Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundestrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.01.2013, 21:43   #1
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



Liebe Trojaner-Board Community,

vor ungefähr einer Woche habe ich mir einen Bundestrojaner eingefangen. Da ich nicht sehr viel von dem Thema verstehe hat mir mein Freund geholfen, und mich auf diesen verwiesen

----> http://www.trojaner-board.de/128878-...-variante.html

Daraufhin bin ich der Anleitung vom t'John gefolgt (gleich die erste Anleitung) und habe eine OTL.txt erhalten die ich hier posten möchte.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/20/2013 9:09:19 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.36 Mb Free Space | 75.37% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.57% Space Free | Partition Type: FAT32
Drive E: | 698.54 Gb Total Space | 115.40 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/01/09 20:00:00 | 000,263,680 | ---- | M] (Корпорация Майкрософт) [Auto] -- E:\Users\Nana\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 15:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/20 07:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/14 12:42:50 | 002,019,184 | ---- | M] (O&O Software GmbH) [Auto] -- E:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012/09/12 11:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 11:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/01 11:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- E:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/07/26 13:23:06 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/26 03:14:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/24 22:03:26 | 000,176,128 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/05 23:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand] --  -- (hwusbfake)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | On_Demand] --  -- (amdiox86)
DRV - [2013/01/20 14:23:46 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\jbprghah.sys -- (jbprghah)
DRV - [2012/10/22 16:01:15 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/10/10 15:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/30 16:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 09:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/24 21:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 13:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot] -- E:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/02/08 05:03:54 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 05:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/12/01 04:11:28 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 08:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- E:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E6 CE B3 AC EA CD 01  [binary data]
IE - HKU\Nana_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [CmPCIaudio]  File not found
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OODefragTray] E:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKU\Nana_ON_E..\Run: [Spotify Web Helper] E:\Users\Nana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Nana_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - E:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/20 20:41:38 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/01/20 14:23:45 | 000,043,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\jbprghah.sys
[2013/01/09 17:22:11 | 000,088,640 | ---- | C] (Spotify Ltd) -- E:\Users\Nana\Desktop\SpotifySetup.exe
[2013/01/09 11:25:08 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Linkin Park
[2013/01/09 06:49:25 | 002,345,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/01/09 06:49:24 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/09 06:49:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/01/09 06:49:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/01/09 06:49:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 06:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 06:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 06:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 06:49:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 06:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 06:48:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2013/01/09 06:48:55 | 000,308,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2013/01/09 06:48:55 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\System32\fpb.rs
[2013/01/09 06:48:55 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2013/01/09 06:48:55 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2013/01/09 06:48:55 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\System32\csrr.rs
[2013/01/09 06:48:55 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2013/01/09 06:48:55 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\System32\usk.rs
[2013/01/09 06:48:55 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\System32\grb.rs
[2013/01/09 06:48:55 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2013/01/09 06:48:55 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi.rs
[2013/01/09 06:48:55 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\System32\djctq.rs
[2013/01/09 06:48:54 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\System32\cero.rs
[2013/01/09 06:48:54 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\System32\esrb.rs
[2013/01/09 06:48:54 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc.rs
[2013/01/09 06:48:54 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2013/01/09 06:48:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2013/01/09 06:48:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
[2013/01/04 19:10:33 | 000,000,000 | ---D | C] -- E:\Windows\System32\oodag
[2013/01/04 16:59:38 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Local\O&O
[2013/01/04 16:58:58 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/01/04 16:58:51 | 000,000,000 | ---D | C] -- E:\Program Files\OO Software
[2013/01/04 16:58:06 | 000,000,000 | ---D | C] -- E:\ProgramData\OO Software
[2013/01/04 16:57:41 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86)
[2013/01/03 16:59:42 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\Calibre Library
[2013/01/03 16:58:42 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\Calibre Bibliothek
[2013/01/03 16:58:15 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\calibre
[2013/01/03 16:57:52 | 000,000,000 | ---D | C] -- E:\Program Files\Calibre2
[2013/01/03 16:57:52 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/03 05:28:39 | 000,000,000 | R--D | C] -- E:\Users\Nana\Desktop\Spiele
[2013/01/03 05:10:51 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Georgs Neujahrrsbesuch
[2013/01/01 17:39:03 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Marie Lu - Legend Bd. 1 - Fallender Himmel
[2013/01/01 15:12:57 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\E-Bücher
[2013/01/01 12:20:46 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Local\Skyrim
[2013/01/01 12:20:22 | 000,528,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_6.dll
[2013/01/01 12:20:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_5.dll
[2013/01/01 12:20:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_6.dll
[2013/01/01 12:20:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_5.dll
[2013/01/01 12:20:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_4.dll
[2013/01/01 12:20:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_7.dll
[2013/01/01 12:20:21 | 001,974,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_42.dll
[2013/01/01 12:20:20 | 005,501,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dcsx_42.dll
[2013/01/01 12:20:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_42.dll
[2013/01/01 12:20:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_42.dll
[2013/01/01 12:20:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx11_42.dll
[2013/01/01 12:20:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_41.dll
[2013/01/01 12:20:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_41.dll
[2013/01/01 12:20:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_41.dll
[2013/01/01 12:20:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_4.dll
[2013/01/01 12:20:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_4.dll
[2013/01/01 12:20:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_3.dll
[2013/01/01 12:20:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_40.dll
[2013/01/01 12:20:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_40.dll
[2013/01/01 12:20:16 | 000,022,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_6.dll
[2013/01/01 12:20:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_40.dll
[2013/01/01 12:20:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_3.dll
[2013/01/01 12:20:15 | 000,235,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_3.dll
[2013/01/01 12:20:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_2.dll
[2013/01/01 12:20:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_2.dll
[2013/01/01 12:20:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_2.dll
[2013/01/01 12:20:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_1.dll
[2013/01/01 12:20:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_5.dll
[2013/01/01 12:20:13 | 000,507,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_1.dll
[2013/01/01 12:20:13 | 000,065,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_0.dll
[2013/01/01 12:20:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_38.dll
[2013/01/01 12:20:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_38.dll
[2013/01/01 12:20:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_1.dll
[2013/01/01 12:20:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_4.dll
[2013/01/01 12:20:11 | 003,850,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_38.dll
[2013/01/01 12:20:11 | 000,479,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_0.dll
[2013/01/01 12:20:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_0.dll
[2013/01/01 12:20:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_37.dll
[2013/01/01 12:20:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_37.dll
[2013/01/01 12:20:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_3.dll
[2013/01/01 12:20:09 | 003,786,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_37.dll
[2013/01/01 12:20:09 | 001,374,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_36.dll
[2013/01/01 12:20:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_36.dll
[2013/01/01 12:20:09 | 000,267,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_10.dll
[2013/01/01 12:20:07 | 003,734,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_36.dll
[2013/01/01 12:20:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_35.dll
[2013/01/01 12:20:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_35.dll
[2013/01/01 12:20:07 | 000,267,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_9.dll
[2013/01/01 12:20:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_35.dll
[2013/01/01 12:20:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_34.dll
[2013/01/01 12:20:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_34.dll
[2013/01/01 12:20:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_8.dll
[2013/01/01 12:20:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_2.dll
[2013/01/01 12:20:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_34.dll
[2013/01/01 12:20:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_7.dll
[2013/01/01 12:20:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_33.dll
[2013/01/01 12:20:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_33.dll
[2013/01/01 12:20:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_33.dll
[2013/01/01 12:20:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_6.dll
[2013/01/01 12:20:02 | 000,440,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10.dll
[2013/01/01 12:20:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_5.dll
[2013/01/01 12:20:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_32.dll
[2013/01/01 12:20:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_31.dll
[2013/01/01 12:20:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_4.dll
[2013/01/01 12:20:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\x3daudio1_1.dll
[2013/01/01 12:19:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_3.dll
[2013/01/01 12:19:59 | 000,230,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_2.dll
[2013/01/01 12:19:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xinput1_2.dll
[2013/01/01 12:19:58 | 000,229,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_1.dll
[2013/01/01 12:19:58 | 000,062,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xinput1_1.dll
[2013/01/01 12:19:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_30.dll
[2013/01/01 12:19:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_29.dll
[2013/01/01 12:19:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_0.dll
[2013/01/01 12:19:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\x3daudio1_0.dll
[2013/01/01 12:19:49 | 002,323,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_28.dll
[2013/01/01 12:19:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_27.dll
[2013/01/01 12:19:47 | 002,337,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_25.dll
[2013/01/01 12:19:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_26.dll
[2013/01/01 12:19:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_24.dll
[2013/01/01 11:08:05 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\JAM Software
