0504 10232 iphlpsvc - ok
01:01:32.0531 10232 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:01:32.0539 10232 IPMIDRV - ok
01:01:32.0558 10232 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:01:32.0581 10232 IPNAT - ok
01:01:32.0588 10232 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:01:32.0598 10232 IRENUM - ok
01:01:32.0615 10232 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:01:32.0623 10232 isapnp - ok
01:01:32.0649 10232 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:01:32.0659 10232 iScsiPrt - ok
01:01:32.0673 10232 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:01:32.0681 10232 kbdclass - ok
01:01:32.0694 10232 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:01:32.0702 10232 kbdhid - ok
01:01:32.0712 10232 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:01:32.0720 10232 KeyIso - ok
01:01:32.0741 10232 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:01:32.0750 10232 KSecDD - ok
01:01:32.0758 10232 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:01:32.0767 10232 KSecPkg - ok
01:01:32.0782 10232 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:01:32.0805 10232 ksthunk - ok
01:01:32.0829 10232 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:01:32.0854 10232 KtmRm - ok
01:01:32.0888 10232 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:01:32.0911 10232 LanmanServer - ok
01:01:32.0934 10232 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:01:32.0961 10232 LanmanWorkstation - ok
01:01:32.0970 10232 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:01:32.0993 10232 lltdio - ok
01:01:33.0022 10232 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:01:33.0047 10232 lltdsvc - ok
01:01:33.0062 10232 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:01:33.0085 10232 lmhosts - ok
01:01:33.0097 10232 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:01:33.0105 10232 LSI_FC - ok
01:01:33.0123 10232 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:01:33.0135 10232 LSI_SAS - ok
01:01:33.0143 10232 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:01:33.0151 10232 LSI_SAS2 - ok
01:01:33.0157 10232 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:01:33.0166 10232 LSI_SCSI - ok
01:01:33.0180 10232 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:01:33.0203 10232 luafv - ok
01:01:33.0227 10232 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:01:33.0236 10232 Mcx2Svc - ok
01:01:33.0249 10232 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:01:33.0257 10232 megasas - ok
01:01:33.0266 10232 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:01:33.0276 10232 MegaSR - ok
01:01:33.0313 10232 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:01:33.0320 10232 Microsoft Office Groove Audit Service - ok
01:01:33.0342 10232 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:01:33.0365 10232 MMCSS - ok
01:01:33.0382 10232 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:01:33.0405 10232 Modem - ok
01:01:33.0414 10232 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:01:33.0424 10232 monitor - ok
01:01:33.0434 10232 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:01:33.0442 10232 mouclass - ok
01:01:33.0454 10232 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:01:33.0464 10232 mouhid - ok
01:01:33.0490 10232 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:01:33.0499 10232 mountmgr - ok
01:01:33.0521 10232 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:01:33.0528 10232 MozillaMaintenance - ok
01:01:33.0554 10232 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:01:33.0563 10232 mpio - ok
01:01:33.0584 10232 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:01:33.0607 10232 mpsdrv - ok
01:01:33.0643 10232 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:01:33.0670 10232 MpsSvc - ok
01:01:33.0695 10232 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:01:33.0707 10232 MRxDAV - ok
01:01:33.0737 10232 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:01:33.0745 10232 mrxsmb - ok
01:01:33.0754 10232 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:01:33.0764 10232 mrxsmb10 - ok
01:01:33.0777 10232 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:01:33.0785 10232 mrxsmb20 - ok
01:01:33.0814 10232 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:01:33.0821 10232 msahci - ok
01:01:33.0845 10232 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:01:33.0853 10232 msdsm - ok
01:01:33.0864 10232 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:01:33.0874 10232 MSDTC - ok
01:01:33.0889 10232 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:01:33.0912 10232 Msfs - ok
01:01:33.0925 10232 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:01:33.0948 10232 mshidkmdf - ok
01:01:33.0974 10232 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:01:33.0982 10232 msisadrv - ok
01:01:33.0999 10232 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:01:34.0022 10232 MSiSCSI - ok
01:01:34.0025 10232 msiserver - ok
01:01:34.0034 10232 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:01:34.0057 10232 MSKSSRV - ok
01:01:34.0059 10232 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:01:34.0082 10232 MSPCLOCK - ok
01:01:34.0085 10232 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:01:34.0107 10232 MSPQM - ok
01:01:34.0134 10232 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:01:34.0145 10232 MsRPC - ok
01:01:34.0174 10232 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:01:34.0181 10232 mssmbios - ok
01:01:34.0189 10232 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:01:34.0212 10232 MSTEE - ok
01:01:34.0225 10232 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:01:34.0233 10232 MTConfig - ok
01:01:34.0241 10232 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:01:34.0249 10232 Mup - ok
01:01:34.0280 10232 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:01:34.0305 10232 napagent - ok
01:01:34.0317 10232 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:01:34.0329 10232 NativeWifiP - ok
01:01:34.0368 10232 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:01:34.0384 10232 NDIS - ok
01:01:34.0398 10232 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:01:34.0421 10232 NdisCap - ok
01:01:34.0429 10232 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:01:34.0452 10232 NdisTapi - ok
01:01:34.0475 10232 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:01:34.0496 10232 Ndisuio - ok
01:01:34.0509 10232 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:01:34.0532 10232 NdisWan - ok
01:01:34.0568 10232 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:01:34.0590 10232 NDProxy - ok
01:01:34.0730 10232 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
01:01:34.0743 10232 Nero BackItUp Scheduler 3 - ok
01:01:34.0772 10232 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:01:34.0794 10232 NetBIOS - ok
01:01:34.0873 10232 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:01:34.0896 10232 NetBT - ok
01:01:34.0903 10232 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:01:34.0911 10232 Netlogon - ok
01:01:34.0930 10232 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:01:34.0956 10232 Netman - ok
01:01:34.0983 10232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:01:34.0991 10232 NetMsmqActivator - ok
01:01:34.0993 10232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:01:35.0000 10232 NetPipeActivator - ok
01:01:35.0006 10232 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:01:35.0032 10232 netprofm - ok
01:01:35.0034 10232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:01:35.0041 10232 NetTcpActivator - ok
01:01:35.0044 10232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:01:35.0051 10232 NetTcpPortSharing - ok
01:01:35.0062 10232 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:01:35.0070 10232 nfrd960 - ok
01:01:35.0082 10232 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:01:35.0092 10232 NlaSvc - ok
01:01:35.0136 10232 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
01:01:35.0146 10232 NMIndexingService - ok
01:01:35.0154 10232 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:01:35.0176 10232 Npfs - ok
01:01:35.0193 10232 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:01:35.0218 10232 nsi - ok
01:01:35.0234 10232 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:01:35.0257 10232 nsiproxy - ok
01:01:35.0305 10232 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:01:35.0327 10232 Ntfs - ok
01:01:35.0340 10232 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:01:35.0362 10232 Null - ok
01:01:35.0385 10232 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:01:35.0393 10232 NVHDA - ok
01:01:35.0576 10232 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:01:35.0707 10232 nvlddmkm - ok
01:01:35.0724 10232 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:01:35.0733 10232 nvraid - ok
01:01:35.0762 10232 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:01:35.0771 10232 nvstor - ok
01:01:35.0808 10232 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
01:01:35.0822 10232 nvsvc - ok
01:01:35.0865 10232 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:01:35.0883 10232 nvUpdatusService - ok
01:01:35.0901 10232 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:01:35.0910 10232 nv_agp - ok
01:01:35.0961 10232 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:01:35.0970 10232 odserv - ok
01:01:35.0988 10232 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:01:35.0996 10232 ohci1394 - ok
01:01:36.0014 10232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:36.0022 10232 ose - ok
01:01:36.0046 10232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:01:36.0056 10232 p2pimsvc - ok
01:01:36.0066 10232 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:01:36.0076 10232 p2psvc - ok
01:01:36.0097 10232 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:01:36.0105 10232 Parport - ok
01:01:36.0138 10232 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:01:36.0146 10232 partmgr - ok
01:01:36.0158 10232 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:01:36.0170 10232 PcaSvc - ok
01:01:36.0189 10232 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:01:36.0198 10232 pci - ok
01:01:36.0217 10232 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:01:36.0224 10232 pciide - ok
01:01:36.0244 10232 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:01:36.0253 10232 pcmcia - ok
01:01:36.0265 10232 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:01:36.0273 10232 pcw - ok
01:01:36.0293 10232 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:01:36.0326 10232 PEAUTH - ok
01:01:36.0377 10232 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:01:36.0388 10232 PerfHost - ok
01:01:36.0436 10232 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:01:36.0467 10232 pla - ok
01:01:36.0487 10232 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
01:01:36.0490 10232 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
01:01:36.0490 10232 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
01:01:36.0530 10232 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:01:36.0540 10232 PlugPlay - ok
01:01:36.0543 10232 PnkBstrA - ok
01:01:36.0545 10232 PnkBstrB - ok
01:01:36.0559 10232 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:01:36.0568 10232 PNRPAutoReg - ok
01:01:36.0579 10232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:01:36.0589 10232 PNRPsvc - ok
01:01:36.0624 10232 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:01:36.0649 10232 PolicyAgent - ok
01:01:36.0670 10232 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:01:36.0695 10232 Power - ok
01:01:36.0718 10232 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:01:36.0740 10232 PptpMiniport - ok
01:01:36.0759 10232 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:01:36.0767 10232 Processor - ok
01:01:36.0808 10232 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:01:36.0817 10232 ProfSvc - ok
01:01:36.0828 10232 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:01:36.0836 10232 ProtectedStorage - ok
01:01:36.0844 10232 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:01:36.0866 10232 Psched - ok
01:01:36.0890 10232 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:01:36.0911 10232 ql2300 - ok
01:01:36.0929 10232 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:01:36.0938 10232 ql40xx - ok
01:01:36.0959 10232 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:01:36.0972 10232 QWAVE - ok
01:01:36.0983 10232 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:01:36.0993 10232 QWAVEdrv - ok
01:01:36.0999 10232 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:01:37.0022 10232 RasAcd - ok
01:01:37.0034 10232 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:01:37.0057 10232 RasAgileVpn - ok
01:01:37.0066 10232 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:01:37.0090 10232 RasAuto - ok
01:01:37.0121 10232 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:01:37.0143 10232 Rasl2tp - ok
01:01:37.0152 10232 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:01:37.0177 10232 RasMan - ok
01:01:37.0203 10232 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:01:37.0226 10232 RasPppoe - ok
01:01:37.0238 10232 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:01:37.0261 10232 RasSstp - ok
01:01:37.0271 10232 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:01:37.0294 10232 rdbss - ok
01:01:37.0307 10232 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:01:37.0317 10232 rdpbus - ok
01:01:37.0330 10232 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:01:37.0352 10232 RDPCDD - ok
01:01:37.0359 10232 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:01:37.0381 10232 RDPENCDD - ok
01:01:37.0384 10232 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:01:37.0407 10232 RDPREFMP - ok
01:01:37.0434 10232 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:01:37.0443 10232 RDPWD - ok
01:01:37.0473 10232 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:01:37.0482 10232 rdyboost - ok
01:01:37.0505 10232 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:01:37.0529 10232 RemoteAccess - ok
01:01:37.0543 10232 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:01:37.0567 10232 RemoteRegistry - ok
01:01:37.0578 10232 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:01:37.0601 10232 RpcEptMapper - ok
01:01:37.0611 10232 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:01:37.0620 10232 RpcLocator - ok
01:01:37.0651 10232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:01:37.0677 10232 RpcSs - ok
01:01:37.0703 10232 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:01:37.0726 10232 rspndr - ok
01:01:37.0743 10232 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:01:37.0751 10232 RTL8167 - ok
01:01:37.0761 10232 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:01:37.0770 10232 SamSs - ok
01:01:37.0823 10232 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys
01:01:37.0828 10232 SANDRA - ok
01:01:37.0842 10232 [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
01:01:37.0845 10232 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
01:01:37.0845 10232 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
01:01:37.0866 10232 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:01:37.0874 10232 sbp2port - ok
01:01:37.0896 10232 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:01:37.0920 10232 SCardSvr - ok
01:01:37.0944 10232 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:01:37.0966 10232 scfilter - ok
01:01:38.0001 10232 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:01:38.0031 10232 Schedule - ok
01:01:38.0058 10232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:01:38.0080 10232 SCPolicySvc - ok