[2013/01/01 11:07:55 | 000,000,000 | ---D | C] -- E:\Program Files\JAM Software
[2013/01/01 10:59:22 | 000,000,000 | R--D | C] -- E:\Users\Nana\Desktop\Anwendungen
[2012/12/30 20:36:51 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 20:36:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Battle.net
[2012/12/30 20:34:11 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\ProgramData\Blizzard Entertainment
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Blizzard Entertainment
[2012/12/30 16:02:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\terminpt.sys
[2012/12/30 16:02:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\rdpvideominiport.sys
[2012/12/30 16:02:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/30 16:02:23 | 000,049,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbFlt.sys
[2012/12/30 16:02:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbGD.sys
[2012/12/30 16:02:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/30 16:02:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/12/30 16:02:22 | 002,739,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorets.dll
[2012/12/30 16:02:22 | 000,317,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprt.exe
[2012/12/30 16:02:22 | 000,269,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aaclient.dll
[2012/12/30 16:02:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpudd.dll
[2012/12/30 16:02:22 | 000,192,000 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpendp_winip.dll
[2012/12/30 16:02:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TSWbPrxy.exe
[2012/12/30 16:02:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsRdpWebAccess.dll
[2012/12/30 16:02:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tsgqec.dll
[2012/12/30 16:02:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/12/30 16:02:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprtPS.dll
[2012/12/30 16:01:13 | 001,039,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lsasrv.dll
[2012/12/30 16:01:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qdvd.dll
[2012/12/30 15:58:55 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Security Client
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/20 14:24:17 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/01/20 14:23:46 | 000,043,600 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\drivers\jbprghah.sys
[2013/01/20 14:23:08 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/20 14:23:06 | 000,002,865 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/20 14:23:06 | 000,001,054 | ---- | M] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/20 14:22:49 | 2415,357,952 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/20 14:22:49 | 000,026,796 | ---- | M] () -- E:\Windows\System32\oodbs.lor
[2013/01/09 19:47:03 | 002,167,242 | ---- | M] () -- E:\Users\Nana\Desktop\grammar.pdf
[2013/01/09 19:46:23 | 000,618,833 | ---- | M] () -- E:\Users\Nana\Desktop\Basic_-Italian.pdf
[2013/01/09 18:02:57 | 000,021,280 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 18:02:57 | 000,021,280 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 17:22:11 | 000,088,640 | ---- | M] (Spotify Ltd) -- E:\Users\Nana\Desktop\SpotifySetup.exe
[2013/01/09 11:22:44 | 000,388,520 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/01/07 12:10:53 | 000,000,798 | ---- | M] () -- E:\Users\Nana\Desktop\ArabicAnEssentialGrammar.pdf.lnk
[2013/01/07 12:09:00 | 000,027,979 | ---- | M] () -- E:\Users\Nana\Desktop\AuPair Formalitäten.odt
[2013/01/07 10:56:53 | 000,007,334 | ---- | M] () -- E:\Users\Nana\Desktop\was sie von mir brauchen.odt
[2013/01/06 16:03:37 | 000,216,976 | ---- | M] () -- E:\Users\Nana\Desktop\d027.jpg
[2013/01/04 16:58:58 | 000,002,509 | ---- | M] () -- E:\Users\Public\Desktop\O&O Defrag.lnk
[2013/01/04 16:58:58 | 000,002,453 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/01/04 16:58:58 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/04 16:58:58 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/01/04 16:54:06 | 001,326,828 | ---- | M] () -- E:\Users\Nana\Desktop\Stiefvater, Maggie - Rot wie das Meer.epub
[2013/01/04 16:49:43 | 064,873,173 | ---- | M] () -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86).rar
[2013/01/03 17:08:33 | 005,713,414 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/01/03 17:08:33 | 002,154,326 | ---- | M] () -- E:\Windows\System32\perfh019.dat
[2013/01/03 17:08:33 | 002,094,376 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/01/03 17:08:33 | 001,698,874 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/01/03 17:08:33 | 001,542,008 | ---- | M] () -- E:\Windows\System32\perfc019.dat
[2013/01/03 17:08:33 | 001,515,880 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/01/03 16:58:10 | 000,000,897 | ---- | M] () -- E:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/03 16:58:10 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/03 16:47:01 | 005,154,944 | ---- | M] () -- E:\Users\Nana\Desktop\Grim1.rar
[2013/01/03 16:44:43 | 028,874,727 | ---- | M] () -- E:\Users\Nana\Desktop\Buecherkiste_Fo_K.rar
[2013/01/03 16:43:51 | 419,430,400 | ---- | M] () -- E:\Users\Nana\Desktop\lk_zeit_2.part1.rar
[2013/01/03 16:43:09 | 000,011,729 | ---- | M] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (3).odt
[2013/01/03 16:40:14 | 310,744,066 | ---- | M] () -- E:\Users\Nana\Desktop\lk_zeit_2.part2.rar
[2013/01/03 05:30:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
[2013/01/03 05:29:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2013/01/03 05:29:50 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/01/01 17:51:07 | 003,751,452 | ---- | M] () -- E:\Users\Nana\Desktop\sk.friedh.rar
[2013/01/01 17:50:41 | 095,206,566 | ---- | M] () -- E:\Users\Nana\Desktop\LuSe.rar
[2013/01/01 17:32:12 | 006,033,365 | ---- | M] () -- E:\Users\Nana\Desktop\Legend1.rar
[2012/12/30 20:44:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 20:32:59 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/30 15:59:24 | 000,001,945 | ---- | M] () -- E:\Windows\epplauncher.mif
[2012/12/30 15:59:06 | 000,002,084 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/30 15:57:03 | 001,474,832 | ---- | M] () -- E:\Windows\System32\drivers\sfi.dat
[2012/12/30 15:19:16 | 000,000,045 | ---- | M] () -- E:\Windows\System32\initdebug.nfo
[2012/12/30 15:08:17 | 000,000,146 | ---- | M] () -- E:\Users\Nana\Desktop\Sound - Verknüpfung.lnk
[2012/12/28 18:21:18 | 000,018,919 | ---- | M] () -- E:\Users\Nana\Desktop\zitate.odt
[2012/12/28 16:35:02 | 000,016,563 | ---- | M] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (2).odt
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/20 14:23:06 | 000,001,054 | ---- | C] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/09 19:47:03 | 002,167,242 | ---- | C] () -- E:\Users\Nana\Desktop\grammar.pdf
[2013/01/09 19:46:23 | 000,618,833 | ---- | C] () -- E:\Users\Nana\Desktop\Basic_-Italian.pdf
[2013/01/08 15:14:55 | 000,002,865 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/08 15:14:49 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/07 12:10:53 | 000,000,798 | ---- | C] () -- E:\Users\Nana\Desktop\ArabicAnEssentialGrammar.pdf.lnk
[2013/01/07 12:08:58 | 000,027,979 | ---- | C] () -- E:\Users\Nana\Desktop\AuPair Formalitäten.odt
[2013/01/07 10:56:53 | 000,007,334 | ---- | C] () -- E:\Users\Nana\Desktop\was sie von mir brauchen.odt
[2013/01/06 16:04:01 | 000,216,976 | ---- | C] () -- E:\Users\Nana\Desktop\d027.jpg
[2013/01/05 16:03:12 | 000,026,796 | ---- | C] () -- E:\Windows\System32\oodbs.lor
[2013/01/04 16:58:58 | 000,002,509 | ---- | C] () -- E:\Users\Public\Desktop\O&O Defrag.lnk
[2013/01/04 16:58:58 | 000,002,453 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/01/04 16:54:06 | 001,326,828 | ---- | C] () -- E:\Users\Nana\Desktop\Stiefvater, Maggie - Rot wie das Meer.epub
[2013/01/04 16:48:40 | 064,873,173 | ---- | C] () -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86).rar
[2013/01/03 16:58:10 | 000,000,897 | ---- | C] () -- E:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/03 16:47:01 | 005,154,944 | ---- | C] () -- E:\Users\Nana\Desktop\Grim1.rar
[2013/01/03 16:31:14 | 419,430,400 | ---- | C] () -- E:\Users\Nana\Desktop\lk_zeit_2.part1.rar
[2013/01/03 16:30:39 | 310,744,066 | ---- | C] () -- E:\Users\Nana\Desktop\lk_zeit_2.part2.rar
[2013/01/03 16:25:56 | 028,874,727 | ---- | C] () -- E:\Users\Nana\Desktop\Buecherkiste_Fo_K.rar
[2013/01/03 15:17:42 | 000,011,729 | ---- | C] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (3).odt
[2013/01/01 17:50:49 | 003,751,452 | ---- | C] () -- E:\Users\Nana\Desktop\sk.friedh.rar
[2013/01/01 17:49:13 | 095,206,566 | ---- | C] () -- E:\Users\Nana\Desktop\LuSe.rar
[2013/01/01 17:32:10 | 006,033,365 | ---- | C] () -- E:\Users\Nana\Desktop\Legend1.rar
[2012/12/30 15:59:23 | 000,001,945 | ---- | C] () -- E:\Windows\epplauncher.mif
[2012/12/30 15:59:06 | 000,002,084 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/30 15:08:17 | 000,000,146 | ---- | C] () -- E:\Users\Nana\Desktop\Sound - Verknüpfung.lnk
[2012/12/28 16:36:49 | 000,018,919 | ---- | C] () -- E:\Users\Nana\Desktop\zitate.odt
[2012/12/28 15:18:01 | 000,016,563 | ---- | C] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (2).odt
[2012/12/27 06:15:35 | 000,033,961 | ---- | C] () -- E:\Users\Nana\Documents\OpenDocument%20Text%20(neu)%20(2).odt_1.odt
[2012/12/07 15:40:40 | 000,042,440 | ---- | C] () -- E:\Windows\System32\xfcodec.dll
[2012/10/06 14:55:06 | 000,000,138 | ---- | C] () -- E:\ProgramData\fxdkmttkmffjjve
[2012/08/14 17:35:44 | 000,000,051 | ---- | C] () -- E:\ProgramData\pqhepeejleqgdtv
[2012/04/01 16:56:44 | 000,032,256 | ---- | C] () -- E:\Windows\System32\AVSredirect.dll
[2011/11/21 22:48:34 | 000,000,193 | ---- | C] () -- E:\Windows\WORDPAD.INI
[2011/09/20 14:11:04 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{598C8DB4-FAEA-4D93-B6F6-139D4910796E}
[2011/09/08 13:06:52 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{B61B60F4-0384-4FFD-8867-C1F75B1CB119}
[2011/09/08 12:17:51 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{F3200062-1452-4424-906B-5E8FE01311FA}
[2011/07/26 05:29:35 | 000,557,056 | ---- | C] () -- E:\Windows\System32\Cmeaupci.exe
[2011/07/26 05:29:35 | 000,000,164 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.cfl
[2011/07/26 05:27:38 | 000,002,123 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.cfg
[2011/07/26 05:27:38 | 000,001,667 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.imi
[2011/07/26 04:51:57 | 002,154,326 | ---- | C] () -- E:\Windows\System32\perfh019.dat
[2011/07/26 04:51:57 | 001,542,008 | ---- | C] () -- E:\Windows\System32\perfc019.dat
[2011/07/26 04:51:57 | 000,336,704 | ---- | C] () -- E:\Windows\System32\perfi019.dat
[2011/07/26 04:51:57 | 000,039,446 | ---- | C] () -- E:\Windows\System32\perfd019.dat
[2011/07/26 04:47:09 | 000,094,208 | ---- | C] () -- E:\Windows\VMix.dll
[2011/07/26 04:33:54 | 000,303,104 | ---- | C] () -- E:\Windows\System32\CmiInstallResAll.dll
[2011/07/26 04:33:53 | 000,002,754 | ---- | C] () -- E:\Windows\cmudax3.ini
[2011/07/26 04:20:43 | 001,474,832 | ---- | C] () -- E:\Windows\System32\drivers\sfi.dat
[2011/07/26 03:14:48 | 000,011,164 | ---- | C] () -- E:\Windows\System32\drivers\nvphy.bin
[2011/07/26 02:30:05 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2011/05/24 16:44:26 | 000,059,904 | ---- | C] () -- E:\Windows\System32\OVDecode.dll
[2011/04/20 11:30:06 | 000,233,765 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2011/04/11 20:30:05 | 005,713,414 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 001,698,874 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- E:\Windows\System32\atipblag.dat
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- E:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,388,520 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 002,094,376 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 001,515,880 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,982,196 | ---- | C] () -- E:\Windows\System32\igkrng500.bin
[2009/07/13 17:09:19 | 000,417,344 | ---- | C] () -- E:\Windows\System32\igcompkrng500.bin
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- E:\Windows\System32\igfcg500.bin
[2009/07/13 17:09:19 | 000,097,448 | ---- | C] () -- E:\Windows\System32\igfcg500m.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- E:\Windows\System32\xlive.dll.cat
[2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- E:\Windows\System32\drivers\ASACPI.sys
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- E:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011/07/26 04:22:39 | 000,000,000 | ---D | M] -- E:\ProgramData\AMD
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/12/30 20:36:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Battle.net
[2012/10/25 18:14:29 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/06/28 16:45:49 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/02/28 12:59:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Local Settings
[2013/01/04 16:58:06 | 000,000,000 | ---D | M] -- E:\ProgramData\OO Software
[2013/01/04 17:04:44 | 000,000,000 | ---D | M] -- E:\ProgramData\oytbmfgettdpigr
[2012/05/20 04:04:09 | 000,000,000 | ---D | M] -- E:\ProgramData\POP3Profiles
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/01/06 18:57:54 | 000,000,000 | ---D | M] -- E:\ProgramData\Tunngle
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/11/18 06:21:59 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 608 bytes -> E:\Windows\System32\drivers\jbprghah.sys:changelist
< End of report >
         
--- --- ---
Liebe Grüße
Nano

Alt 20.01.2013, 21:46   #2
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/01/20 14:23:08 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/20 14:23:06 | 000,002,865 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/20 14:23:06 | 000,001,054 | ---- | M] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

:Files
E:\Users\Nana\wgsdgsdgdsgsd.exe
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________

__________________

Alt 20.01.2013, 21:49   #3
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



Ok, ich probiere das mal eben aus.
__________________

Alt 20.01.2013, 21:51   #4
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



bitte lass solche zwischenposts weg. einfach probieren, falls probleme oder bei Erfolg, posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 22:16   #5
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



Fix wurde gemacht. Aber er ist danach nicht neugestartet also musste ich ihn manuell neustarten lassen. Läuft alles soweit.

.. hier die OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/20/2013 9:09:19 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.36 Mb Free Space | 75.37% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.57% Space Free | Partition Type: FAT32
Drive E: | 698.54 Gb Total Space | 115.40 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/01/09 20:00:00 | 000,263,680 | ---- | M] (Корпорация Майкрософт) [Auto] -- E:\Users\Nana\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 15:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/20 07:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/14 12:42:50 | 002,019,184 | ---- | M] (O&O Software GmbH) [Auto] -- E:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012/09/12 11:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 11:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/01 11:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- E:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/07/26 13:23:06 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/26 03:14:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/24 22:03:26 | 000,176,128 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/05 23:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand] --  -- (hwusbfake)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | On_Demand] --  -- (amdiox86)
DRV - [2013/01/20 14:23:46 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\jbprghah.sys -- (jbprghah)
DRV - [2012/10/22 16:01:15 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/10/10 15:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/30 16:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 09:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/24 21:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 13:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot] -- E:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/02/08 05:03:54 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 05:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/12/01 04:11:28 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 08:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- E:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E6 CE B3 AC EA CD 01  [binary data]
IE - HKU\Nana_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [CmPCIaudio]  File not found
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OODefragTray] E:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKU\Nana_ON_E..\Run: [Spotify Web Helper] E:\Users\Nana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Nana_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - E:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/20 20:41:38 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/01/20 14:23:45 | 000,043,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\jbprghah.sys
[2013/01/09 17:22:11 | 000,088,640 | ---- | C] (Spotify Ltd) -- E:\Users\Nana\Desktop\SpotifySetup.exe
[2013/01/09 11:25:08 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Linkin Park
[2013/01/09 06:49:25 | 002,345,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/01/09 06:49:24 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/09 06:49:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/01/09 06:49:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/01/09 06:49:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 06:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 06:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 06:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 06:49:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 06:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 06:48:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2013/01/09 06:48:55 | 000,308,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2013/01/09 06:48:55 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\System32\fpb.rs
[2013/01/09 06:48:55 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2013/01/09 06:48:55 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2013/01/09 06:48:55 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\System32\csrr.rs
[2013/01/09 06:48:55 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2013/01/09 06:48:55 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\System32\usk.rs
[2013/01/09 06:48:55 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\System32\grb.rs
[2013/01/09 06:48:55 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2013/01/09 06:48:55 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi.rs
[2013/01/09 06:48:55 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\System32\djctq.rs
[2013/01/09 06:48:54 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\System32\cero.rs
[2013/01/09 06:48:54 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\System32\esrb.rs
[2013/01/09 06:48:54 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc.rs
[2013/01/09 06:48:54 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2013/01/09 06:48:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2013/01/09 06:48:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
[2013/01/04 19:10:33 | 000,000,000 | ---D | C] -- E:\Windows\System32\oodag
[2013/01/04 16:59:38 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Local\O&O
[2013/01/04 16:58:58 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/01/04 16:58:51 | 000,000,000 | ---D | C] -- E:\Program Files\OO Software
[2013/01/04 16:58:06 | 000,000,000 | ---D | C] -- E:\ProgramData\OO Software
[2013/01/04 16:57:41 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86)
[2013/01/03 16:59:42 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\Calibre Library
[2013/01/03 16:58:42 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\Calibre Bibliothek
[2013/01/03 16:58:15 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\calibre
[2013/01/03 16:57:52 | 000,000,000 | ---D | C] -- E:\Program Files\Calibre2
[2013/01/03 16:57:52 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/03 05:28:39 | 000,000,000 | R--D | C] -- E:\Users\Nana\Desktop\Spiele
[2013/01/03 05:10:51 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Georgs Neujahrrsbesuch
[2013/01/01 17:39:03 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Marie Lu - Legend Bd. 1 - Fallender Himmel
[2013/01/01 15:12:57 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\E-Bücher
[2013/01/01 12:20:46 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Local\Skyrim
[2013/01/01 12:20:22 | 000,528,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_6.dll
[2013/01/01 12:20:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_5.dll
[2013/01/01 12:20:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_6.dll
[2013/01/01 12:20:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_5.dll
[2013/01/01 12:20:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_4.dll
[2013/01/01 12:20:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_7.dll
[2013/01/01 12:20:21 | 001,974,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_42.dll
[2013/01/01 12:20:20 | 005,501,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dcsx_42.dll
[2013/01/01 12:20:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_42.dll
[2013/01/01 12:20:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_42.dll
[2013/01/01 12:20:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx11_42.dll
[2013/01/01 12:20:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_41.dll
[2013/01/01 12:20:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_41.dll
[2013/01/01 12:20:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_41.dll
[2013/01/01 12:20:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_4.dll
[2013/01/01 12:20:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_4.dll
[2013/01/01 12:20:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_3.dll
[2013/01/01 12:20:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_40.dll
[2013/01/01 12:20:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_40.dll
[2013/01/01 12:20:16 | 000,022,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_6.dll
[2013/01/01 12:20:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_40.dll
[2013/01/01 12:20:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_3.dll
[2013/01/01 12:20:15 | 000,235,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_3.dll
[2013/01/01 12:20:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_2.dll
[2013/01/01 12:20:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_2.dll
[2013/01/01 12:20:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_2.dll
[2013/01/01 12:20:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_1.dll
[2013/01/01 12:20:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_5.dll
[2013/01/01 12:20:13 | 000,507,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_1.dll
[2013/01/01 12:20:13 | 000,065,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_0.dll
[2013/01/01 12:20:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_38.dll
[2013/01/01 12:20:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_38.dll
[2013/01/01 12:20:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_1.dll
[2013/01/01 12:20:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_4.dll
[2013/01/01 12:20:11 | 003,850,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_38.dll
[2013/01/01 12:20:11 | 000,479,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_0.dll
[2013/01/01 12:20:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_0.dll
[2013/01/01 12:20:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_37.dll
[2013/01/01 12:20:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_37.dll
[2013/01/01 12:20:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_3.dll
[2013/01/01 12:20:09 | 003,786,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_37.dll
[2013/01/01 12:20:09 | 001,374,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_36.dll
[2013/01/01 12:20:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_36.dll
[2013/01/01 12:20:09 | 000,267,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_10.dll
[2013/01/01 12:20:07 | 003,734,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_36.dll
[2013/01/01 12:20:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_35.dll
[2013/01/01 12:20:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_35.dll
[2013/01/01 12:20:07 | 000,267,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_9.dll
[2013/01/01 12:20:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_35.dll
[2013/01/01 12:20:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_34.dll
[2013/01/01 12:20:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_34.dll
[2013/01/01 12:20:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_8.dll
[2013/01/01 12:20:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_2.dll
[2013/01/01 12:20:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_34.dll
[2013/01/01 12:20:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_7.dll
[2013/01/01 12:20:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_33.dll
[2013/01/01 12:20:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_33.dll
[2013/01/01 12:20:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_33.dll
[2013/01/01 12:20:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_6.dll
[2013/01/01 12:20:02 | 000,440,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10.dll
[2013/01/01 12:20:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_5.dll
[2013/01/01 12:20:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_32.dll
[2013/01/01 12:20:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_31.dll
[2013/01/01 12:20:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_4.dll
[2013/01/01 12:20:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\x3daudio1_1.dll
[2013/01/01 12:19:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_3.dll
[2013/01/01 12:19:59 | 000,230,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_2.dll
[2013/01/01 12:19:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xinput1_2.dll
[2013/01/01 12:19:58 | 000,229,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_1.dll
[2013/01/01 12:19:58 | 000,062,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xinput1_1.dll
[2013/01/01 12:19:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_30.dll
[2013/01/01 12:19:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_29.dll
[2013/01/01 12:19:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_0.dll
[2013/01/01 12:19:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\x3daudio1_0.dll
[2013/01/01 12:19:49 | 002,323,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_28.dll
[2013/01/01 12:19:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_27.dll
[2013/01/01 12:19:47 | 002,337,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_25.dll