01:01:38.0113 10232 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:01:38.0122 10232 SDRSVC - ok
01:01:38.0142 10232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:01:38.0164 10232 secdrv - ok
01:01:38.0172 10232 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:01:38.0195 10232 seclogon - ok
01:01:38.0210 10232 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:01:38.0233 10232 SENS - ok
01:01:38.0244 10232 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:01:38.0252 10232 SensrSvc - ok
01:01:38.0257 10232 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:01:38.0265 10232 Serenum - ok
01:01:38.0281 10232 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:01:38.0290 10232 Serial - ok
01:01:38.0308 10232 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:01:38.0318 10232 sermouse - ok
01:01:38.0347 10232 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:01:38.0370 10232 SessionEnv - ok
01:01:38.0391 10232 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:01:38.0400 10232 sffdisk - ok
01:01:38.0421 10232 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:01:38.0431 10232 sffp_mmc - ok
01:01:38.0436 10232 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:01:38.0445 10232 sffp_sd - ok
01:01:38.0468 10232 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:01:38.0476 10232 sfloppy - ok
01:01:38.0502 10232 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:01:38.0527 10232 SharedAccess - ok
01:01:38.0550 10232 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:01:38.0574 10232 ShellHWDetection - ok
01:01:38.0588 10232 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:01:38.0596 10232 SiSRaid2 - ok
01:01:38.0604 10232 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:01:38.0612 10232 SiSRaid4 - ok
01:01:38.0639 10232 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:01:38.0646 10232 SkypeUpdate - ok
01:01:38.0660 10232 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:01:38.0683 10232 Smb - ok
01:01:38.0707 10232 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:01:38.0716 10232 SNMPTRAP - ok
01:01:38.0730 10232 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:01:38.0738 10232 spldr - ok
01:01:38.0767 10232 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:01:38.0779 10232 Spooler - ok
01:01:38.0842 10232 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:01:38.0888 10232 sppsvc - ok
01:01:38.0905 10232 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:01:38.0929 10232 sppuinotify - ok
01:01:38.0962 10232 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
01:01:38.0962 10232 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
01:01:38.0962 10232 sptd ( LockedFile.Multi.Generic ) - warning
01:01:38.0962 10232 sptd - detected LockedFile.Multi.Generic (1)
01:01:38.0989 10232 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:01:39.0000 10232 srv - ok
01:01:39.0033 10232 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:01:39.0043 10232 srv2 - ok
01:01:39.0053 10232 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:01:39.0061 10232 srvnet - ok
01:01:39.0074 10232 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:01:39.0098 10232 SSDPSRV - ok
01:01:39.0112 10232 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:01:39.0135 10232 SstpSvc - ok
01:01:39.0144 10232 Steam Client Service - ok
01:01:39.0178 10232 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:01:39.0188 10232 Stereo Service - ok
01:01:39.0202 10232 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:01:39.0210 10232 stexstor - ok
01:01:39.0243 10232 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:01:39.0258 10232 stisvc - ok
01:01:39.0285 10232 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:01:39.0292 10232 swenum - ok
01:01:39.0320 10232 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:01:39.0346 10232 swprv - ok
01:01:39.0393 10232 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:01:39.0416 10232 SysMain - ok
01:01:39.0434 10232 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:01:39.0446 10232 TabletInputService - ok
01:01:39.0475 10232 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:01:39.0499 10232 TapiSrv - ok
01:01:39.0510 10232 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:01:39.0533 10232 TBS - ok
01:01:39.0579 10232 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:01:39.0604 10232 Tcpip - ok
01:01:39.0621 10232 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:01:39.0646 10232 TCPIP6 - ok
01:01:39.0676 10232 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:01:39.0684 10232 tcpipreg - ok
01:01:39.0708 10232 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:01:39.0715 10232 TDPIPE - ok
01:01:39.0737 10232 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:01:39.0744 10232 TDTCP - ok
01:01:39.0767 10232 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:01:39.0789 10232 tdx - ok
01:01:39.0861 10232 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:01:39.0894 10232 TeamViewer7 - ok
01:01:39.0917 10232 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:01:39.0925 10232 TermDD - ok
01:01:40.0037 10232 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:01:40.0063 10232 TermService - ok
01:01:40.0081 10232 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
01:01:40.0089 10232 TFsExDisk - ok
01:01:40.0109 10232 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:01:40.0120 10232 Themes - ok
01:01:40.0141 10232 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:01:40.0164 10232 THREADORDER - ok
01:01:40.0172 10232 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:01:40.0195 10232 TrkWks - ok
01:01:40.0237 10232 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:01:40.0260 10232 TrustedInstaller - ok
01:01:40.0279 10232 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:40.0301 10232 tssecsrv - ok
01:01:40.0324 10232 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:01:40.0332 10232 TsUsbFlt - ok
01:01:40.0344 10232 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:01:40.0367 10232 tunnel - ok
01:01:40.0381 10232 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:01:40.0389 10232 uagp35 - ok
01:01:40.0401 10232 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:01:40.0425 10232 udfs - ok
01:01:40.0447 10232 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:01:40.0456 10232 UI0Detect - ok
01:01:40.0462 10232 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:01:40.0470 10232 uliagpkx - ok
01:01:40.0494 10232 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:01:40.0502 10232 umbus - ok
01:01:40.0514 10232 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:01:40.0522 10232 UmPass - ok
01:01:40.0532 10232 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:01:40.0557 10232 upnphost - ok
01:01:40.0583 10232 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:01:40.0593 10232 usbaudio - ok
01:01:40.0627 10232 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:01:40.0635 10232 usbccgp - ok
01:01:40.0654 10232 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:01:40.0664 10232 usbcir - ok
01:01:40.0672 10232 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:01:40.0680 10232 usbehci - ok
01:01:40.0690 10232 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:01:40.0699 10232 usbhub - ok
01:01:40.0714 10232 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:01:40.0722 10232 usbohci - ok
01:01:40.0729 10232 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:01:40.0739 10232 usbprint - ok
01:01:40.0758 10232 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:01:40.0767 10232 usbscan - ok
01:01:40.0782 10232 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:01:40.0790 10232 USBSTOR - ok
01:01:40.0814 10232 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:01:40.0821 10232 usbuhci - ok
01:01:40.0840 10232 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
01:01:40.0847 10232 usb_rndisx - ok
01:01:40.0865 10232 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:01:40.0888 10232 UxSms - ok
01:01:40.0894 10232 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:01:40.0902 10232 VaultSvc - ok
01:01:40.0916 10232 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:01:40.0924 10232 vdrvroot - ok
01:01:40.0943 10232 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:01:40.0969 10232 vds - ok
01:01:40.0991 10232 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:01:41.0001 10232 vga - ok
01:01:41.0013 10232 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:01:41.0037 10232 VgaSave - ok
01:01:41.0089 10232 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:01:41.0098 10232 vhdmp - ok
01:01:41.0110 10232 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:01:41.0118 10232 viaide - ok
01:01:41.0125 10232 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:01:41.0133 10232 volmgr - ok
01:01:41.0141 10232 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:01:41.0152 10232 volmgrx - ok
01:01:41.0165 10232 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:01:41.0175 10232 volsnap - ok
01:01:41.0184 10232 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:01:41.0194 10232 vsmraid - ok
01:01:41.0237 10232 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:01:41.0269 10232 VSS - ok
01:01:41.0277 10232 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:01:41.0286 10232 vwifibus - ok
01:01:41.0307 10232 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:01:41.0332 10232 W32Time - ok
01:01:41.0350 10232 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:01:41.0358 10232 WacomPen - ok
01:01:41.0387 10232 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:01:41.0409 10232 WANARP - ok
01:01:41.0412 10232 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:01:41.0434 10232 Wanarpv6 - ok
01:01:41.0469 10232 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:01:41.0487 10232 wbengine - ok
01:01:41.0501 10232 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:01:41.0513 10232 WbioSrvc - ok
01:01:41.0546 10232 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:01:41.0560 10232 wcncsvc - ok
01:01:41.0575 10232 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:01:41.0584 10232 WcsPlugInService - ok
01:01:41.0598 10232 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:01:41.0606 10232 Wd - ok
01:01:41.0637 10232 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:01:41.0653 10232 Wdf01000 - ok
01:01:41.0665 10232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:01:41.0677 10232 WdiServiceHost - ok
01:01:41.0679 10232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:01:41.0691 10232 WdiSystemHost - ok
01:01:41.0702 10232 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:01:41.0715 10232 WebClient - ok
01:01:41.0735 10232 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:01:41.0759 10232 Wecsvc - ok
01:01:41.0772 10232 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:01:41.0796 10232 wercplsupport - ok
01:01:41.0805 10232 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:01:41.0828 10232 WerSvc - ok
01:01:41.0848 10232 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:01:41.0870 10232 WfpLwf - ok
01:01:41.0874 10232 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:01:41.0882 10232 WIMMount - ok
01:01:41.0895 10232 WinDefend - ok
01:01:41.0898 10232 WinHttpAutoProxySvc - ok
01:01:41.0929 10232 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:01:41.0953 10232 Winmgmt - ok
01:01:42.0005 10232 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:01:42.0041 10232 WinRM - ok
01:01:42.0066 10232 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:01:42.0076 10232 WinUsb - ok
01:01:42.0105 10232 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:01:42.0122 10232 Wlansvc - ok
01:01:42.0140 10232 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:01:42.0148 10232 WmiAcpi - ok
01:01:42.0187 10232 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:01:42.0197 10232 wmiApSrv - ok
01:01:42.0209 10232 WMPNetworkSvc - ok
01:01:42.0220 10232 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:01:42.0229 10232 WPCSvc - ok
01:01:42.0255 10232 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:01:42.0265 10232 WPDBusEnum - ok
01:01:42.0277 10232 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:01:42.0300 10232 ws2ifsl - ok
01:01:42.0320 10232 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:01:42.0331 10232 wscsvc - ok
01:01:42.0334 10232 WSearch - ok
01:01:42.0386 10232 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:01:42.0417 10232 wuauserv - ok
01:01:42.0439 10232 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:01:42.0447 10232 WudfPf - ok
01:01:42.0451 10232 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:01:42.0460 10232 WUDFRd - ok
01:01:42.0483 10232 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:01:42.0492 10232 wudfsvc - ok
01:01:42.0510 10232 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:01:42.0523 10232 WwanSvc - ok
01:01:42.0527 10232 ================ Scan global ===============================
01:01:42.0555 10232 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:01:42.0581 10232 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:01:42.0585 10232 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:01:42.0605 10232 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:01:42.0617 10232 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:01:42.0619 10232 [Global] - ok
01:01:42.0620 10232 ================ Scan MBR ==================================
01:01:42.0621 10232 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:01:42.0693 10232 \Device\Harddisk0\DR0 - ok
01:01:42.0700 10232 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
01:01:42.0876 10232 \Device\Harddisk1\DR1 - ok
01:01:42.0878 10232 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
01:01:42.0947 10232 \Device\Harddisk2\DR2 - ok
01:01:42.0952 10232 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
01:01:43.0277 10232 \Device\Harddisk3\DR3 - ok
01:01:43.0277 10232 ================ Scan VBR ==================================
01:01:43.0278 10232 [ 35E85FDE3DA4D1873BF22BC5D452E893 ] \Device\Harddisk0\DR0\Partition1
01:01:43.0279 10232 \Device\Harddisk0\DR0\Partition1 - ok
01:01:43.0280 10232 [ A8AE9DABE6F58246C31C7BA88DD604F4 ] \Device\Harddisk1\DR1\Partition1
01:01:43.0281 10232 \Device\Harddisk1\DR1\Partition1 - ok
01:01:43.0296 10232 [ 0D0526BAF4BC3B0FD9E913613D16D585 ] \Device\Harddisk1\DR1\Partition2
01:01:43.0297 10232 \Device\Harddisk1\DR1\Partition2 - ok
01:01:43.0299 10232 [ 65173EA24E1306D17A53FB04E6A7FFE0 ] \Device\Harddisk2\DR2\Partition1
01:01:43.0301 10232 \Device\Harddisk2\DR2\Partition1 - ok
01:01:43.0303 10232 [ BE4323B7799E9662C2CC8109B4A1DBD5 ] \Device\Harddisk3\DR3\Partition1
01:01:43.0304 10232 \Device\Harddisk3\DR3\Partition1 - ok
01:01:43.0305 10232 ============================================================
01:01:43.0305 10232 Scan finished
01:01:43.0305 10232 ============================================================
01:01:43.0309 9408 Detected object count: 4
01:01:43.0309 9408 Actual detected object count: 4
01:02:55.0034 9408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:55.0034 9408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:55.0034 9408 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:55.0034 9408 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:55.0035 9408 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:55.0035 9408 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:55.0036 9408 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:02:55.0036 9408 sptd ( LockedFile.Multi.Generic ) - User select action:

markusg 02.01.2013 21:25
Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jack9183 02.01.2013 22:41
Markus eine Frage,ich habe seit dem vorletzten Schritt von dir keine Probleme mehr.Soll ich den letzten Schritt von dir dennoch ausführen?

markusg 03.01.2013 18:45
Ja, bis zum Ende mitarbeiten.

Jack9183 03.01.2013 22:06
Combofix Logfile:
Code:
ComboFix 13-01-03.05 - Alex 03.01.2013  21:56:53.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8190.5520 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\NetServices
c:\users\Alex\AppData\Roaming\master
F:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-01 22:13 . 2013-01-01 22:13        --------        d-----w-        c:\programdata\boost_interprocess
2012-12-30 22:12 . 2013-01-01 01:15        --------        d-----w-        c:\windows\SysWow64\Adobe
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\users\Alex\AppData\Local\CRE
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\program files (x86)\Conduit
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\users\Alex\AppData\Local\Conduit
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\program files (x86)\BittorrentBar_DE
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\program files (x86)\BitTorrent
2012-12-29 19:02 . 2013-01-03 20:56        --------        d-----w-        c:\users\Alex\AppData\Roaming\BitTorrent
2012-12-28 12:25 . 2012-12-28 12:26        --------        d-----w-        c:\users\Alex\AppData\Roaming\FreeBurner
2012-12-28 12:25 . 2011-09-28 08:20        484352        ----a-w-        c:\windows\SysWow64\lame_enc.dll
2012-12-28 12:25 . 2011-09-28 08:20        200704        ----a-w-        c:\windows\SysWow64\vbalExpBar6.ocx
2012-12-28 12:25 . 2011-09-28 08:20        40960        ----a-w-        c:\windows\SysWow64\SSubTmr6.dll
2012-12-28 12:25 . 2011-09-28 08:20        32768        ----a-w-        c:\windows\SysWow64\CMDLGFR.DLL
2012-12-28 12:25 . 2011-09-28 08:20        15360        ----a-w-        c:\windows\SysWow64\inetfr.DLL
2012-12-28 12:25 . 2011-09-28 08:20        152848        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX
2012-12-28 12:25 . 2011-09-28 08:20        141312        ----a-w-        c:\windows\SysWow64\MSCMCFR.DLL
2012-12-28 12:25 . 2011-09-28 08:20        119568        ----a-w-        c:\windows\SysWow64\VB6FR.DLL
2012-12-28 12:25 . 2011-09-28 08:20        115920        ----a-w-        c:\windows\SysWow64\msinet.OCX
2012-12-28 12:25 . 2011-09-28 08:20        101888        ----a-w-        c:\windows\SysWow64\VB6STKIT.DLL
2012-12-28 12:25 . 2012-12-28 12:25        --------        d-----w-        c:\program files (x86)\Free Easy CD DVD Burner
2012-12-26 22:30 . 2012-12-26 22:30        2865        ----a-w-        c:\programdata\dsgsdgdsgdsgw.js
2012-12-26 20:21 . 2012-12-26 20:20        826654        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
2012-12-26 12:25 . 2012-12-26 12:25        --------        d-----w-        c:\users\Alex\AppData\Local\QuteScoop
2012-12-26 12:25 . 2012-12-26 12:25        --------        d-----w-        c:\program files (x86)\QuteScoop
2012-12-23 23:33 . 2012-12-26 14:14        --------        d-----w-        c:\program files (x86)\XAcars for MSFS
2012-12-23 23:31 . 2012-12-23 23:31        119        --sh--w-        c:\windows\cnerolf.bin
2012-12-23 23:19 . 2009-06-03 18:09        270336        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Mallorca X SC\LEPATraffic.exe
2012-12-23 23:15 . 2009-02-16 01:00        286720        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\German Airports 3\EDDHTraffic.exe
2012-12-23 23:14 . 2009-06-05 00:20        60400        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\VMCX_SP2.dll
2012-12-23 23:14 . 2009-06-05 00:20        60400        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\VMCX_AP.dll
2012-12-23 23:14 . 2009-06-05 00:20        56304        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaIScnX_AP.dll
2012-12-23 23:14 . 2009-06-05 00:20        56304        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaIScnX.dll
2012-12-23 23:14 . 2009-06-05 00:20        19952        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaNET_AP.dll
2012-12-23 23:14 . 2009-06-05 00:20        19440        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaNET.dll
2012-12-23 23:14 . 2009-06-05 00:20        16368        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\ViMaCoreX.dll
2012-12-23 23:14 . 2009-06-05 00:20        13824        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\hkeys.dll
2012-12-23 23:13 . 2009-08-25 09:21        1055232        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\German Airports 3\LuftbildtexturenBremen.exe
2012-12-23 23:13 . 2009-07-19 01:00        253952        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\German Airports 3\EDDWTraffic.exe
2012-12-23 23:09 . 2008-11-25 09:27        3696640        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Season.exe
2012-12-23 23:05 . 2008-05-26 19:38        21272        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG_SimConnect_Ldr.dll
2012-12-23 23:05 . 2008-05-26 19:38        14104        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\WaveLib.dll
2012-12-23 23:05 . 2007-04-28 22:30        118784        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\TCAS2v7.dll
2012-12-23 23:04 . 2008-05-26 19:38        115480        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\747400_LoadManager.exe
2012-12-23 23:04 . 2008-05-26 19:42        7232792        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_Main.dll
2012-12-23 23:04 . 2008-05-26 19:40        9803544        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_Overhead.dll
2012-12-23 23:04 . 2008-05-26 19:40        4593944        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_Center.dll
2012-12-23 23:04 . 2008-05-26 19:38        98584        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_ACS.dll
2012-12-23 23:04 . 2008-05-26 19:38        305944        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDGOptions.dll
2012-12-23 23:04 . 2008-05-26 19:38        80152        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDGEvents.dll
2012-12-23 23:04 . 2008-05-26 19:38        51480        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDGSounds.dll
2012-12-23 18:28 . 2012-12-23 18:30        --------        d-----w-        c:\program files (x86)\FSFDT
2012-12-23 18:25 . 2012-12-23 18:26        179        ----a-w-        c:\users\Alex\FSDreamTeam_GSX.reg
2012-12-23 18:16 . 2012-12-23 18:16        --------        d-----w-        c:\programdata\Virtuali
2012-12-23 18:15 . 2012-12-23 18:15        --------        d-----w-        c:\programdata\Licenses
2012-12-20 23:20 . 2012-12-20 23:20        --------        d-----w-        c:\programdata\FLEXnet
2012-12-20 23:15 . 2012-12-20 23:15        --------        d-----w-        c:\program files (x86)\Common Files\Macrovision Shared
2012-12-20 23:14 . 2011-12-09 11:39        12288        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDG_HUD_interface.dll
2012-12-20 23:14 . 2011-10-31 17:14        1167360        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\PMDG 737 NGX\PerfMan\NGXPerfMan.exe
2012-12-20 23:13 . 2011-12-08 19:31        532480        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_737NGX_3.dll
2012-12-20 23:13 . 2011-11-10 17:26        1262592        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\Livery Manager\PMDG_Livery_Manager.exe
2012-12-20 23:13 . 2011-12-09 11:43        4542464        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_737NGX_2.dll
2012-12-20 23:13 . 2011-12-09 11:43        99256320        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_737NGX.dll
2012-12-20 23:13 . 2010-11-20 16:01        268624        ----a-r-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FnpCommsSoap.dll
2012-12-20 09:25 . 2012-12-20 09:25        --------        d-----w-        c:\program files (x86)\Rainlendar2
2012-12-20 09:19 . 2013-01-03 16:16        --------        d-----w-        c:\users\Alex\.rainlendar2
2012-12-14 10:50 . 2013-01-01 01:21        --------        d-----w-        c:\users\Alex\AppData\Local\Google
2012-12-14 10:50 . 2013-01-01 01:21        --------        d-----w-        c:\program files (x86)\Google
2012-12-12 17:45 . 2012-12-12 17:45        --------        d-----w-        c:\programdata\Nikon
2012-12-11 09:58 . 2012-12-11 09:58        --------        d-----w-        c:\users\Alex\AppData\Roaming\Nikon
2012-12-11 09:58 . 2012-12-11 09:58        --------        d-----w-        c:\users\Alex\AppData\Local\Nikon
2012-12-11 09:22 . 2012-12-11 09:24        --------        d-----w-        c:\program files (x86)\ALDI Bestellsoftware
2012-12-07 19:31 . 2012-12-07 19:31        --------        d-----w-        c:\users\Alex\AppData\Local\City Bus Simulator Muenchen
2012-12-07 16:39 . 2012-12-07 16:39        --------        d-----w-        c:\windows\TML-Studios
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-03 20:06 . 2012-10-22 18:03        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-01-03 20:06 . 2012-10-19 03:19        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-01-03 20:06 . 2012-10-19 03:19        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-12-12 17:28 . 2012-10-18 23:51        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 17:28 . 2012-10-18 23:51        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 21:02 . 2012-10-19 00:06        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-12-11 21:02 . 2012-10-19 00:06        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-11-26 17:12 . 2012-10-19 03:19        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 13:10 . 2012-11-21 13:10        3123272        ----a-r-        c:\windows\SysWow64\pbsvc.exe
2012-11-14 16:06 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-11-14 16:06 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-11-14 14:06 . 2012-11-14 14:06        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-14 14:06 . 2012-11-14 14:06        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-11-14 14:06 . 2012-11-14 14:06        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 14:06 . 2012-11-14 14:06        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-11-14 14:06 . 2012-11-14 14:06        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-14 14:06 . 2012-11-14 14:06        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-11-14 14:06 . 2012-11-14 14:06        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 14:06 . 2012-11-14 14:06        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-11-14 14:06 . 2012-11-14 14:06        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-11-14 14:06 . 2012-11-14 14:06        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-11-14 14:06 . 2012-11-14 14:06        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 14:06 . 2012-11-14 14:06        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-11-14 14:06 . 2012-11-14 14:06        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-11-14 14:06 . 2012-11-14 14:06        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-14 14:06 . 2012-11-14 14:06        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-11-14 14:06 . 2012-11-14 14:06        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-11-14 14:06 . 2012-11-14 14:06        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-11-14 14:06 . 2012-11-14 14:06        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 14:06 . 2012-11-14 14:06        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 14:06 . 2012-11-14 14:06        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-11-14 14:06 . 2012-11-14 14:06        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-11-14 14:06 . 2012-11-14 14:06        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-11-14 14:06 . 2012-11-14 14:06        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 14:06 . 2012-11-14 14:06        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-11-14 14:06 . 2012-11-14 14:06        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 14:06 . 2012-11-14 14:06        197120        ----a-w-        c:\windows\system32\msrating.dll
2012-11-14 14:06 . 2012-11-14 14:06        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 14:06 . 2012-11-14 14:06        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 14:06 . 2012-11-14 14:06        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 14:06 . 2012-11-14 14:06        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 14:06 . 2012-11-14 14:06        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-11-14 14:06 . 2012-11-14 14:06        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2012-11-14 14:06 . 2012-11-14 14:06        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-11-14 14:06 . 2012-11-14 14:06        82432        ----a-w-        c:\windows\system32\icardie.dll
2012-11-14 14:06 . 2012-11-14 14:06        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 14:06 . 2012-11-14 14:06        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-11-14 14:06 . 2012-11-14 14:06        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 14:06 . 2012-11-14 14:06        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2012-11-14 14:06 . 2012-11-14 14:06        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 14:06 . 2012-11-14 14:06        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2012-11-14 14:06 . 2012-11-14 14:06        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2012-11-14 14:06 . 2012-11-14 14:06        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-11-14 14:06 . 2012-11-14 14:06        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-11-14 14:06 . 2012-11-14 14:06        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2012-11-14 14:06 . 2012-11-14 14:06        448512        ----a-w-        c:\windows\system32\html.iec
2012-11-14 14:06 . 2012-11-14 14:06        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2012-11-14 14:06 . 2012-11-14 14:06        39936        ----a-w-        c:\windows\system32\iernonce.dll
2012-11-14 14:06 . 2012-11-14 14:06        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2012-11-14 14:06 . 2012-11-14 14:06        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-11-14 14:06 . 2012-11-14 14:06        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2012-11-14 14:06 . 2012-11-14 14:06        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2012-11-14 14:06 . 2012-11-14 14:06        249344        ----a-w-        c:\windows\system32\webcheck.dll
2012-11-14 14:06 . 2012-11-14 14:06        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 14:06 . 2012-11-14 14:06        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 14:06 . 2012-11-14 14:06        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 14:06 . 2012-11-14 14:06        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 14:06 . 2012-11-14 14:06        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 14:06 . 2012-11-14 14:06        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-11-14 14:06 . 2012-11-14 14:06        163840        ----a-w-        c:\windows\system32\ieakui.dll
2012-11-14 14:06 . 2012-11-14 14:06        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-11-14 14:06 . 2012-11-14 14:06        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2012-11-14 14:06 . 2012-11-14 14:06        149504        ----a-w-        c:\windows\system32\occache.dll
2012-11-14 14:06 . 2012-11-14 14:06        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 14:06 . 2012-11-14 14:06        145920        ----a-w-        c:\windows\system32\iepeers.dll
2012-11-14 14:06 . 2012-11-14 14:06        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-11-14 14:06 . 2012-11-14 14:06        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-11-14 14:06 . 2012-11-14 14:06        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-11-14 14:06 . 2012-11-14 14:06        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-11-14 14:06 . 2012-11-14 14:06        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 14:06 . 2012-11-14 14:06        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2012-11-14 14:06 . 2012-11-14 14:06        103936        ----a-w-        c:\windows\system32\inseng.dll
2012-11-10 01:56 . 2012-11-10 01:56        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-11-10 01:56 . 2012-11-10 01:56        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-11-10 01:56 . 2012-11-10 01:56        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-29 20:04 . 2012-11-14 13:53        66395536        ----a-w-        c:\windows\system32\MRT.exe
2012-10-19 01:54 . 2012-10-19 01:34        80896        ----a-w-        c:\windows\cadkasdeinst01.exe
2012-10-18 18:25 . 2012-11-14 12:56        3149824        ----a-w-        c:\windows\system32\win32k.sys
2012-10-09 18:17 . 2012-11-16 11:36        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 11:36        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 11:36        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 11:36        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49        176936        ----a-w-        c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-12-29 2550640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2008-09-04 68760]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-11-05 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 81920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2015232]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 17:28]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 10:50]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 10:50]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://freemail.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: 2012-11-05 18:09; DTToolbar@toolbarnet.com; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\DTToolbar@toolbarnet.com
FF - ExtSQL: 2012-12-29 20:03; {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03  22:04:32
ComboFix-quarantined-files.txt  2013-01-03 21:04
.
Vor Suchlauf: 7 Verzeichnis(se), 517.726.793.728 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 517.725.769.728 Bytes frei
.
- - End Of File - - 7D930782E500492EAB30322312C71318
--- --- ---