[2013/01/01 12:19:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_26.dll
[2013/01/01 12:19:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_24.dll
[2013/01/01 11:08:05 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\JAM Software
[2013/01/01 11:07:55 | 000,000,000 | ---D | C] -- E:\Program Files\JAM Software
[2013/01/01 10:59:22 | 000,000,000 | R--D | C] -- E:\Users\Nana\Desktop\Anwendungen
[2012/12/30 20:36:51 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 20:36:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Battle.net
[2012/12/30 20:34:11 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\ProgramData\Blizzard Entertainment
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Blizzard Entertainment
[2012/12/30 16:02:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\terminpt.sys
[2012/12/30 16:02:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\rdpvideominiport.sys
[2012/12/30 16:02:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/30 16:02:23 | 000,049,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbFlt.sys
[2012/12/30 16:02:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbGD.sys
[2012/12/30 16:02:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/30 16:02:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/12/30 16:02:22 | 002,739,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorets.dll
[2012/12/30 16:02:22 | 000,317,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprt.exe
[2012/12/30 16:02:22 | 000,269,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aaclient.dll
[2012/12/30 16:02:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpudd.dll
[2012/12/30 16:02:22 | 000,192,000 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpendp_winip.dll
[2012/12/30 16:02:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TSWbPrxy.exe
[2012/12/30 16:02:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsRdpWebAccess.dll
[2012/12/30 16:02:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tsgqec.dll
[2012/12/30 16:02:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/12/30 16:02:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprtPS.dll
[2012/12/30 16:01:13 | 001,039,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lsasrv.dll
[2012/12/30 16:01:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qdvd.dll
[2012/12/30 15:58:55 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Security Client
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/20 14:24:17 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/01/20 14:23:46 | 000,043,600 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\drivers\jbprghah.sys
[2013/01/20 14:23:08 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/20 14:23:06 | 000,002,865 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/20 14:23:06 | 000,001,054 | ---- | M] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/20 14:22:49 | 2415,357,952 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/20 14:22:49 | 000,026,796 | ---- | M] () -- E:\Windows\System32\oodbs.lor
[2013/01/09 19:47:03 | 002,167,242 | ---- | M] () -- E:\Users\Nana\Desktop\grammar.pdf
[2013/01/09 19:46:23 | 000,618,833 | ---- | M] () -- E:\Users\Nana\Desktop\Basic_-Italian.pdf
[2013/01/09 18:02:57 | 000,021,280 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 18:02:57 | 000,021,280 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 17:22:11 | 000,088,640 | ---- | M] (Spotify Ltd) -- E:\Users\Nana\Desktop\SpotifySetup.exe
[2013/01/09 11:22:44 | 000,388,520 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/01/07 12:10:53 | 000,000,798 | ---- | M] () -- E:\Users\Nana\Desktop\ArabicAnEssentialGrammar.pdf.lnk
[2013/01/07 12:09:00 | 000,027,979 | ---- | M] () -- E:\Users\Nana\Desktop\AuPair Formalitäten.odt
[2013/01/07 10:56:53 | 000,007,334 | ---- | M] () -- E:\Users\Nana\Desktop\was sie von mir brauchen.odt
[2013/01/06 16:03:37 | 000,216,976 | ---- | M] () -- E:\Users\Nana\Desktop\d027.jpg
[2013/01/04 16:58:58 | 000,002,509 | ---- | M] () -- E:\Users\Public\Desktop\O&O Defrag.lnk
[2013/01/04 16:58:58 | 000,002,453 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/01/04 16:58:58 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/04 16:58:58 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/01/04 16:54:06 | 001,326,828 | ---- | M] () -- E:\Users\Nana\Desktop\Stiefvater, Maggie - Rot wie das Meer.epub
[2013/01/04 16:49:43 | 064,873,173 | ---- | M] () -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86).rar
[2013/01/03 17:08:33 | 005,713,414 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/01/03 17:08:33 | 002,154,326 | ---- | M] () -- E:\Windows\System32\perfh019.dat
[2013/01/03 17:08:33 | 002,094,376 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/01/03 17:08:33 | 001,698,874 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/01/03 17:08:33 | 001,542,008 | ---- | M] () -- E:\Windows\System32\perfc019.dat
[2013/01/03 17:08:33 | 001,515,880 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/01/03 16:58:10 | 000,000,897 | ---- | M] () -- E:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/03 16:58:10 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/03 16:47:01 | 005,154,944 | ---- | M] () -- E:\Users\Nana\Desktop\Grim1.rar
[2013/01/03 16:44:43 | 028,874,727 | ---- | M] () -- E:\Users\Nana\Desktop\Buecherkiste_Fo_K.rar
[2013/01/03 16:43:51 | 419,430,400 | ---- | M] () -- E:\Users\Nana\Desktop\lk_zeit_2.part1.rar
[2013/01/03 16:43:09 | 000,011,729 | ---- | M] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (3).odt
[2013/01/03 16:40:14 | 310,744,066 | ---- | M] () -- E:\Users\Nana\Desktop\lk_zeit_2.part2.rar
[2013/01/03 05:30:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
[2013/01/03 05:29:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2013/01/03 05:29:50 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/01/01 17:51:07 | 003,751,452 | ---- | M] () -- E:\Users\Nana\Desktop\sk.friedh.rar
[2013/01/01 17:50:41 | 095,206,566 | ---- | M] () -- E:\Users\Nana\Desktop\LuSe.rar
[2013/01/01 17:32:12 | 006,033,365 | ---- | M] () -- E:\Users\Nana\Desktop\Legend1.rar
[2012/12/30 20:44:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 20:32:59 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/30 15:59:24 | 000,001,945 | ---- | M] () -- E:\Windows\epplauncher.mif
[2012/12/30 15:59:06 | 000,002,084 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/30 15:57:03 | 001,474,832 | ---- | M] () -- E:\Windows\System32\drivers\sfi.dat
[2012/12/30 15:19:16 | 000,000,045 | ---- | M] () -- E:\Windows\System32\initdebug.nfo
[2012/12/30 15:08:17 | 000,000,146 | ---- | M] () -- E:\Users\Nana\Desktop\Sound - Verknüpfung.lnk
[2012/12/28 18:21:18 | 000,018,919 | ---- | M] () -- E:\Users\Nana\Desktop\zitate.odt
[2012/12/28 16:35:02 | 000,016,563 | ---- | M] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (2).odt
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/20 14:23:06 | 000,001,054 | ---- | C] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/09 19:47:03 | 002,167,242 | ---- | C] () -- E:\Users\Nana\Desktop\grammar.pdf
[2013/01/09 19:46:23 | 000,618,833 | ---- | C] () -- E:\Users\Nana\Desktop\Basic_-Italian.pdf
[2013/01/08 15:14:55 | 000,002,865 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/08 15:14:49 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/07 12:10:53 | 000,000,798 | ---- | C] () -- E:\Users\Nana\Desktop\ArabicAnEssentialGrammar.pdf.lnk
[2013/01/07 12:08:58 | 000,027,979 | ---- | C] () -- E:\Users\Nana\Desktop\AuPair Formalitäten.odt
[2013/01/07 10:56:53 | 000,007,334 | ---- | C] () -- E:\Users\Nana\Desktop\was sie von mir brauchen.odt
[2013/01/06 16:04:01 | 000,216,976 | ---- | C] () -- E:\Users\Nana\Desktop\d027.jpg
[2013/01/05 16:03:12 | 000,026,796 | ---- | C] () -- E:\Windows\System32\oodbs.lor
[2013/01/04 16:58:58 | 000,002,509 | ---- | C] () -- E:\Users\Public\Desktop\O&O Defrag.lnk
[2013/01/04 16:58:58 | 000,002,453 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/01/04 16:54:06 | 001,326,828 | ---- | C] () -- E:\Users\Nana\Desktop\Stiefvater, Maggie - Rot wie das Meer.epub
[2013/01/04 16:48:40 | 064,873,173 | ---- | C] () -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86).rar
[2013/01/03 16:58:10 | 000,000,897 | ---- | C] () -- E:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/03 16:47:01 | 005,154,944 | ---- | C] () -- E:\Users\Nana\Desktop\Grim1.rar
[2013/01/03 16:31:14 | 419,430,400 | ---- | C] () -- E:\Users\Nana\Desktop\lk_zeit_2.part1.rar
[2013/01/03 16:30:39 | 310,744,066 | ---- | C] () -- E:\Users\Nana\Desktop\lk_zeit_2.part2.rar
[2013/01/03 16:25:56 | 028,874,727 | ---- | C] () -- E:\Users\Nana\Desktop\Buecherkiste_Fo_K.rar
[2013/01/03 15:17:42 | 000,011,729 | ---- | C] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (3).odt
[2013/01/01 17:50:49 | 003,751,452 | ---- | C] () -- E:\Users\Nana\Desktop\sk.friedh.rar
[2013/01/01 17:49:13 | 095,206,566 | ---- | C] () -- E:\Users\Nana\Desktop\LuSe.rar
[2013/01/01 17:32:10 | 006,033,365 | ---- | C] () -- E:\Users\Nana\Desktop\Legend1.rar
[2012/12/30 15:59:23 | 000,001,945 | ---- | C] () -- E:\Windows\epplauncher.mif
[2012/12/30 15:59:06 | 000,002,084 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/30 15:08:17 | 000,000,146 | ---- | C] () -- E:\Users\Nana\Desktop\Sound - Verknüpfung.lnk
[2012/12/28 16:36:49 | 000,018,919 | ---- | C] () -- E:\Users\Nana\Desktop\zitate.odt
[2012/12/28 15:18:01 | 000,016,563 | ---- | C] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (2).odt
[2012/12/27 06:15:35 | 000,033,961 | ---- | C] () -- E:\Users\Nana\Documents\OpenDocument%20Text%20(neu)%20(2).odt_1.odt
[2012/12/07 15:40:40 | 000,042,440 | ---- | C] () -- E:\Windows\System32\xfcodec.dll
[2012/10/06 14:55:06 | 000,000,138 | ---- | C] () -- E:\ProgramData\fxdkmttkmffjjve
[2012/08/14 17:35:44 | 000,000,051 | ---- | C] () -- E:\ProgramData\pqhepeejleqgdtv
[2012/04/01 16:56:44 | 000,032,256 | ---- | C] () -- E:\Windows\System32\AVSredirect.dll
[2011/11/21 22:48:34 | 000,000,193 | ---- | C] () -- E:\Windows\WORDPAD.INI
[2011/09/20 14:11:04 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{598C8DB4-FAEA-4D93-B6F6-139D4910796E}
[2011/09/08 13:06:52 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{B61B60F4-0384-4FFD-8867-C1F75B1CB119}
[2011/09/08 12:17:51 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{F3200062-1452-4424-906B-5E8FE01311FA}
[2011/07/26 05:29:35 | 000,557,056 | ---- | C] () -- E:\Windows\System32\Cmeaupci.exe
[2011/07/26 05:29:35 | 000,000,164 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.cfl
[2011/07/26 05:27:38 | 000,002,123 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.cfg
[2011/07/26 05:27:38 | 000,001,667 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.imi
[2011/07/26 04:51:57 | 002,154,326 | ---- | C] () -- E:\Windows\System32\perfh019.dat
[2011/07/26 04:51:57 | 001,542,008 | ---- | C] () -- E:\Windows\System32\perfc019.dat
[2011/07/26 04:51:57 | 000,336,704 | ---- | C] () -- E:\Windows\System32\perfi019.dat
[2011/07/26 04:51:57 | 000,039,446 | ---- | C] () -- E:\Windows\System32\perfd019.dat
[2011/07/26 04:47:09 | 000,094,208 | ---- | C] () -- E:\Windows\VMix.dll
[2011/07/26 04:33:54 | 000,303,104 | ---- | C] () -- E:\Windows\System32\CmiInstallResAll.dll
[2011/07/26 04:33:53 | 000,002,754 | ---- | C] () -- E:\Windows\cmudax3.ini
[2011/07/26 04:20:43 | 001,474,832 | ---- | C] () -- E:\Windows\System32\drivers\sfi.dat
[2011/07/26 03:14:48 | 000,011,164 | ---- | C] () -- E:\Windows\System32\drivers\nvphy.bin
[2011/07/26 02:30:05 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2011/05/24 16:44:26 | 000,059,904 | ---- | C] () -- E:\Windows\System32\OVDecode.dll
[2011/04/20 11:30:06 | 000,233,765 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2011/04/11 20:30:05 | 005,713,414 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 001,698,874 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- E:\Windows\System32\atipblag.dat
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- E:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,388,520 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 002,094,376 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 001,515,880 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,982,196 | ---- | C] () -- E:\Windows\System32\igkrng500.bin
[2009/07/13 17:09:19 | 000,417,344 | ---- | C] () -- E:\Windows\System32\igcompkrng500.bin
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- E:\Windows\System32\igfcg500.bin
[2009/07/13 17:09:19 | 000,097,448 | ---- | C] () -- E:\Windows\System32\igfcg500m.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- E:\Windows\System32\xlive.dll.cat
[2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- E:\Windows\System32\drivers\ASACPI.sys
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- E:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011/07/26 04:22:39 | 000,000,000 | ---D | M] -- E:\ProgramData\AMD
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/12/30 20:36:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Battle.net
[2012/10/25 18:14:29 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/06/28 16:45:49 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/02/28 12:59:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Local Settings
[2013/01/04 16:58:06 | 000,000,000 | ---D | M] -- E:\ProgramData\OO Software
[2013/01/04 17:04:44 | 000,000,000 | ---D | M] -- E:\ProgramData\oytbmfgettdpigr
[2012/05/20 04:04:09 | 000,000,000 | ---D | M] -- E:\ProgramData\POP3Profiles
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/01/06 18:57:54 | 000,000,000 | ---D | M] -- E:\ProgramData\Tunngle
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/11/18 06:21:59 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 608 bytes -> E:\Windows\System32\drivers\jbprghah.sys:changelist
< End of report >
         
--- --- ---


Mfg Nano


Geändert von nano4sparta (20.01.2013 um 22:37 Uhr)

Alt 21.01.2013, 14:25   #6
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> Bundestrojaner

Alt 21.01.2013, 19:09   #7
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



Hallo,
hier der Log ...


19:06:00.0523 3496 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:06:00.0723 3496 ============================================================
19:06:00.0724 3496 Current date / time: 2013/01/21 19:06:00.0723
19:06:00.0724 3496 SystemInfo:
19:06:00.0724 3496
19:06:00.0724 3496 OS Version: 6.1.7601 ServicePack: 1.0
19:06:00.0724 3496 Product type: Workstation
19:06:00.0724 3496 ComputerName: NANOTSCHKA
19:06:00.0724 3496 UserName: Nana
19:06:00.0724 3496 Windows directory: C:\Windows
19:06:00.0724 3496 System windows directory: C:\Windows
19:06:00.0724 3496 Processor architecture: Intel x86
19:06:00.0724 3496 Number of processors: 4
19:06:00.0724 3496 Page size: 0x1000
19:06:00.0724 3496 Boot type: Normal boot
19:06:00.0724 3496 ============================================================
19:06:02.0489 3496 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0xBD42B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000050
19:06:02.0491 3496 ============================================================
19:06:02.0491 3496 \Device\Harddisk0\DR0:
19:06:02.0491 3496 MBR partitions:
19:06:02.0491 3496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:06:02.0491 3496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
19:06:02.0491 3496 ============================================================
19:06:02.0516 3496 C: <-> \Device\Harddisk0\DR0\Partition2
19:06:02.0516 3496 ============================================================
19:06:02.0516 3496 Initialize success
19:06:02.0517 3496 ============================================================
19:06:41.0979 1420 ============================================================
19:06:41.0979 1420 Scan started
19:06:41.0979 1420 Mode: Manual; SigCheck; TDLFS;
19:06:41.0979 1420 ============================================================
19:06:42.0347 1420 ================ Scan system memory ========================
19:06:42.0347 1420 System memory - ok
19:06:42.0347 1420 ================ Scan services =============================
19:06:42.0437 1420 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:06:42.0501 1420 1394ohci - ok
19:06:42.0524 1420 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:06:42.0538 1420 ACPI - ok
19:06:42.0558 1420 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:06:42.0598 1420 AcpiPmi - ok
19:06:42.0648 1420 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
19:06:42.0658 1420 AdobeActiveFileMonitor8.0 - ok
19:06:42.0707 1420 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:06:42.0769 1420 AdobeARMservice - ok
19:06:42.0796 1420 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:06:42.0811 1420 adp94xx - ok
19:06:42.0826 1420 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:06:42.0838 1420 adpahci - ok
19:06:42.0843 1420 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:06:42.0853 1420 adpu320 - ok
19:06:42.0877 1420 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:06:42.0954 1420 AeLookupSvc - ok
19:06:42.0992 1420 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:06:43.0021 1420 AFD - ok
19:06:43.0024 1420 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:06:43.0033 1420 agp440 - ok
19:06:43.0057 1420 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:06:43.0066 1420 aic78xx - ok
19:06:43.0094 1420 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:06:43.0112 1420 ALG - ok
19:06:43.0116 1420 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:06:43.0123 1420 aliide - ok
19:06:43.0152 1420 [ D16B67B26A1096EDF8B57D03513ECFA7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:06:43.0178 1420 AMD External Events Utility - ok
19:06:43.0182 1420 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:06:43.0191 1420 amdagp - ok
19:06:43.0193 1420 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:06:43.0202 1420 amdide - ok
19:06:43.0204 1420 amdiox86 - ok
19:06:43.0223 1420 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:06:43.0241 1420 AmdK8 - ok
19:06:43.0341 1420 [ 712D8A95E45B070114C5309ADA7358FF ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:06:43.0434 1420 amdkmdag - ok
19:06:43.0477 1420 [ 60643C3ABE28015269A62EB3DD4A49F4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:06:43.0506 1420 amdkmdap - ok
19:06:43.0528 1420 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:06:43.0537 1420 AmdPPM - ok
19:06:43.0553 1420 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:06:43.0562 1420 amdsata - ok
19:06:43.0578 1420 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:06:43.0589 1420 amdsbs - ok
19:06:43.0602 1420 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:06:43.0611 1420 amdxata - ok
19:06:43.0634 1420 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:06:43.0653 1420 AppID - ok
19:06:43.0669 1420 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:06:43.0687 1420 AppIDSvc - ok
19:06:43.0696 1420 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:06:43.0719 1420 Appinfo - ok
19:06:43.0726 1420 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:06:43.0756 1420 AppMgmt - ok
19:06:43.0769 1420 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:06:43.0778 1420 arc - ok
19:06:43.0783 1420 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:06:43.0793 1420 arcsas - ok
19:06:43.0813 1420 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:06:43.0883 1420 AsyncMac - ok
19:06:43.0887 1420 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:06:43.0896 1420 atapi - ok
19:06:43.0956 1420 [ C8BB2E935A5D195692140E795EA9AC14 ] athr C:\Windows\system32\DRIVERS\athr.sys
19:06:44.0031 1420 athr ( UnsignedFile.Multi.Generic ) - warning
19:06:44.0031 1420 athr - detected UnsignedFile.Multi.Generic (1)
19:06:44.0058 1420 [ 45FE74599FBA4070E7C7DAC928896474 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
19:06:44.0111 1420 AtiHDAudioService - ok
19:06:44.0194 1420 [ 712D8A95E45B070114C5309ADA7358FF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:06:44.0238 1420 atikmdag - ok
19:06:44.0264 1420 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:06:44.0299 1420 AudioEndpointBuilder - ok
19:06:44.0306 1420 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:06:44.0331 1420 Audiosrv - ok
19:06:44.0344 1420 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:06:44.0382 1420 AxInstSV - ok
19:06:44.0413 1420 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:06:44.0449 1420 b06bdrv - ok
19:06:44.0479 1420 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:06:44.0506 1420 b57nd60x - ok
19:06:44.0511 1420 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:06:44.0532 1420 BDESVC - ok
19:06:44.0552 1420 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:06:44.0577 1420 Beep - ok
19:06:44.0599 1420 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:06:44.0633 1420 BFE - ok
19:06:44.0661 1420 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:06:44.0686 1420 BITS - ok
19:06:44.0696 1420 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:06:44.0704 1420 blbdrive - ok
19:06:44.0716 1420 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:06:44.0736 1420 bowser - ok
19:06:44.0751 1420 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:06:44.0761 1420 BrFiltLo - ok
19:06:44.0764 1420 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:06:44.0783 1420 BrFiltUp - ok
19:06:44.0799 1420 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:06:44.0819 1420 Browser - ok
19:06:44.0836 1420 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:06:44.0861 1420 Brserid - ok
19:06:44.0864 1420 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:06:44.0881 1420 BrSerWdm - ok
19:06:44.0884 1420 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:06:44.0899 1420 BrUsbMdm - ok
19:06:44.0903 1420 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:06:44.0912 1420 BrUsbSer - ok
19:06:44.0962 1420 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:06:44.0983 1420 BthEnum - ok
19:06:44.0986 1420 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:06:44.0997 1420 BTHMODEM - ok
19:06:45.0018 1420 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:06:45.0042 1420 BthPan - ok
19:06:45.0062 1420 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:06:45.0076 1420 BTHPORT - ok
19:06:45.0086 1420 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:06:45.0114 1420 bthserv - ok
19:06:45.0132 1420 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:06:45.0149 1420 BTHUSB - ok
19:06:45.0159 1420 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:06:45.0189 1420 cdfs - ok
19:06:45.0212 1420 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:06:45.0221 1420 cdrom - ok
19:06:45.0233 1420 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:06:45.0257 1420 CertPropSvc - ok
19:06:45.0274 1420 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:06:45.0284 1420 circlass - ok
19:06:45.0308 1420 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:06:45.0321 1420 CLFS - ok
19:06:45.0398 1420 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:06:45.0407 1420 clr_optimization_v2.0.50727_32 - ok
19:06:45.0447 1420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:06:45.0457 1420 clr_optimization_v4.0.30319_32 - ok
19:06:45.0481 1420 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:06:45.0504 1420 CmBatt - ok
19:06:45.0532 1420 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:06:45.0541 1420 cmdide - ok
19:06:45.0617 1420 [ 48CA0EF55ECA320EF7862B75B91662FE ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
19:06:45.0714 1420 cmuda3 ( UnsignedFile.Multi.Generic ) - warning
19:06:45.0714 1420 cmuda3 - detected UnsignedFile.Multi.Generic (1)
19:06:45.0767 1420 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
19:06:45.0812 1420 CNG - ok
19:06:45.0816 1420 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:06:45.0824 1420 Compbatt - ok
19:06:45.0844 1420 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:06:45.0862 1420 CompositeBus - ok
19:06:45.0864 1420 COMSysApp - ok
19:06:45.0879 1420 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:06:45.0887 1420 crcdisk - ok
19:06:45.0918 1420 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:06:45.0937 1420 CryptSvc - ok
19:06:45.0957 1420 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:06:45.0992 1420 CSC - ok
19:06:46.0012 1420 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:06:46.0033 1420 CscService - ok
19:06:46.0063 1420 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:06:46.0093 1420 DcomLaunch - ok
19:06:46.0107 1420 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:06:46.0132 1420 defragsvc - ok
19:06:46.0136 1420 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:06:46.0158 1420 DfsC - ok
19:06:46.0176 1420 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:06:46.0198 1420 Dhcp - ok
19:06:46.0202 1420 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:06:46.0232 1420 discache - ok
19:06:46.0241 1420 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:06:46.0249 1420 Disk - ok
19:06:46.0272 1420 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:06:46.0296 1420 dmvsc - ok
19:06:46.0299 1420 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:06:46.0319 1420 Dnscache - ok
19:06:46.0324 1420 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:06:46.0353 1420 dot3svc - ok
19:06:46.0357 1420 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:06:46.0393 1420 DPS - ok
19:06:46.0413 1420 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:06:46.0423 1420 drmkaud - ok
19:06:46.0463 1420 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:06:46.0473 1420 dtsoftbus01 - ok
19:06:46.0491 1420 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:06:46.0509 1420 DXGKrnl - ok
19:06:46.0524 1420 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:06:46.0546 1420 EapHost - ok
19:06:46.0613 1420 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:06:46.0677 1420 ebdrv - ok
19:06:46.0696 1420 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:06:46.0722 1420 EFS - ok
19:06:46.0772 1420 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:06:46.0813 1420 ehRecvr - ok
19:06:46.0817 1420 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:06:46.0827 1420 ehSched - ok
19:06:46.0851 1420 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:06:46.0864 1420 elxstor - ok
19:06:46.0874 1420 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:06:46.0897 1420 ErrDev - ok
19:06:46.0916 1420 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:06:46.0948 1420 EventSystem - ok
19:06:46.0961 1420 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:06:46.0989 1420 exfat - ok
19:06:47.0026 1420 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:06:47.0073 1420 fastfat - ok
19:06:47.0239 1420 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:06:47.0259 1420 Fax - ok
19:06:47.0272 1420 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
19:06:47.0281 1420 fdc - ok
19:06:47.0293 1420 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:06:47.0322 1420 fdPHost - ok
19:06:47.0326 1420 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:06:47.0349 1420 FDResPub - ok
19:06:47.0364 1420 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:06:47.0373 1420 FileInfo - ok
19:06:47.0377 1420 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:06:47.0394 1420 Filetrace - ok
19:06:47.0431 1420 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:06:47.0466 1420 FLEXnet Licensing Service - ok
19:06:47.0471 1420 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:06:47.0489 1420 flpydisk - ok
19:06:47.0502 1420 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:06:47.0513 1420 FltMgr - ok
19:06:47.0531 1420 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:06:47.0567 1420 FontCache - ok
19:06:47.0609 1420 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:06:47.0617 1420 FontCache3.0.0.0 - ok
19:06:47.0619 1420 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:06:47.0628 1420 FsDepends - ok
19:06:47.0652 1420 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:06:47.0659 1420 Fs_Rec - ok
19:06:47.0667 1420 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:06:47.0679 1420 fvevol - ok
19:06:47.0684 1420 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:06:47.0693 1420 gagp30kx - ok
19:06:47.0714 1420 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
19:06:47.0717 1420 giveio ( UnsignedFile.Multi.Generic ) - warning
19:06:47.0718 1420 giveio - detected UnsignedFile.Multi.Generic (1)
19:06:47.0742 1420 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:06:47.0772 1420 gpsvc - ok
19:06:47.0791 1420 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:06:47.0807 1420 hcw85cir - ok
19:06:47.0826 1420 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:06:47.0838 1420 HdAudAddService - ok
19:06:47.0846 1420 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:06:47.0868 1420 HDAudBus - ok
19:06:47.0887 1420 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:06:47.0908 1420 HidBatt - ok
19:06:47.0922 1420 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:06:47.0942 1420 HidBth - ok
19:06:47.0946 1420 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:06:47.0956 1420 HidIr - ok
19:06:47.0972 1420 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:06:47.0994 1420 hidserv - ok
19:06:48.0013 1420 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:06:48.0034 1420 HidUsb - ok
19:06:48.0046 1420 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:06:48.0074 1420 hkmsvc - ok
19:06:48.0086 1420 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:06:48.0107 1420 HomeGroupListener - ok
19:06:48.0133 1420 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:06:48.0151 1420 HomeGroupProvider - ok
19:06:48.0154 1420 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:06:48.0163 1420 HpSAMD - ok
19:06:48.0181 1420 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:06:48.0204 1420 HTTP - ok
19:06:48.0228 1420 hwdatacard - ok
19:06:48.0231 1420 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:06:48.0239 1420 hwpolicy - ok
19:06:48.0247 1420 hwusbfake - ok
19:06:48.0261 1420 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:06:48.0271 1420 i8042prt - ok
19:06:48.0291 1420 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:06:48.0304 1420 iaStorV - ok