markusg 04.01.2013 15:37
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Jack9183 05.01.2013 22:40
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [Administrator]

05.01.2013 19:23:18
mbam-log-2013-01-05 (19-23-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 907499
Laufzeit: 3 Stunde(n), 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\hulumuluch\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Program Files (x86)\DVDFab 6\dbghelp.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Users\Alex\Desktop\Desktopverknüpfungen\GTA4\Grand Theft Auto IV v1.0.7.0 + 12 Trainer.exe (HackTool.GamesCheat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 06.01.2013 18:02
hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Jack9183 09.01.2013 18:31
Markus den CCCleander bekomme ich bei mir nicht installiert.Er meldet mir immer einen Error!Virusprogramme sind abgeschaltet!

markusg 09.01.2013 18:34
Gehts vllt ein wenig genauer, ich sitze ja nicht vor dem pc, also musst du schon die Fehlermeldung posten.

Jack9183 11.01.2013 15:05
habs hinbekommen Markus.Anbei die Liste.Allerdings hatte ich heute wieder das Problem.Nach wie vor wenn ich den Rechner starte wird mit der Bildschirm gesperrt mit der Zahlungsaufforderung.

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Reader XI - Deutsch Adobe Systems Incorporated 19.10.2012 128MB 11.0.00 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 30.12.2012 11.6.8.638 notwendig
aerosoft's - German Airports 2-Cologne-Bonn X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - German Airports 2-Hannover X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - German Airports 3 - Bremen X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - German Airports 3 - Hamburg X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - Mallorca X for FSX aerosoft 24.12.2012 1.00 notwendig
aerosoft's - Nice Cote dAzur X aerosoft 24.12.2012 1.00 notwendig
ALDI Bestellsoftware 4.12.2 ORWO Net 11.12.2012 4.12.2 unnötig
Assassin's Creed (R) III Ubisoft 26.11.2012 1.01 unnötig
Avira Free Antivirus Avira 11.12.2012 122MB 13.0.0.2890 notwendig
Battlefield 3™ Electronic Arts 19.10.2012 1.4.0.0 notwendig
Battlelog Web Plugins EA Digital Illusions CE AB 21.11.2012 2.1.2 notwendig
BitTorrent 29.12.2012 7.0.0 notwendig
BittorrentBar_DE Toolbar BittorrentBar_DE 29.12.2012 6.9.0.16 unnötig
Briefe drucken 1 19.10.2012 notwendig
Brother MFL-Pro Suite DCP-195C Brother Industries, Ltd. 19.10.2012 1.0.1.0 notwendig
CCleaner Piriform 19.12.2012 3.26 unnötig
Citybus Simulator Munich aerosoft 07.12.2012 1.20 unnötig
DAEMON Tools Toolbar DT Soft Ltd 05.11.2012 1.1.2.0185 notwendig
Dieselpreisupdater inkl. Modverwaltung Version 3.0.2.0 ST Development 10.11.2012 45,4MB 3.0.2.0 notwendig
ESN Sonar ESN Social Software AB 06.11.2012 0.70.4 unbekannt
ETS2 Dieselpreisupdater Version 2.2.0.0 ST Development 01.11.2012 1,10MB 2.2.0.0 notwendig
Euro Truck Simulator 2 SCS Software 19.10.2012 1,59GB 1.1.1 notwendig
Firebird 2.0.4.13130 (win32) Firebird Project 29.10.2012 2.0.4.13130 unnötig
Free Easy Burner V 5.1 Koyote soft 28.12.2012 8,30MB 5.1.0.0 unnötig
Free Studio version 5.7.6.1015 DVDVideoSoft Ltd. 01.11.2012 546MB 5.7.6.1015 notwendig
FSDreamTeam GSX 1.7.7 06.01.2013 218MB notwendig
FSFDT FSCopilot 23.12.2012 notwendig
FSFDT FSInn 23.12.2012 notwendig
Google Chrome Google Inc. 01.01.2013 23.0.1271.97 unnötig
Google Earth Plug-in Google 19.12.2012 80,7MB 7.0.2.8415 unnötig
Hitman Absolution 22.11.2012 unnötig
Java 7 Update 9 Oracle 10.11.2012 128MB 7.0.90 nötig denk ich
JDownloader 0.9 AppWork GmbH 26.10.2012 0.9 notwendig
Jeppesen Format Print Driver Jeppesen 04.01.2013 1.1.0.5 notwendig
Jeppesen Program and Data Installation Jeppesen 10.01.2013 1.0.0.0 notwendig
Jeppesen Weather Service Jeppesen 04.01.2013 2.4.1.1 notwendig
Landwirtschafts Simulator 2013 GIANTS Software 26.10.2012 282MB 1.0 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.10.2012 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.10.2012 2,93MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 23.10.2012 51,9MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 23.10.2012 10,6MB 4.0.30319 unbekannt
Microsoft Flight Simulator X Service Pack 2 Microsoft Game Studios 21.12.2012 617MB 10.0.61472.0 notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 19.10.2012 12.0.4518.1014 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.12.2012 300KB 8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 07.12.2012 832KB 8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 07.12.2012 918KB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 07.12.2012 782KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 23.10.2012 788KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 21.12.2012 240KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 07.12.2012 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 24.12.2012 1,68MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.12.2012 598KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.10.2012 596KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.12.2012 232KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07.12.2012 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 19.10.2012 13,8MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.10.2012 11,1MB 10.0.40219 unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 05.12.2012 42,0MB 17.0.1 notwendig
Mozilla Maintenance Service Mozilla 05.12.2012 329KB 17.0.1 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2012 1,27MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.11.2012 1,33MB 4.20.9876.0 notwendig
MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 31.10.2012 1,23MB 4.20.9818.0 notwendig
MyPhoneExplorer F.J. Wechselberger 15.11.2012 1.8.4 notwendig
Nero 8 Nero AG 28.10.2012 1,71GB 8.3.312 notwendig
Nikon Message Center 2 Nikon 11.12.2012 9,42MB 2.1.0 notwendig
Nikon Movie Editor Nikon 11.12.2012 30,7MB 2.6.0 notwendig
novaPDF for SDK v7 (novaPDF 7.2 printer) Softland 04.01.2013 19,5MB notwendig
NVIDIA 3D Vision Controller-Treiber 310.90 NVIDIA Corporation 06.01.2013 310.90 notwendig
NVIDIA 3D Vision Treiber 310.90 NVIDIA Corporation 06.01.2013 310.90 notwendig
NVIDIA Grafiktreiber 310.90 NVIDIA Corporation 06.01.2013 310.90 notwendig
NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 06.01.2013 1.3.18.0 notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 06.01.2013 9.12.1031 notwendig
NVIDIA Update 1.11.3 NVIDIA Corporation 06.01.2013 1.11.3 notwendig
ObjectDock Free Stardock Corporation 19.10.2012 2.0 notwendig
Origin Electronic Arts, Inc. 19.10.2012 9.0.13.2142 unbekannt
Picture Control Utility x64 Nikon 11.12.2012 27,8MB 1.4.7 unbekannt
PMDG 737 8900 NGX PMDG Simulations, LLC. 21.12.2012 1.00.3118 notwendig
PMDG 747-400/400F for FSX Precision Manuals Development Group 24.12.2012 2.10.0040 notwendig
Protect Disc License Helper 1.0.125 (IE) Protect Disc 04.11.2012 1.0.125 unbekannt
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 04.11.2012 11.0.0.14 unbekannt
PunkBuster Services Even Balance, Inc. 25.11.2012 0.991 notwendig
QuteScoop QuteScoop 26.12.2012 69,9MB 2.1.10 notwendig
Rainlendar2 (remove only) 20.12.2012 notwendig
SAM Broadcaster (remove only) 29.10.2012 notwendig
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 09.11.2012 35,4MB 1.3.650.0 notwendig
SiSoftware Sandra Lite 2012.SP5c SiSoftware 23.10.2012 98,0MB 18.74.2012.10 unbekannt
Skype™ 6.0 Skype Technologies S.A. 28.11.2012 20,3MB 6.0.126 notwendig
Steam Valve Corporation 22.11.2012 35,4MB 1.0.0.0 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 30.10.2012 3.0.9.2 notwendig
TeamViewer 8 TeamViewer 04.01.2013 8.0.16642 notwendig
Trillian 23.10.2012 notwendig
Uplay Ubisoft 26.11.2012 2.0 unnötig
ViewNX 2 Nikon 11.12.2012 67,8MB 2.6.0 notwendig
VLC media player 2.0.4 VideoLAN 30.10.2012 2.0.4
Winamp Nullsoft, Inc 12.11.2012 5.63
Winamp Erkennungs-Plug-in Nullsoft, Inc 12.11.2012 75,0KB 1.0.0.1
WinRAR 19.10.2012
XAcars for Microsoft Flightsimulator XAcars Development Team 24.12.2012 8,61MB 2.5

markusg 11.01.2013 15:16
heißt das du hast dich erneut infiziert, denn du hast gepostet, du hast keine Probleme mehr.
nutzt du seiten wie kinox.to pornoseiten, illegales file sharing, dann finger weg davon, dann ists kein wunder, dass du dich erneut infiziert hst.
poste noch mal ein neues otl log wie am anfang.

Jack9183 11.01.2013 15:22
Nichts von all dem was du genannt hast!Ziehe bei Usenext dateien runter aber da zahlt man ja für.
Okay poste ich dir gleich

markusg 11.01.2013 15:24
Trotzdem ist das angebot dort teilweise illegal, wenn du dort software mit keygens bekommst, filme laden kannst, die grad im Kino laufen etc, dass kann logsicher weise nicht legal sein, außerdem sind solche Quellen gefährlich, jeder kann da seinen Müll reinstellen.

Jack9183 11.01.2013 15:26
Ah okay danke dir.Muss ich den OTL Schritt von Anfang an nochmal komplett durch führen?

markusg 11.01.2013 15:57
Das log erstellen, genau.

Jack9183 11.01.2013 17:56
OTL Logfile:
Code:
OTL logfile created on: 1/11/2013 3:50:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8082 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 618.95 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 493.47 Gb Free Space | 67.03% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 135.73 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 5.85 Gb Free Space | 78.46% Space Free | Partition Type: FAT32
Drive H: | 195.31 Gb Total Space | 195.22 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/17 17:07:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 04:49:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/25 19:06:27 | 000,076,888 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/14 07:18:20 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/19 23:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/23 01:46:12 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008/04/23 01:46:08 | 002,015,232 | ---- | M] (FirebirdSQL Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006/12/19 03:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/29 08:36:24 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/24 05:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Alex_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Alex_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E EE 64 51 54 EF CD 01  [binary data]
IE - HKU\Alex_ON_D\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.140.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader:  File not found
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Alex\AppData\Roaming\ProtectDISC\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/17 17:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\ideskbrowser@haufe.de
[2011/11/12 15:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2zh6uscq.default\extensions
[2011/11/12 15:44:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2zh6uscq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/11 13:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hcr05ihw.default\extensions
[2012/09/27 03:39:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hcr05ihw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/17 17:07:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 04:56:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/04 22:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/04 22:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/04 22:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/10 12:49:34 | 000,000,828 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3:64bit: - HKU\Alex_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\Alex_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\Alex_ON_D\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} -  File not found
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKU\Alex_ON_D..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\Alex_ON_D..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Alex_ON_D..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\UpdatusUser_ON_D..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyManager.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Alex_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Alex_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Alex_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\UpdatusUser_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "bootini" - 2
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/27 10:41:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/09 09:51:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Alex\AppData\Roaming\pcouffin.sys
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/20 04:18:59 | 000,000,790 | ---- | M] () -- C:\Users\Alex\Desktop\CCleaner.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/10 05:16:54 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2012/06/25 19:06:25 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 17:16:12 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012/04/09 09:51:25 | 000,099,384 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\inst.exe
[2012/04/09 09:51:25 | 000,007,859 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.cat
[2012/04/09 09:51:25 | 000,001,167 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.inf
[2012/01/08 08:25:16 | 000,003,584 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 09:52:03 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/10/14 09:42:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MAS
[2011/10/14 09:42:27 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Licenses
[2011/10/14 09:42:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices
[2011/10/14 09:42:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Licenses
[2011/10/14 09:42:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\Legacy
[2011/09/23 19:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Logs
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Light Machine
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Libraries
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/09/23 07:06:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic
[2011/09/23 07:06:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Nature
[2011/09/11 05:45:09 | 000,001,982 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\logs.dat
[2011/08/25 15:46:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011/08/13 15:40:27 | 000,141,736 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/30 09:23:49 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/06/30 09:19:01 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/12 18:47:50 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/06 16:19:00 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2010/12/17 22:50:52 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2010/10/14 17:11:40 | 000,000,439 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\TheHunterSettings_live.bin
[2010/10/14 17:07:13 | 000,000,043 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\TheHunterSettings_live.cfg
[2010/10/04 14:11:38 | 000,000,082 | ---- | C] () -- C:\Users\Alex\AppData\Local\X-Plane Installer.prf
[2010/10/04 05:22:35 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/26 04:31:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/09 15:29:23 | 001,648,546 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/01 15:55:13 | 002,444,656 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/26 14:09:25 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2010/06/23 19:25:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/18 16:14:32 | 000,000,133 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\default.pls
[2010/06/08 11:31:45 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll
[2010/06/04 03:31:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/03 10:15:29 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/29 08:31:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/29 07:27:52 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 07:27:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 07:27:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 16:17:57 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/15 19:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006/04/21 03:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
 
========== LOP Check ==========
 
[2012/07/20 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.mono
[2012/06/18 02:50:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\1&1
[2011/10/14 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AKVIS
[2012/08/13 13:15:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AnvSoft
[2010/09/15 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ArmA II Launcher
[2010/06/30 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\astragon Software GmbH
[2012/05/24 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari
[2012/05/13 06:34:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity
[2011/11/07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BF3CC
[2012/08/10 08:27:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2010/10/04 15:44:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BlackBean
[2011/04/08 06:39:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bridge!
[2012/08/19 04:17:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Broad Intelligence
[2011/06/26 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BuddyW
[2010/11/12 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ChartViewer
[2010/05/29 08:45:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2011/07/11 09:48:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Day 1 Studios
[2012/09/21 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/10/18 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2012/09/29 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2012/08/19 04:25:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/20 03:33:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Freemium
[2011/10/13 01:42:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
[2011/06/19 10:46:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Gutscheinmieze
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Haufe Mediengruppe
[2010/07/24 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HU2011
[2012/05/27 19:32:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Kalypso Media
[2010/07/15 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Laix
[2010/11/18 17:37:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2012/03/16 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\lennox
[2012/08/24 06:55:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lexware
[2011/09/29 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LimeWire
[2012/06/07 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lockheed Martin
[2010/07/16 12:27:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Metaversum
[2012/08/13 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MOVAVI
[2012/06/23 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MyPhoneExplorer
[2010/07/28 02:34:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Need for Speed World
[2011/09/29 11:35:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nikon
[2011/05/29 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2012/08/10 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2010/12/07 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ProtectDISC
[2010/08/26 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Quest3D
[2010/12/12 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RapidCRC
[2010/05/29 09:21:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RigNRoll_ger
[2010/08/26 09:38:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Roaming
[2010/09/04 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-rsync
[2010/11/17 11:50:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-updater
[2010/09/04 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spirited Machine
[2011/01/23 18:33:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sytexis Software
[2012/03/11 07:51:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2011/01/25 16:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thunderbird
[2012/08/04 06:16:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2011/11/13 02:19:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ts3overlay
[2012/08/14 08:32:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tunngle
[2012/06/25 18:59:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ubisoft
[2012/07/12 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity
[2012/06/07 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\VAT-Spy
[2012/06/07 11:18:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virtuali
[2012/04/09 10:09:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vso
[2010/12/28 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\wargaming.net
[2012/04/28 06:17:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\YoudaGames
[2012/07/20 19:21:18 | 000,000,000 | ---D | M] -- C:\ProgramData\.mono
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/12/18 07:15:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ClubSanDisk
[2011/09/21 17:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2011/01/23 10:24:07 | 000,000,000 | ---D | M] -- C:\ProgramData\createpart
[2010/05/29 08:42:33 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/12/07 09:11:24 | 000,000,000 | ---D | M] -- C:\ProgramData\DATA BECKER Downloads
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/12 12:20:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2010/05/29 05:21:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/02/24 18:11:39 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011/09/29 21:26:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/09/23 07:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2012/09/07 05:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Esellerate
[2011/01/23 10:17:09 | 000,000,000 | ---D | M] -- C:\ProgramData\explauncher
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012/08/24 06:52:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Haufe
[2010/10/14 15:35:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Hunter
[2012/04/28 06:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2011/01/23 10:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\launcher
[2012/08/24 06:55:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2011/09/23 19:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2012/03/16 17:01:03 | 000,000,000 | ---D | M] -- C:\ProgramData\OMSI AM
[2012/09/22 17:01:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2011/10/21 20:22:32 | 000,000,000 | ---D | M] -- C:\ProgramData\RELOADED
[2011/12/03 18:33:56 | 000,000,000 | ---D | M] -- C:\ProgramData\ROCCAT
[2011/07/01 11:55:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2010/06/26 09:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SEGA Corporation
[2011/09/30 10:51:48 | 000,000,000 | ---D | M] -- C:\ProgramData\sgs
[2011/08/14 05:23:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/10/16 17:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2012/08/29 14:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2012/10/18 10:39:32 | 000,000,000 | ---D | M] -- C:\ProgramData\twonkymedia
[2010/05/29 07:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2011/09/23 07:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2012/01/08 08:24:08 | 000,000,000 | ---D | M] -- C:\ProgramData\VideoConverter
[2012/06/07 11:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Virtuali
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/09 10:03:14 | 000,000,000 | ---D | M] -- C:\ProgramData\vsosdk
[2010/06/21 13:53:15 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/10/17 16:40:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4073651736-2417090932-1084573536-1001Core.job
[2012/10/18 07:40:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4073651736-2417090932-1084573536-1001UA.job
[2012/10/18 10:39:05 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\fsiyim.job
[2012/09/19 10:42:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Code:Alles auswählenAufklappen  >
 