19:06:48.0356 1420 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:06:48.0376 1420 idsvc - ok
19:06:48.0493 1420 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:06:48.0572 1420 igfx - ok
19:06:48.0586 1420 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:06:48.0594 1420 iirsp - ok
19:06:48.0642 1420 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:06:48.0678 1420 IKEEXT - ok
19:06:48.0683 1420 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:06:48.0692 1420 intelide - ok
19:06:48.0712 1420 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:06:48.0721 1420 intelppm - ok
19:06:48.0738 1420 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:06:48.0758 1420 IPBusEnum - ok
19:06:48.0772 1420 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:06:48.0799 1420 IpFilterDriver - ok
19:06:48.0827 1420 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:06:48.0868 1420 iphlpsvc - ok
19:06:48.0878 1420 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:06:48.0887 1420 IPMIDRV - ok
19:06:48.0892 1420 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:06:48.0923 1420 IPNAT - ok
19:06:48.0926 1420 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:06:48.0947 1420 IRENUM - ok
19:06:48.0959 1420 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:06:48.0968 1420 isapnp - ok
19:06:48.0986 1420 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:06:48.0997 1420 iScsiPrt - ok
19:06:49.0018 1420 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:06:49.0027 1420 kbdclass - ok
19:06:49.0042 1420 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:06:49.0051 1420 kbdhid - ok
19:06:49.0059 1420 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:06:49.0068 1420 KeyIso - ok
19:06:49.0096 1420 [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFILTERx86 C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:06:49.0102 1420 KMWDFILTERx86 - ok
19:06:49.0127 1420 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:06:49.0136 1420 KSecDD - ok
19:06:49.0163 1420 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:06:49.0173 1420 KSecPkg - ok
19:06:49.0191 1420 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:06:49.0213 1420 KtmRm - ok
19:06:49.0236 1420 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:06:49.0264 1420 LanmanServer - ok
19:06:49.0296 1420 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:06:49.0323 1420 LanmanWorkstation - ok
19:06:49.0359 1420 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:06:49.0379 1420 lltdio - ok
19:06:49.0399 1420 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:06:49.0432 1420 lltdsvc - ok
19:06:49.0434 1420 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:06:49.0452 1420 lmhosts - ok
19:06:49.0487 1420 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:06:49.0496 1420 LSI_FC - ok
19:06:49.0519 1420 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:06:49.0529 1420 LSI_SAS - ok
19:06:49.0554 1420 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:06:49.0573 1420 LSI_SAS2 - ok
19:06:49.0577 1420 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:06:49.0587 1420 LSI_SCSI - ok
19:06:49.0589 1420 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:06:49.0609 1420 luafv - ok
19:06:49.0624 1420 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:06:49.0634 1420 Mcx2Svc - ok
19:06:49.0641 1420 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:06:49.0648 1420 megasas - ok
19:06:49.0653 1420 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:06:49.0664 1420 MegaSR - ok
19:06:49.0699 1420 Microsoft SharePoint Workspace Audit Service - ok
19:06:49.0711 1420 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:06:49.0732 1420 MMCSS - ok
19:06:49.0752 1420 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:06:49.0779 1420 Modem - ok
19:06:49.0787 1420 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:06:49.0798 1420 monitor - ok
19:06:49.0829 1420 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:06:49.0838 1420 mouclass - ok
19:06:49.0857 1420 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:06:49.0876 1420 mouhid - ok
19:06:49.0881 1420 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:06:49.0889 1420 mountmgr - ok
19:06:49.0918 1420 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:06:49.0932 1420 MpFilter - ok
19:06:49.0951 1420 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:06:49.0961 1420 mpio - ok
19:06:50.0061 1420 [ A69630D039C38018689190234F866D77 ] MpKsle3ac2ad3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF3948FE-03B7-4931-A35C-277B3A64D064}\MpKsle3ac2ad3.sys
19:06:50.0068 1420 MpKsle3ac2ad3 - ok
19:06:50.0072 1420 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:06:50.0104 1420 mpsdrv - ok
19:06:50.0121 1420 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:06:50.0154 1420 MpsSvc - ok
19:06:50.0174 1420 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:06:50.0202 1420 MRxDAV - ok
19:06:50.0213 1420 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:06:50.0239 1420 mrxsmb - ok
19:06:50.0254 1420 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:06:50.0266 1420 mrxsmb10 - ok
19:06:50.0269 1420 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:06:50.0287 1420 mrxsmb20 - ok
19:06:50.0307 1420 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:06:50.0316 1420 msahci - ok
19:06:50.0326 1420 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:06:50.0336 1420 msdsm - ok
19:06:50.0357 1420 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:06:50.0367 1420 MSDTC - ok
19:06:50.0388 1420 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:06:50.0413 1420 Msfs - ok
19:06:50.0427 1420 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:06:50.0452 1420 mshidkmdf - ok
19:06:50.0454 1420 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:06:50.0463 1420 msisadrv - ok
19:06:50.0482 1420 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:06:50.0502 1420 MSiSCSI - ok
19:06:50.0504 1420 msiserver - ok
19:06:50.0514 1420 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:06:50.0533 1420 MSKSSRV - ok
19:06:50.0608 1420 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:06:50.0618 1420 MsMpSvc - ok
19:06:50.0622 1420 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:06:50.0648 1420 MSPCLOCK - ok
19:06:50.0652 1420 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:06:50.0681 1420 MSPQM - ok
19:06:50.0697 1420 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:06:50.0707 1420 MsRPC - ok
19:06:50.0718 1420 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:06:50.0727 1420 mssmbios - ok
19:06:50.0729 1420 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:06:50.0748 1420 MSTEE - ok
19:06:50.0767 1420 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:06:50.0784 1420 MTConfig - ok
19:06:50.0803 1420 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:06:50.0822 1420 MTsensor - ok
19:06:50.0826 1420 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:06:50.0834 1420 Mup - ok
19:06:50.0866 1420 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:06:50.0898 1420 napagent - ok
19:06:50.0932 1420 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:06:50.0949 1420 NativeWifiP - ok
19:06:50.0984 1420 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:06:51.0003 1420 NDIS - ok
19:06:51.0023 1420 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:06:51.0049 1420 NdisCap - ok
19:06:51.0071 1420 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:06:51.0089 1420 NdisTapi - ok
19:06:51.0093 1420 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:06:51.0111 1420 Ndisuio - ok
19:06:51.0116 1420 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:06:51.0134 1420 NdisWan - ok
19:06:51.0147 1420 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:06:51.0176 1420 NDProxy - ok
19:06:51.0178 1420 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:06:51.0198 1420 NetBIOS - ok
19:06:51.0221 1420 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:06:51.0241 1420 NetBT - ok
19:06:51.0248 1420 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:06:51.0257 1420 Netlogon - ok
19:06:51.0279 1420 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:06:51.0312 1420 Netman - ok
19:06:51.0326 1420 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:06:51.0362 1420 netprofm - ok
19:06:51.0394 1420 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:06:51.0403 1420 NetTcpPortSharing - ok
19:06:51.0432 1420 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:06:51.0441 1420 nfrd960 - ok
19:06:51.0481 1420 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:06:51.0492 1420 NisDrv - ok
19:06:51.0538 1420 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:06:51.0553 1420 NisSrv - ok
19:06:51.0579 1420 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:06:51.0592 1420 NlaSvc - ok
19:06:51.0596 1420 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:06:51.0616 1420 Npfs - ok
19:06:51.0634 1420 npggsvc - ok
19:06:51.0638 1420 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:06:51.0658 1420 nsi - ok
19:06:51.0661 1420 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:06:51.0679 1420 nsiproxy - ok
19:06:51.0718 1420 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:06:51.0744 1420 Ntfs - ok
19:06:51.0758 1420 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:06:51.0782 1420 Null - ok
19:06:51.0819 1420 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
19:06:51.0832 1420 NVENETFD - ok
19:06:52.0041 1420 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:06:52.0228 1420 nvlddmkm - ok
19:06:52.0262 1420 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
19:06:52.0273 1420 NVNET - ok
19:06:52.0312 1420 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:06:52.0322 1420 nvraid - ok
19:06:52.0331 1420 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:06:52.0339 1420 nvstor - ok
19:06:52.0379 1420 [ 31D7E63B62BC4680B5D1358F91DA104E ] nvsvc C:\Windows\system32\nvvsvc.exe
19:06:52.0397 1420 nvsvc - ok
19:06:52.0449 1420 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:06:52.0476 1420 nvUpdatusService - ok
19:06:52.0493 1420 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:06:52.0502 1420 nv_agp - ok
19:06:52.0514 1420 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:06:52.0538 1420 ohci1394 - ok
19:06:52.0628 1420 [ D3530461AF3737392E5693D9E2CEA4A2 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
19:06:52.0666 1420 OODefragAgent - ok
19:06:52.0723 1420 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:06:52.0733 1420 ose - ok
19:06:52.0847 1420 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:06:52.0927 1420 osppsvc - ok
19:06:52.0952 1420 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:06:52.0982 1420 p2pimsvc - ok
19:06:53.0006 1420 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:06:53.0019 1420 p2psvc - ok
19:06:53.0046 1420 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
19:06:53.0064 1420 Parport - ok
19:06:53.0093 1420 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:06:53.0102 1420 partmgr - ok
19:06:53.0119 1420 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:06:53.0128 1420 Parvdm - ok
19:06:53.0147 1420 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:06:53.0163 1420 PcaSvc - ok
19:06:53.0168 1420 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:06:53.0181 1420 pci - ok
19:06:53.0184 1420 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:06:53.0192 1420 pciide - ok
19:06:53.0211 1420 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:06:53.0221 1420 pcmcia - ok
19:06:53.0224 1420 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:06:53.0233 1420 pcw - ok
19:06:53.0271 1420 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:06:53.0316 1420 PEAUTH - ok
19:06:53.0343 1420 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:06:53.0374 1420 PeerDistSvc - ok
19:06:53.0412 1420 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:06:53.0458 1420 pla - ok
19:06:53.0484 1420 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:06:53.0511 1420 PlugPlay - ok
19:06:53.0513 1420 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:06:53.0552 1420 PNRPAutoReg - ok
19:06:53.0568 1420 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:06:53.0579 1420 PNRPsvc - ok
19:06:53.0607 1420 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:06:53.0636 1420 PolicyAgent - ok
19:06:53.0642 1420 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:06:53.0662 1420 Power - ok
19:06:53.0694 1420 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:06:53.0723 1420 PptpMiniport - ok
19:06:53.0757 1420 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:06:53.0767 1420 Processor - ok
19:06:53.0804 1420 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:06:53.0831 1420 ProfSvc - ok
19:06:53.0844 1420 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:06:53.0853 1420 ProtectedStorage - ok
19:06:53.0867 1420 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:06:53.0899 1420 Psched - ok
19:06:53.0923 1420 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:06:53.0931 1420 PxHelp20 - ok
19:06:53.0963 1420 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:06:53.0993 1420 ql2300 - ok
19:06:54.0008 1420 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:06:54.0018 1420 ql40xx - ok
19:06:54.0036 1420 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:06:54.0051 1420 QWAVE - ok
19:06:54.0054 1420 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:06:54.0064 1420 QWAVEdrv - ok
19:06:54.0121 1420 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
19:06:54.0131 1420 RapiMgr - ok
19:06:54.0147 1420 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:06:54.0166 1420 RasAcd - ok
19:06:54.0181 1420 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:06:54.0198 1420 RasAgileVpn - ok
19:06:54.0202 1420 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:06:54.0223 1420 RasAuto - ok
19:06:54.0227 1420 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:06:54.0247 1420 Rasl2tp - ok
19:06:54.0257 1420 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:06:54.0291 1420 RasMan - ok
19:06:54.0294 1420 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:06:54.0323 1420 RasPppoe - ok
19:06:54.0326 1420 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:06:54.0344 1420 RasSstp - ok
19:06:54.0363 1420 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:06:54.0383 1420 rdbss - ok
19:06:54.0387 1420 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:06:54.0406 1420 rdpbus - ok
19:06:54.0414 1420 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:06:54.0432 1420 RDPCDD - ok
19:06:54.0456 1420 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:06:54.0479 1420 RDPDR - ok
19:06:54.0487 1420 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:06:54.0511 1420 RDPENCDD - ok
19:06:54.0514 1420 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:06:54.0532 1420 RDPREFMP - ok
19:06:54.0561 1420 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:06:54.0581 1420 RdpVideoMiniport - ok
19:06:54.0609 1420 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:06:54.0634 1420 RDPWD - ok
19:06:54.0639 1420 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:06:54.0652 1420 rdyboost - ok
19:06:54.0666 1420 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:06:54.0684 1420 RemoteAccess - ok
19:06:54.0689 1420 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:06:54.0709 1420 RemoteRegistry - ok
19:06:54.0727 1420 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:06:54.0738 1420 RFCOMM - ok
19:06:54.0754 1420 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:06:54.0776 1420 RpcEptMapper - ok
19:06:54.0779 1420 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:06:54.0788 1420 RpcLocator - ok
19:06:54.0803 1420 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:06:54.0824 1420 RpcSs - ok
19:06:54.0838 1420 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:06:54.0867 1420 rspndr - ok
19:06:54.0889 1420 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:06:54.0914 1420 s3cap - ok
19:06:54.0923 1420 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:06:54.0931 1420 SamSs - ok
19:06:54.0956 1420 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:06:54.0964 1420 sbp2port - ok
19:06:54.0982 1420 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:06:55.0002 1420 SCardSvr - ok
19:06:55.0006 1420 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:06:55.0023 1420 scfilter - ok