< %SYSTEMDRIVE%\*. >
[2012/11/15 10:09:59 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2010/09/04 16:42:31 | 000,000,000 | ---D | M] -- C:\.gem
[2011/10/15 11:53:18 | 000,000,000 | ---D | M] -- C:\Boot
[2012/12/23 18:06:54 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012/11/15 10:28:05 | 000,000,000 | ---D | M] -- C:\DOSBox-0.72
[2012/08/23 05:53:56 | 000,000,000 | ---D | M] -- C:\Games
[2010/05/21 07:56:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012/12/27 16:06:19 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2010/07/15 13:29:22 | 000,000,000 | ---D | M] -- C:\Lichterfelde
[2011/04/17 05:06:20 | 000,000,000 | ---D | M] -- C:\m-r-software
[2012/12/20 18:17:09 | 000,000,000 | ---D | M] -- C:\msdownld.tmp
[2010/06/13 04:13:46 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/05/05 05:17:16 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/01 14:38:55 | 000,000,000 | ---D | M] -- C:\Planer2
[2012/09/07 07:34:40 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/11/22 07:55:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/10/09 05:02:16 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010/07/15 11:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData (x86)
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2010/10/02 04:33:17 | 000,000,000 | ---D | M] -- C:\Python26
[2010/05/28 16:17:57 | 000,000,000 | ---D | M] -- C:\RaidTool
[2010/05/28 16:17:29 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/09/06 15:49:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/10/05 02:50:07 | 000,000,000 | ---D | M] -- C:\temp
[2010/06/03 10:29:45 | 000,000,000 | ---D | M] -- C:\TempDump
[2011/09/11 05:45:09 | 000,000,000 | ---D | M] -- C:\timer2tray
[2010/11/20 18:15:10 | 000,000,000 | ---D | M] -- C:\tmp
[2012/08/04 20:21:49 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2012/02/24 06:47:30 | 000,000,000 | R--D | M] -- C:\Users
[2012/10/16 21:01:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/02/18 03:03:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/26 01:46:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/02/18 03:03:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/10/26 01:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/02/18 03:03:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/10/26 01:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/02/18 03:03:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/10/26 01:46:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\OemDrv\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_093f326ff5f9285e\iaStor.sys
[2009/10/02 06:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\Drivers\iastor\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/02/18 03:03:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/02/18 03:03:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:0BB9B46A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:054B9966
< End of report >
--- --- ---

markusg 11.01.2013 19:44
hmm, hast du das Log erstellt wie oben? denn man sieht nur Dateien aus 2012
schaun wir mal obs so geht
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Jack9183 11.01.2013 19:50
Ja habe alles so gemacht wie oben.Die CD gebrannt,Programm gestartet,die Textdateien eingetragen und scannen lassen.Nach 3 Stunden war er fertig und der Text der mir dann angezeigt wurde ist der oben den ich dir da gepostet habe.
Ps.Ich sitze an dem infizierten Rechner!

Also den Haken nicht raus nehmen dann im OTL sondern drin lassen?

markusg 11.01.2013 20:55
was meinst du mit, du sitzt am infiziertem pc, ich denk der kann nicht normal starten, oder arbeitest du von der cd oder wie?

Jack9183 11.01.2013 21:32
Nein es ist ein Trick wie man die Sperrung umgehen kann aber das ist immer Glückssache obs geht oder nicht.Deswegen sitze ich jetzt gerade an dem Rechner der auch diesen Trojaner drauf hat!

markusg 11.01.2013 21:43
dann das ausführen
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jack9183 12.01.2013 02:41
Combofix Logfile:
Code:
ComboFix 13-01-11.02 - Alex 12.01.2013  2:30.2.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8190.6458 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\Alex\wgsdgsdgdsgsd.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-12 bis 2013-01-12  ))))))))))))))))))))))))))))))
.
.
2013-01-12 01:36 . 2013-01-12 01:36        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-12 01:36 . 2013-01-12 01:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-11 13:51 . 2013-01-11 13:51        --------        d-----w-        c:\program files\CCleaner
2013-01-10 17:02 . 2013-01-10 17:02        65        ----a-w-        c:\programdata\dsgsdgdsgdsgw.bat
2013-01-10 17:02 . 2013-01-10 17:02        159        ----a-w-        c:\programdata\dsgsdgdsgdsgw.reg
2013-01-06 18:06 . 2012-03-13 16:42        57344        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsdreamteam\couatl\Patcher.exe
2013-01-06 18:06 . 2013-01-06 17:55        826654        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
2013-01-06 15:43 . 2013-01-06 15:43        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2013-01-05 18:15 . 2013-01-05 18:15        --------        d-----w-        c:\users\Alex\AppData\Roaming\Malwarebytes
2013-01-05 17:31 . 2013-01-05 17:31        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-04 20:10 . 2013-01-04 20:10        --------        d-----w-        c:\program files (x86)\Common Files\NSV
2013-01-04 15:50 . 2013-01-04 15:50        --------        d-----w-        c:\users\Alex\AppData\Local\Jeppesen
2013-01-04 15:49 . 2012-04-09 02:22        87552        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\JeppPrint.dll
2013-01-04 15:49 . 2012-04-09 02:22        121344        ----a-w-        c:\windows\system32\JFPDView.dll
2013-01-04 15:49 . 2013-01-04 15:49        --------        d-----w-        c:\program files\Jeppesen
2013-01-04 15:46 . 2013-01-04 15:46        --------        d-----w-        c:\users\Alex\AppData\Roaming\Softland
2013-01-04 15:46 . 2010-09-20 09:31        28488        ----a-w-        c:\windows\system32\novamnk7.dll
2013-01-04 15:46 . 2010-09-20 09:31        20808        ----a-w-        c:\windows\system32\novamik7.dll
2013-01-04 15:46 . 2010-02-05 14:00        1700352        ----a-w-        c:\windows\system32\GdiPlus.dll
2013-01-04 15:46 . 2013-01-04 15:46        --------        d-----w-        c:\program files\Softland
2013-01-04 15:39 . 2013-01-04 15:50        --------        d-----w-        c:\program files (x86)\Jeppesen
2013-01-04 15:35 . 2013-01-04 15:45        --------        d-----w-        c:\programdata\Jeppesen
2013-01-01 22:13 . 2013-01-01 22:13        --------        d-----w-        c:\programdata\boost_interprocess
2012-12-30 22:12 . 2013-01-01 01:15        --------        d-----w-        c:\windows\SysWow64\Adobe
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\users\Alex\AppData\Local\CRE
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\program files (x86)\Conduit
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\users\Alex\AppData\Local\Conduit
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\program files (x86)\BittorrentBar_DE
2012-12-29 19:03 . 2012-12-29 19:03        --------        d-----w-        c:\program files (x86)\BitTorrent
2012-12-29 19:02 . 2013-01-11 17:06        --------        d-----w-        c:\users\Alex\AppData\Roaming\BitTorrent
2012-12-29 01:54 . 2012-12-29 01:54        550328        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-12-28 12:25 . 2012-12-28 12:26        --------        d-----w-        c:\users\Alex\AppData\Roaming\FreeBurner
2012-12-28 12:25 . 2011-09-28 08:20        484352        ----a-w-        c:\windows\SysWow64\lame_enc.dll
2012-12-28 12:25 . 2011-09-28 08:20        200704        ----a-w-        c:\windows\SysWow64\vbalExpBar6.ocx
2012-12-28 12:25 . 2011-09-28 08:20        40960        ----a-w-        c:\windows\SysWow64\SSubTmr6.dll
2012-12-28 12:25 . 2011-09-28 08:20        32768        ----a-w-        c:\windows\SysWow64\CMDLGFR.DLL
2012-12-28 12:25 . 2011-09-28 08:20        15360        ----a-w-        c:\windows\SysWow64\inetfr.DLL
2012-12-28 12:25 . 2011-09-28 08:20        152848        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX
2012-12-28 12:25 . 2011-09-28 08:20        141312        ----a-w-        c:\windows\SysWow64\MSCMCFR.DLL
2012-12-28 12:25 . 2011-09-28 08:20        119568        ----a-w-        c:\windows\SysWow64\VB6FR.DLL
2012-12-28 12:25 . 2011-09-28 08:20        115920        ----a-w-        c:\windows\SysWow64\msinet.OCX
2012-12-28 12:25 . 2011-09-28 08:20        101888        ----a-w-        c:\windows\SysWow64\VB6STKIT.DLL
2012-12-28 12:25 . 2012-12-28 12:25        --------        d-----w-        c:\program files (x86)\Free Easy CD DVD Burner
2012-12-26 22:30 . 2013-01-10 17:02        2865        ----a-w-        c:\programdata\dsgsdgdsgdsgw.js
2012-12-26 12:25 . 2012-12-26 12:25        --------        d-----w-        c:\users\Alex\AppData\Local\QuteScoop
2012-12-26 12:25 . 2012-12-26 12:25        --------        d-----w-        c:\program files (x86)\QuteScoop
2012-12-23 23:33 . 2012-12-26 14:14        --------        d-----w-        c:\program files (x86)\XAcars for MSFS
2012-12-23 23:31 . 2012-12-23 23:31        119        --sh--w-        c:\windows\cnerolf.bin
2012-12-23 23:19 . 2009-06-03 18:09        270336        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Mallorca X SC\LEPATraffic.exe
2012-12-23 23:15 . 2009-02-16 01:00        286720        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\German Airports 3\EDDHTraffic.exe
2012-12-23 23:14 . 2009-06-05 00:20        60400        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\VMCX_SP2.dll
2012-12-23 23:14 . 2009-06-05 00:20        60400        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\VMCX_AP.dll
2012-12-23 23:14 . 2009-06-05 00:20        56304        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaIScnX_AP.dll
2012-12-23 23:14 . 2009-06-05 00:20        56304        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaIScnX.dll
2012-12-23 23:14 . 2009-06-05 00:20        19952        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaNET_AP.dll
2012-12-23 23:14 . 2009-06-05 00:20        19440        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\ViMaNET.dll
2012-12-23 23:14 . 2009-06-05 00:20        16368        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\ViMaCoreX.dll
2012-12-23 23:14 . 2009-06-05 00:20        13824        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\bin\hkeys.dll
2012-12-23 23:13 . 2009-08-25 09:21        1055232        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\German Airports 3\LuftbildtexturenBremen.exe
2012-12-23 23:13 . 2009-07-19 01:00        253952        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\German Airports 3\EDDWTraffic.exe
2012-12-23 23:09 . 2008-11-25 09:27        3696640        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Season.exe
2012-12-23 23:05 . 2008-05-26 19:38        21272        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG_SimConnect_Ldr.dll
2012-12-23 23:05 . 2008-05-26 19:38        14104        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\WaveLib.dll
2012-12-23 23:05 . 2007-04-28 22:30        118784        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\TCAS2v7.dll
2012-12-23 23:04 . 2008-05-26 19:38        115480        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\747400_LoadManager.exe
2012-12-23 23:04 . 2008-05-26 19:42        7232792        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_Main.dll
2012-12-23 23:04 . 2008-05-26 19:40        9803544        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_Overhead.dll
2012-12-23 23:04 . 2008-05-26 19:40        4593944        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_Center.dll
2012-12-23 23:04 . 2008-05-26 19:38        98584        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_747400_ACS.dll
2012-12-23 23:04 . 2008-05-26 19:38        305944        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDGOptions.dll
2012-12-23 23:04 . 2008-05-26 19:38        80152        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDGEvents.dll
2012-12-23 23:04 . 2008-05-26 19:38        51480        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDGSounds.dll
2012-12-23 18:28 . 2012-12-23 18:30        --------        d-----w-        c:\program files (x86)\FSFDT
2012-12-23 18:25 . 2012-12-23 18:26        179        ----a-w-        c:\users\Alex\FSDreamTeam_GSX.reg
2012-12-23 18:16 . 2012-12-23 18:16        --------        d-----w-        c:\programdata\Virtuali
2012-12-23 18:15 . 2012-12-23 18:15        --------        d-----w-        c:\programdata\Licenses
2012-12-20 23:20 . 2012-12-20 23:20        --------        d-----w-        c:\programdata\FLEXnet
2012-12-20 23:15 . 2012-12-20 23:15        --------        d-----w-        c:\program files (x86)\Common Files\Macrovision Shared
2012-12-20 23:14 . 2011-12-09 11:39        12288        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\dlls\PMDG_HUD_interface.dll
2012-12-20 23:14 . 2011-10-31 17:14        1167360        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\PMDG 737 NGX\PerfMan\NGXPerfMan.exe
2012-12-20 23:13 . 2011-12-08 19:31        532480        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_737NGX_3.dll
2012-12-20 23:13 . 2011-11-10 17:26        1262592        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\PMDG\Livery Manager\PMDG_Livery_Manager.exe
2012-12-20 23:13 . 2011-12-09 11:43        4542464        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_737NGX_2.dll
2012-12-20 23:13 . 2011-12-09 11:43        99256320        ----a-w-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\PMDG_737NGX.dll
2012-12-20 23:13 . 2010-11-20 16:01        268624        ----a-r-        c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FnpCommsSoap.dll
2012-12-20 09:25 . 2012-12-20 09:25        --------        d-----w-        c:\program files (x86)\Rainlendar2
2012-12-20 09:19 . 2013-01-11 17:05        --------        d-----w-        c:\users\Alex\.rainlendar2
2012-12-14 10:50 . 2013-01-01 01:21        --------        d-----w-        c:\users\Alex\AppData\Local\Google
2012-12-14 10:50 . 2013-01-01 01:21        --------        d-----w-        c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 23:59 . 2012-10-22 18:03        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-01-11 23:59 . 2012-10-19 03:19        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-01-11 23:59 . 2012-10-19 03:19        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-01-08 20:28 . 2012-10-18 23:51        74248        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 20:28 . 2012-10-18 23:51        697864        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-29 10:34 . 2012-10-18 23:54        2824656        ----a-w-        c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-18 23:54        2504248        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-18 23:54        1813432        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-18 23:54        15129064        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2012-10-18 23:54        15052368        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-10-18 23:54        1504696        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-18 23:54        12641120        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2012-10-18 23:54        1107592        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-12-29 08:40 . 2012-10-18 23:54        6382008        ----a-w-        c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2012-10-18 23:54        3455416        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-10-18 23:54        2923201        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2012-10-18 23:54        884152        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2012-10-18 23:54        63928        ----a-w-        c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2012-10-18 23:54        2558392        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2012-10-18 23:54        118712        ----a-w-        c:\windows\system32\nvmctray.dll
2012-12-11 21:02 . 2012-10-19 00:06        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-12-11 21:02 . 2012-10-19 00:06        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-12-11 11:56 . 2012-12-11 11:56        61440        ----a-r-        c:\users\Alex\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-12-11 11:55 . 2012-12-11 11:56        106496        ----a-w-        c:\windows\SysWow64\ATL71.DLL
2012-11-26 17:12 . 2012-10-19 03:19        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 13:10 . 2012-11-21 13:10        3123272        ----a-r-        c:\windows\SysWow64\pbsvc.exe
2012-11-14 16:06 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-11-14 16:06 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-11-14 14:06 . 2012-11-14 14:06        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-14 14:06 . 2012-11-14 14:06        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-11-14 14:06 . 2012-11-14 14:06        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 14:06 . 2012-11-14 14:06        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-11-14 14:06 . 2012-11-14 14:06        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-14 14:06 . 2012-11-14 14:06        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-11-14 14:06 . 2012-11-14 14:06        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 14:06 . 2012-11-14 14:06        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-11-14 14:06 . 2012-11-14 14:06        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-11-14 14:06 . 2012-11-14 14:06        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-11-14 14:06 . 2012-11-14 14:06        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 14:06 . 2012-11-14 14:06        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-11-14 14:06 . 2012-11-14 14:06        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-11-14 14:06 . 2012-11-14 14:06        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-14 14:06 . 2012-11-14 14:06        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-11-14 14:06 . 2012-11-14 14:06        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-11-14 14:06 . 2012-11-14 14:06        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-11-14 14:06 . 2012-11-14 14:06        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 14:06 . 2012-11-14 14:06        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 14:06 . 2012-11-14 14:06        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-11-14 14:06 . 2012-11-14 14:06        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-11-14 14:06 . 2012-11-14 14:06        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-11-14 14:06 . 2012-11-14 14:06        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 14:06 . 2012-11-14 14:06        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-11-14 14:06 . 2012-11-14 14:06        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 14:06 . 2012-11-14 14:06        197120        ----a-w-        c:\windows\system32\msrating.dll
2012-11-14 14:06 . 2012-11-14 14:06        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 14:06 . 2012-11-14 14:06        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 14:06 . 2012-11-14 14:06        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 14:06 . 2012-11-14 14:06        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 14:06 . 2012-11-14 14:06        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-11-14 14:06 . 2012-11-14 14:06        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2012-11-14 14:06 . 2012-11-14 14:06        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-11-14 14:06 . 2012-11-14 14:06        82432        ----a-w-        c:\windows\system32\icardie.dll
2012-11-14 14:06 . 2012-11-14 14:06        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 14:06 . 2012-11-14 14:06        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-11-14 14:06 . 2012-11-14 14:06        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 14:06 . 2012-11-14 14:06        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2012-11-14 14:06 . 2012-11-14 14:06        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 14:06 . 2012-11-14 14:06        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2012-11-14 14:06 . 2012-11-14 14:06        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2012-11-14 14:06 . 2012-11-14 14:06        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-11-14 14:06 . 2012-11-14 14:06        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-11-14 14:06 . 2012-11-14 14:06        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2012-11-14 14:06 . 2012-11-14 14:06        448512        ----a-w-        c:\windows\system32\html.iec
2012-11-14 14:06 . 2012-11-14 14:06        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2012-11-14 14:06 . 2012-11-14 14:06        39936        ----a-w-        c:\windows\system32\iernonce.dll
2012-11-14 14:06 . 2012-11-14 14:06        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2012-11-14 14:06 . 2012-11-14 14:06        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-11-14 14:06 . 2012-11-14 14:06        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2012-11-14 14:06 . 2012-11-14 14:06        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2012-11-14 14:06 . 2012-11-14 14:06        249344        ----a-w-        c:\windows\system32\webcheck.dll
2012-11-14 14:06 . 2012-11-14 14:06        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 14:06 . 2012-11-14 14:06        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 14:06 . 2012-11-14 14:06        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 14:06 . 2012-11-14 14:06        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 14:06 . 2012-11-14 14:06        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 14:06 . 2012-11-14 14:06        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-11-14 14:06 . 2012-11-14 14:06        163840        ----a-w-        c:\windows\system32\ieakui.dll
2012-11-14 14:06 . 2012-11-14 14:06        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-11-14 14:06 . 2012-11-14 14:06        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2012-11-14 14:06 . 2012-11-14 14:06        149504        ----a-w-        c:\windows\system32\occache.dll
2012-11-14 14:06 . 2012-11-14 14:06        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 14:06 . 2012-11-14 14:06        145920        ----a-w-        c:\windows\system32\iepeers.dll
2012-11-14 14:06 . 2012-11-14 14:06        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-11-14 14:06 . 2012-11-14 14:06        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-11-14 14:06 . 2012-11-14 14:06        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-11-14 14:06 . 2012-11-14 14:06        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-11-14 14:06 . 2012-11-14 14:06        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 14:06 . 2012-11-14 14:06        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2012-11-14 14:06 . 2012-11-14 14:06        103936        ----a-w-        c:\windows\system32\inseng.dll
2012-11-10 01:56 . 2012-11-10 01:56        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49        176936        ----a-w-        c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-12-29 2550640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2008-09-04 68760]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-11-05 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 81920]
S2 JWC;Jeppesen Weather Controller Service;c:\program files (x86)\Jeppesen\JWC\JWC.exe [2012-02-23 510512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2015232]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 13:55        1606760        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 20:28]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 10:50]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 10:50]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://freemail.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: 2012-12-29 20:03; {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-12  02:38:20
ComboFix-quarantined-files.txt  2013-01-12 01:38
ComboFix2.txt  2013-01-03 21:04
.
Vor Suchlauf: 11 Verzeichnis(se), 529.086.554.112 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 529.015.828.480 Bytes frei
.
- - End Of File - - 049F523F5B6A37C42A5E169B98108FFF
--- --- ---

markusg 13.01.2013 18:16
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ALDI
Assassin's
BittorrentBar_DE
BitTorrent : wenn du hier illegale Downloads machst, ist eine neu infektion sehr warscheinlich, hoffe du hast aus 2 infektionen innerhalb von Tagen wenigstens was gelernt.
Citybus
Firebird
Free Easy
Google : beide
Hitman
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Uplay
öffne CCleaner, analysieren starten, PC neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Jack9183 13.01.2013 20:55
soll ich die ganz normal deinstallieren oder mit irgendeinem Programm?

markusg 13.01.2013 21:00
Hi
ganz normal.