19:06:55.0043 1420 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:06:55.0072 1420 Schedule - ok
19:06:55.0087 1420 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:06:55.0104 1420 SCPolicySvc - ok
19:06:55.0108 1420 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:06:55.0131 1420 SDRSVC - ok
19:06:55.0141 1420 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:06:55.0159 1420 secdrv - ok
19:06:55.0163 1420 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:06:55.0189 1420 seclogon - ok
19:06:55.0209 1420 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:06:55.0237 1420 SENS - ok
19:06:55.0241 1420 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:06:55.0266 1420 SensrSvc - ok
19:06:55.0297 1420 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:06:55.0306 1420 Serenum - ok
19:06:55.0312 1420 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:06:55.0321 1420 Serial - ok
19:06:55.0332 1420 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:06:55.0349 1420 sermouse - ok
19:06:55.0359 1420 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:06:55.0383 1420 SessionEnv - ok
19:06:55.0401 1420 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:06:55.0423 1420 sffdisk - ok
19:06:55.0427 1420 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:06:55.0436 1420 sffp_mmc - ok
19:06:55.0453 1420 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:06:55.0474 1420 sffp_sd - ok
19:06:55.0478 1420 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:06:55.0487 1420 sfloppy - ok
19:06:55.0501 1420 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:06:55.0536 1420 SharedAccess - ok
19:06:55.0556 1420 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:06:55.0578 1420 ShellHWDetection - ok
19:06:55.0594 1420 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:06:55.0603 1420 sisagp - ok
19:06:55.0613 1420 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:06:55.0621 1420 SiSRaid2 - ok
19:06:55.0627 1420 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:06:55.0636 1420 SiSRaid4 - ok
19:06:55.0681 1420 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:06:55.0689 1420 SkypeUpdate - ok
19:06:55.0719 1420 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:06:55.0739 1420 Smb - ok
19:06:55.0758 1420 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:06:55.0768 1420 SNMPTRAP - ok
19:06:55.0812 1420 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
19:06:55.0854 1420 speedfan - ok
19:06:55.0877 1420 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:06:55.0886 1420 spldr - ok
19:06:55.0912 1420 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:06:55.0938 1420 Spooler - ok
19:06:56.0001 1420 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:06:56.0059 1420 sppsvc - ok
19:06:56.0064 1420 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:06:56.0083 1420 sppuinotify - ok
19:06:56.0098 1420 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:06:56.0131 1420 srv - ok
19:06:56.0143 1420 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:06:56.0154 1420 srv2 - ok
19:06:56.0158 1420 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:06:56.0168 1420 srvnet - ok
19:06:56.0184 1420 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:06:56.0206 1420 SSDPSRV - ok
19:06:56.0217 1420 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:06:56.0241 1420 SstpSvc - ok
19:06:56.0254 1420 Steam Client Service - ok
19:06:56.0258 1420 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:06:56.0266 1420 stexstor - ok
19:06:56.0301 1420 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:06:56.0328 1420 StiSvc - ok
19:06:56.0332 1420 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:06:56.0339 1420 storflt - ok
19:06:56.0357 1420 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:06:56.0366 1420 storvsc - ok
19:06:56.0383 1420 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:06:56.0392 1420 swenum - ok
19:06:56.0397 1420 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:06:56.0432 1420 swprv - ok
19:06:56.0452 1420 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
19:06:56.0461 1420 Synth3dVsc - ok
19:06:56.0488 1420 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:06:56.0514 1420 SysMain - ok
19:06:56.0519 1420 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:06:56.0532 1420 TabletInputService - ok
19:06:56.0537 1420 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:06:56.0559 1420 TapiSrv - ok
19:06:56.0563 1420 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:06:56.0592 1420 TBS - ok
19:06:56.0627 1420 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:06:56.0654 1420 Tcpip - ok
19:06:56.0669 1420 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:06:56.0692 1420 TCPIP6 - ok
19:06:56.0697 1420 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:06:56.0706 1420 tcpipreg - ok
19:06:56.0722 1420 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:06:56.0729 1420 TDPIPE - ok
19:06:56.0764 1420 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:06:56.0772 1420 TDTCP - ok
19:06:56.0796 1420 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:06:56.0813 1420 tdx - ok
19:06:56.0889 1420 [ 1C46C27E9F1938B9589859C70450D275 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
19:06:56.0933 1420 TeamViewer6 - ok
19:06:56.0947 1420 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:06:56.0954 1420 TermDD - ok
19:06:56.0974 1420 [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:06:56.0983 1420 terminpt - ok
19:06:56.0999 1420 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:06:57.0034 1420 TermService - ok
19:06:57.0043 1420 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:06:57.0066 1420 Themes - ok
19:06:57.0076 1420 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:06:57.0096 1420 THREADORDER - ok
19:06:57.0106 1420 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:06:57.0137 1420 TrkWks - ok
19:06:57.0161 1420 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:06:57.0181 1420 TrustedInstaller - ok
19:06:57.0186 1420 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:06:57.0212 1420 tssecsrv - ok
19:06:57.0234 1420 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:06:57.0258 1420 TsUsbFlt - ok
19:06:57.0279 1420 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:06:57.0306 1420 TsUsbGD - ok
19:06:57.0329 1420 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:06:57.0354 1420 tsusbhub - ok
19:06:57.0371 1420 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:06:57.0389 1420 tunnel - ok
19:06:57.0403 1420 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:06:57.0412 1420 uagp35 - ok
19:06:57.0429 1420 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:06:57.0449 1420 udfs - ok
19:06:57.0457 1420 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:06:57.0467 1420 UI0Detect - ok
19:06:57.0479 1420 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:06:57.0488 1420 uliagpkx - ok
19:06:57.0512 1420 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:06:57.0521 1420 umbus - ok
19:06:57.0536 1420 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
19:06:57.0543 1420 UmPass - ok
19:06:57.0548 1420 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:06:57.0572 1420 UmRdpService - ok
19:06:57.0588 1420 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:06:57.0613 1420 upnphost - ok
19:06:57.0643 1420 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:06:57.0654 1420 usbaudio - ok
19:06:57.0664 1420 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:06:57.0681 1420 usbccgp - ok
19:06:57.0692 1420 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:06:57.0702 1420 usbcir - ok
19:06:57.0713 1420 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:06:57.0722 1420 usbehci - ok
19:06:57.0728 1420 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:06:57.0739 1420 usbhub - ok
19:06:57.0752 1420 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:06:57.0764 1420 usbohci - ok
19:06:57.0788 1420 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:06:57.0808 1420 usbprint - ok
19:06:57.0823 1420 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:06:57.0834 1420 usbscan - ok
19:06:57.0843 1420 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:06:57.0861 1420 USBSTOR - ok
19:06:57.0881 1420 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:06:57.0888 1420 usbuhci - ok
19:06:57.0921 1420 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:06:57.0947 1420 usbvideo - ok
19:06:57.0976 1420 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:06:57.0999 1420 usb_rndisx - ok
19:06:58.0009 1420 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:06:58.0033 1420 UxSms - ok
19:06:58.0041 1420 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:06:58.0049 1420 VaultSvc - ok
19:06:58.0059 1420 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:06:58.0067 1420 vdrvroot - ok
19:06:58.0084 1420 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:06:58.0108 1420 vds - ok
19:06:58.0124 1420 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:06:58.0147 1420 vga - ok
19:06:58.0162 1420 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:06:58.0181 1420 VgaSave - ok
19:06:58.0183 1420 VGPU - ok
19:06:58.0202 1420 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:06:58.0213 1420 vhdmp - ok
19:06:58.0232 1420 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:06:58.0241 1420 viaagp - ok
19:06:58.0253 1420 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:06:58.0277 1420 ViaC7 - ok
19:06:58.0281 1420 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:06:58.0288 1420 viaide - ok
19:06:58.0312 1420 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:06:58.0323 1420 vmbus - ok
19:06:58.0341 1420 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:06:58.0349 1420 VMBusHID - ok
19:06:58.0352 1420 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:06:58.0361 1420 volmgr - ok
19:06:58.0374 1420 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:06:58.0387 1420 volmgrx - ok
19:06:58.0392 1420 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:06:58.0403 1420 volsnap - ok
19:06:58.0426 1420 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:06:58.0436 1420 vsmraid - ok
19:06:58.0454 1420 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:06:58.0486 1420 VSS - ok
19:06:58.0489 1420 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:06:58.0499 1420 vwifibus - ok
19:06:58.0521 1420 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:06:58.0532 1420 vwififlt - ok
19:06:58.0537 1420 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:06:58.0561 1420 W32Time - ok
19:06:58.0579 1420 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:06:58.0597 1420 WacomPen - ok
19:06:58.0601 1420 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:06:58.0618 1420 WANARP - ok
19:06:58.0622 1420 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:06:58.0639 1420 Wanarpv6 - ok
19:06:58.0696 1420 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:06:58.0737 1420 WatAdminSvc - ok
19:06:58.0757 1420 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:06:58.0797 1420 wbengine - ok
19:06:58.0802 1420 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:06:58.0819 1420 WbioSrvc - ok
19:06:58.0853 1420 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:06:58.0866 1420 WcesComm - ok
19:06:58.0872 1420 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:06:58.0887 1420 wcncsvc - ok
19:06:58.0889 1420 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:06:58.0916 1420 WcsPlugInService - ok
19:06:58.0919 1420 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
19:06:58.0928 1420 Wd - ok
19:06:58.0941 1420 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:06:58.0958 1420 Wdf01000 - ok
19:06:58.0971 1420 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:06:59.0006 1420 WdiServiceHost - ok
19:06:59.0008 1420 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:06:59.0021 1420 WdiSystemHost - ok
19:06:59.0036 1420 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:06:59.0061 1420 WebClient - ok
19:06:59.0066 1420 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:06:59.0099 1420 Wecsvc - ok
19:06:59.0103 1420 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:06:59.0122 1420 wercplsupport - ok
19:06:59.0132 1420 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:06:59.0157 1420 WerSvc - ok
19:06:59.0174 1420 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:06:59.0203 1420 WfpLwf - ok
19:06:59.0218 1420 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:06:59.0227 1420 WIMMount - ok
19:06:59.0292 1420 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:06:59.0319 1420 WinDefend - ok
19:06:59.0323 1420 WinHttpAutoProxySvc - ok
19:06:59.0361 1420 Winmgmt - ok
19:06:59.0398 1420 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:06:59.0432 1420 WinRM - ok
19:06:59.0474 1420 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:06:59.0498 1420 WinUsb - ok
19:06:59.0522 1420 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:06:59.0556 1420 Wlansvc - ok
19:06:59.0617 1420 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:06:59.0652 1420 wlidsvc - ok
19:06:59.0671 1420 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:06:59.0694 1420 WmiAcpi - ok
19:06:59.0734 1420 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:06:59.0744 1420 wmiApSrv - ok
19:06:59.0776 1420 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:06:59.0804 1420 WMPNetworkSvc - ok
19:06:59.0808 1420 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:06:59.0822 1420 WPCSvc - ok
19:06:59.0833 1420 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:06:59.0858 1420 WPDBusEnum - ok
19:06:59.0862 1420 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:06:59.0881 1420 ws2ifsl - ok
19:06:59.0884 1420 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:06:59.0897 1420 wscsvc - ok
19:06:59.0899 1420 WSearch - ok
19:06:59.0948 1420 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:06:59.0988 1420 wuauserv - ok
19:07:00.0009 1420 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:07:00.0026 1420 WudfPf - ok
19:07:00.0051 1420 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:00.0061 1420 WUDFRd - ok
19:07:00.0068 1420 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:07:00.0078 1420 wudfsvc - ok
19:07:00.0083 1420 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:07:00.0102 1420 WwanSvc - ok
19:07:00.0146 1420 [ 276842A27953BE204A2507096F09B1F3 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:07:00.0153 1420 xusb21 - ok
19:07:00.0171 1420 ================ Scan global ===============================
19:07:00.0199 1420 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:07:00.0213 1420 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
19:07:00.0219 1420 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
19:07:00.0232 1420 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:07:00.0249 1420 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:07:00.0253 1420 [Global] - ok
19:07:00.0254 1420 ================ Scan MBR ==================================
19:07:00.0263 1420 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:07:00.0653 1420 \Device\Harddisk0\DR0 - ok
19:07:00.0653 1420 ================ Scan VBR ==================================
19:07:00.0681 1420 [ 58A8364CAEDE73E46465BEF421A56CA7 ] \Device\Harddisk0\DR0\Partition1
19:07:00.0682 1420 \Device\Harddisk0\DR0\Partition1 - ok
19:07:00.0688 1420 [ 1031DFFBBBABFCED876F29D983F7E7D4 ] \Device\Harddisk0\DR0\Partition2
19:07:00.0689 1420 \Device\Harddisk0\DR0\Partition2 - ok
19:07:00.0689 1420 ============================================================
19:07:00.0689 1420 Scan finished
19:07:00.0689 1420 ============================================================
19:07:00.0696 3520 Detected object count: 3
19:07:00.0696 3520 Actual detected object count: 3
19:07:23.0264 3520 athr ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:23.0264 3520 athr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:07:23.0266 3520 cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:23.0266 3520 cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:07:23.0267 3520 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:23.0267 3520 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 21.01.2013, 20:32   #8
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 21:17   #9
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