Jack9183 13.01.2013 23:57
# AdwCleaner v2.105 - Datei am 13/01/2013 um 23:55:29 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Alex - ALEX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Alex\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Ordner Gefunden : C:\Users\Alex\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\CT2849855
Ordner Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Ordner Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\DTToolbar@toolbarnet.com
Ordner Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\Smartbar
Ordner Gefunden : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\SweetPacksToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKU\S-1-5-21-126657547-3499994838-3448077436-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\prefs.js

Gefunden : user_pref("CT2849855.1000234.TWC_TMP_city", "MUENCHEN");
Gefunden : user_pref("CT2849855.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2849855.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2849855.FirstTime", "true");
Gefunden : user_pref("CT2849855.FirstTimeFF3", "true");
Gefunden : user_pref("CT2849855.LoginRevertSettingsEnabled", true);
Gefunden : user_pref("CT2849855.PairingKey.enc", "NjZEMDg4QkUyOTU2OUNFNzJFODc3MENERkM2MjkwNjk2QjY1QUI3OA==");
Gefunden : user_pref("CT2849855.RevertSettingsEnabled", true);
Gefunden : user_pref("CT2849855.UserID", "UN36924149166426823");
Gefunden : user_pref("CT2849855.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2849855.autoDisableScopes", -1);
Gefunden : user_pref("CT2849855.defaultSearch", "false");
Gefunden : user_pref("CT2849855.embeddedsData", "[{\"appId\":\"129349796699500456\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2849855.enableAlerts", "always");
Gefunden : user_pref("CT2849855.enableSearchFromAddressBar", "false");
Gefunden : user_pref("CT2849855.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2849855.fixPageNotFoundError", "true");
Gefunden : user_pref("CT2849855.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2849855.fixUrls", true);
Gefunden : user_pref("CT2849855.installType", "xpe");
Gefunden : user_pref("CT2849855.isCheckedStartAsHidden", true);
Gefunden : user_pref("CT2849855.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.isFirstTimeToolbarLoading", "false");
Gefunden : user_pref("CT2849855.isNewTabEnabled", false);
Gefunden : user_pref("CT2849855.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2849855.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2849855.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.migrateAppsAndComponents", true);
Gefunden : user_pref("CT2849855.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Gefunden : user_pref("CT2849855.openThankYouPage", "true");
Gefunden : user_pref("CT2849855.openUninstallPage", "false");
Gefunden : user_pref("CT2849855.revertSettingsEnabled", "false");
Gefunden : user_pref("CT2849855.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Gefunden : user_pref("CT2849855.search.searchAppId", "129349796699500456");
Gefunden : user_pref("CT2849855.search.searchCount", "0");
Gefunden : user_pref("CT2849855.searchInNewTabEnabled", "false");
Gefunden : user_pref("CT2849855.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2849855.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2849855.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356807796077");
Gefunden : user_pref("CT2849855.serviceLayer_services_appsMetadata_lastUpdate", "1356807796064");
Gefunden : user_pref("CT2849855.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356807796658");
Gefunden : user_pref("CT2849855.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358106329339");
Gefunden : user_pref("CT2849855.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356807796688");
Gefunden : user_pref("CT2849855.serviceLayer_services_searchAPI_lastUpdate", "1356807795501");
Gefunden : user_pref("CT2849855.serviceLayer_services_serviceMap_lastUpdate", "1358100897782");
Gefunden : user_pref("CT2849855.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356807796636");
Gefunden : user_pref("CT2849855.serviceLayer_services_toolbarSettings_lastUpdate", "1358113529346");
Gefunden : user_pref("CT2849855.serviceLayer_services_translation_lastUpdate", "1358100897909");
Gefunden : user_pref("CT2849855.settingsINI", true);
Gefunden : user_pref("CT2849855.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2849855.smartbar.CTID", "CT2849855");
Gefunden : user_pref("CT2849855.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2849855.smartbar.toolbarName", "BittorrentBar_DE ");
Gefunden : user_pref("CT2849855.startPage", "false");
Gefunden : user_pref("CT2849855.toolbarBornServerTime", "29-12-2012");
Gefunden : user_pref("CT2849855.toolbarCurrentServerTime", "13-1-2013");
Gefunden : user_pref("CT2849855.uTTorrents.enc", "eyJidWlsZCI6MjExODAsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjI2RjkwM[...]
Gefunden : user_pref("CT2849855_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gefunden : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
Gefunden : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gefunden : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gefunden : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1358114105781");
Gefunden : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gefunden : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gefunden : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Gefunden : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.newtab.created", "false");
Gefunden : user_pref("sweetim.toolbar.newtab.enable", "true");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gefunden : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gefunden : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gefunden : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gefunden : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gefunden : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{81B0552C-1F7C-11E2-ACC4-6CF049E17376}");
Gefunden : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [26264 octets] - [13/01/2013 23:55:29]

########## EOF - C:\AdwCleaner[R1].txt - [26325 octets] ##########

markusg 14.01.2013 20:27
hi


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)
neustarten bitte, teste, wie der PC läuft, auch alle instalierten Browser.

Jack9183 15.01.2013 00:21
# AdwCleaner v2.105 - Datei am 15/01/2013 um 00:17:29 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Alex - ALEX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Alex\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\CT2849855
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\extensions\DTToolbar@toolbarnet.com
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\Smartbar
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\SweetPacksToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\prefs.js

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\gdfbx069.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2849855.1000234.TWC_TMP_city", "MUENCHEN");
Gelöscht : user_pref("CT2849855.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2849855.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2849855.FirstTime", "true");
Gelöscht : user_pref("CT2849855.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2849855.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2849855.PairingKey.enc", "NjZEMDg4QkUyOTU2OUNFNzJFODc3MENERkM2MjkwNjk2QjY1QUI3OA==");
Gelöscht : user_pref("CT2849855.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2849855.UserID", "UN36924149166426823");
Gelöscht : user_pref("CT2849855.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2849855.autoDisableScopes", -1);
Gelöscht : user_pref("CT2849855.defaultSearch", "false");
Gelöscht : user_pref("CT2849855.embeddedsData", "[{\"appId\":\"129349796699500456\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2849855.enableAlerts", "always");
Gelöscht : user_pref("CT2849855.enableSearchFromAddressBar", "false");
Gelöscht : user_pref("CT2849855.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2849855.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2849855.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2849855.fixUrls", true);
Gelöscht : user_pref("CT2849855.installType", "xpe");
Gelöscht : user_pref("CT2849855.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2849855.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2849855.isNewTabEnabled", false);
Gelöscht : user_pref("CT2849855.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2849855.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2849855.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2849855.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2849855.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.openThankYouPage", "true");
Gelöscht : user_pref("CT2849855.openUninstallPage", "false");
Gelöscht : user_pref("CT2849855.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2849855.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Gelöscht : user_pref("CT2849855.search.searchAppId", "129349796699500456");
Gelöscht : user_pref("CT2849855.search.searchCount", "0");
Gelöscht : user_pref("CT2849855.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2849855.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2849855.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2849855.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356807796077");
Gelöscht : user_pref("CT2849855.serviceLayer_services_appsMetadata_lastUpdate", "1356807796064");
Gelöscht : user_pref("CT2849855.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356807796658");
Gelöscht : user_pref("CT2849855.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358205111753");
Gelöscht : user_pref("CT2849855.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356807796688");
Gelöscht : user_pref("CT2849855.serviceLayer_services_searchAPI_lastUpdate", "1356807795501");
Gelöscht : user_pref("CT2849855.serviceLayer_services_serviceMap_lastUpdate", "1358190711468");
Gelöscht : user_pref("CT2849855.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356807796636");
Gelöscht : user_pref("CT2849855.serviceLayer_services_toolbarSettings_lastUpdate", "1358205112046");
Gelöscht : user_pref("CT2849855.serviceLayer_services_translation_lastUpdate", "1358190712147");
Gelöscht : user_pref("CT2849855.settingsINI", true);
Gelöscht : user_pref("CT2849855.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2849855.smartbar.CTID", "CT2849855");
Gelöscht : user_pref("CT2849855.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2849855.smartbar.toolbarName", "BittorrentBar_DE ");
Gelöscht : user_pref("CT2849855.startPage", "false");
Gelöscht : user_pref("CT2849855.toolbarBornServerTime", "29-12-2012");
Gelöscht : user_pref("CT2849855.toolbarCurrentServerTime", "15-1-2013");
Gelöscht : user_pref("CT2849855.uTTorrents.enc", "eyJidWlsZCI6MjExODAsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjI2RjkwM[...]
Gelöscht : user_pref("CT2849855_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1358114105781");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{81B0552C-1F7C-11E2-ACC4-6CF049E17376}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [26297 octets] - [13/01/2013 23:55:29]
AdwCleaner[S1].txt - [26360 octets] - [15/01/2013 00:17:29]

########## EOF - C:\AdwCleaner[S1].txt - [26421 octets] ##########

markusg 15.01.2013 20:44
nu warte ich noch auf die Antwort auf meine Frage

Jack9183 15.01.2013 20:50
Welche Frage?Bis jetzt läuft alles ganz normal!Keine Probleme.Bis jetzt!!

markusg 15.01.2013 21:55
ja, das war die Frage, nachzulesen im letzten Post :-)
öffne OTL, bereinigen, pc startet neu, Remover werden gelöscht.
Lösche übriggebliebene Remover, Logs, Setups.
Leere den Papierkorb.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Jack9183 16.01.2013 06:30
Also von Avira Antiwirus hälst du nix????

markusg 16.01.2013 18:44
Hi,
emsisoft, wenn du wichtiges am PC machst, wie onlinebanking, einkäufe, sonstige Zahlungsabwicklungen, oder berufliches, denke für 15 € passt das.
Avast ansonsten.
Ich find Avira ok, nur leider musst du die Ask toolbar instalieren, um alle Funktionen nutzen zu können, deswegen ein anderes.

Jack9183 16.01.2013 19:06
Also ich habe kein Ask mit installiert.Aber ich werde mir deine Empfehlung mal ansehen.Du hast geschrieben mit OLS alles löschen.Also CD wieder rein und von CD rebooten?

markusg 16.01.2013 20:44
hi
sorry.
http://filepony.de/download-otl/
laden und wie beschrieben bereinigen klicken.

Jack9183 14.02.2013 00:44
alles bestens bis jetzt.Vielen vielen Dank Markus.Kann ich mich irgendwie dankbar zeigen?

markusg 14.02.2013 11:13
hi
du kannst zb an uns spenden, Link in meiner Signatur.
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.

Jack9183 14.02.2013 11:40
wie gut das ich nichts von deiner Checkliste kenne..sprich ich kann damit nichts anfangen?!.
Und natürlich wären deutsche Updates von Vorteil.^^

markusg 14.02.2013 11:43
wieso hast du post 41 nicht gelesen? da steht alles seit einigen Tagen.

Jack9183 14.02.2013 11:48
Achso das gehört zusammen.....habe ich irgendwie überlesen.Dann werde ich das noch machen.

markusg 14.02.2013 12:03
Kannst dich ja anhand der Liste orientieren.

Jack9183 14.02.2013 13:15
Also ich benutze als Browser Firefox und ich habe mir Emsisoft Anti Malware geholt.Nur weiß ich nun nicht ob das auch gegen Viren ist!

markusg 14.02.2013 14:00
hi,
schon Chrome angesehen, er beitet einige Sicherheitsfeatures, die der FF nicht hatt, und sollte schneller sein.
Emsi schützt gegen alle Arten von Schadsoftware, Malware ist einfach der übergeordnete Begriff.

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131