... und hier die log


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-21.04 - Nana 21.01.2013  21:04:10.1.4 - x86
ausgeführt von:: c:\users\Nana\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-21 18:06 . 2013-01-21 18:06	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF3948FE-03B7-4931-A35C-277B3A64D064}\MpKsle3ac2ad3.sys
2013-01-21 16:44 . 2013-01-21 20:11	60872	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF3948FE-03B7-4931-A35C-277B3A64D064}\offreg.dll
2013-01-21 03:14 . 2013-01-21 03:14	--------	d-----w-	C:\_OTL
2013-01-20 21:31 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF3948FE-03B7-4931-A35C-277B3A64D064}\mpengine.dll
2013-01-09 23:07 . 2012-11-19 00:04	6812136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-09 11:48 . 2012-12-07 12:26	308736	----a-w-	c:\windows\system32\Wpc.dll
2013-01-05 00:10 . 2013-01-05 00:10	--------	d-----w-	c:\windows\system32\oodag
2013-01-04 21:59 . 2013-01-04 21:59	--------	d-----w-	c:\users\Nana\AppData\Local\O&O
2013-01-04 21:58 . 2013-01-04 21:58	--------	d-----w-	c:\program files\OO Software
2013-01-04 21:58 . 2013-01-04 21:58	--------	d-----w-	c:\programdata\OO Software
2013-01-03 21:58 . 2013-01-03 21:59	--------	d-----w-	c:\users\Nana\AppData\Roaming\calibre
2013-01-03 21:57 . 2013-01-03 21:58	--------	d-----w-	c:\program files\Calibre2
2013-01-01 17:19 . 2006-07-28 08:30	236824	----a-w-	c:\windows\system32\xactengine2_3.dll
2013-01-01 16:08 . 2013-01-01 16:08	--------	d-----w-	c:\users\Nana\AppData\Roaming\JAM Software
2013-01-01 16:07 . 2013-01-01 16:07	--------	d-----w-	c:\program files\JAM Software
2012-12-31 01:36 . 2012-12-31 01:36	--------	d-----w-	c:\programdata\Battle.net
2012-12-30 21:05 . 2012-10-23 05:04	740840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-12-30 21:05 . 2012-10-23 05:04	740840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C7DF3F8-286F-4CFD-84F4-1143C1CEF151}\gapaengine.dll
2012-12-30 21:03 . 2012-12-31 01:58	--------	d-----w-	c:\program files\StarCraft II
2012-12-30 21:03 . 2012-12-31 01:44	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-12-30 21:03 . 2012-12-31 01:44	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2012-12-30 21:01 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-30 21:01 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-30 21:01 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2012-12-30 21:01 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-30 21:01 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-12-30 20:58 . 2012-12-30 20:59	--------	d-----w-	c:\program files\Microsoft Security Client
2012-12-27 20:06 . 2012-12-27 20:06	--------	d-----w-	c:\users\Nana\Selbst geschrieben
2012-12-27 19:35 . 2012-12-27 20:09	--------	d-----w-	c:\users\Nana\Bücherpdf's
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:13 . 2012-12-21 23:28	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:28	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-07 20:40 . 2012-12-07 20:40	42440	----a-w-	c:\windows\system32\xfcodec.dll
2012-12-01 04:38 . 2011-10-10 18:45	2869608	----a-w-	c:\windows\system32\nvsvc.dll
2012-12-01 04:38 . 2011-10-10 18:45	3984744	----a-w-	c:\windows\system32\nvcpl.dll
2012-12-01 04:37 . 2011-10-10 18:45	645480	----a-w-	c:\windows\system32\nvvsvc.exe
2012-12-01 04:37 . 2011-10-10 18:45	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-12-01 04:37 . 2011-10-10 18:45	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-12-01 04:37 . 2011-10-10 18:45	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-11-14 02:09 . 2012-12-13 01:35	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 01:35	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 01:35	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 01:35	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 01:35	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 01:35	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 09:50	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-07 23:37 . 2012-04-09 09:22	34024	----a-w-	c:\windows\system32\cmdcsr.dll
2012-11-07 15:05 . 2012-06-20 19:35	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-07 15:05 . 2012-06-20 19:35	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 05:11 . 2012-12-12 09:50	376832	----a-w-	c:\windows\system32\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Nana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-09 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-09-14 5029232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
O&O Defrag Tray.lnk - c:\windows\Installer\{8EA4062D-2664-413B-90CF-EF9F1BDEDFBC}\DefragIcon.exe [2013-1-4 292878]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Nana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28	38112	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54	3672384	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11	3325952	----a-w-	c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-11-09 19:25	7880664	----a-w-	c:\users\Nana\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-01-09 22:23	1199576	----a-w-	c:\users\Nana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-06 19:49	1354736	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21	648072	----a-w-	c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 15:57	718688	----a-w-	c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 MpKsle3ac2ad3;MpKsle3ac2ad3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF3948FE-03B7-4931-A35C-277B3A64D064}\MpKsle3ac2ad3.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
.
------- Zusätzlicher Suchlauf -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="BB10FA2C00D0C4263BA32A7B371713903B308F0EFDF74FCEED5D7C24F8C628D411BF46829596E354E8EA1384496DB9C24753BC82635038A02BFD3C84F21A3B19E8FD274AB5266E6962C842199FC36D2354579C67E5865F36B1113DCD29D534CC0A93E64CA1DCE8F9093BE05EE43FE0327C8DD7603A23489D725F4BC07808092DE0DB90097B6FDA8FE1D3D9B226D84F67FD5CDA45F404FC5985C274D11F1136E8FCC8F2B2CC62CEA795B65EA3D45873AB3A3F58A311590CE0A5AA092BC2A8B925925CA0AE8313D532721DE0F546610E5D3743443CEC288720B21C20AB68579579F9B070FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CA2D97226D213B5559DB7CE019D40AA5C730A056B22306A51C391BF14C0A2CC967D66C0ED8C629644E8FD4D391E977A3A8864F7167BF12DA1925D3E3E740F242A38166BC7D274285D3069577CD19EB7F82632E7406F96335EE82DF00A841FE0106FE857E5B56FBAC2B04D8B0FAA7C907A452B5194215379B759DE5A914105143878052BF3521E91441C38574C33369E0E91E78640A5858F1E2FB8CFF56D92DFD4D879E1213B6B0776D3A2F896E9EE114AEBE72AF40BAA97C9E6607A57C1C100DD4B35C82274690731EFE284D1BF722807698C3667CDE5C93233E1595E6BAD3D8EBD8D052D76CB15903DB8E2669B2E3CE2D11E7753627EEF17F82D3D348894F96553B98B7FAEEC44F339444D405733B63DA1C48DF32FDEEAFAD0934C07ADDC2A2661D7A7D8FE48BF01980CD652BFB896BC0A906F8D1016AD24894E008BE20D56D67466787B3B00439FC378E08E1A176DCA6F73E3E3D1D73F1B2477A67725D11A44C94AEFAFACD8A17A54D6247098CD611369C309C03A79BAAED6906105E37A25FBD34D56C091BA3F049A592CF1E77DAD0845BBCEF1007650F1897A267283FABC523A99C47F9933146E9A955815A46C9FDD0479794ACC6FC13ADBFD3F05DAEA395E56C02BBDEAF3AFB28A04DD5E6205998ED800A31EBF2467A11EC64A7FB60886FA3738CB559CCF328C5882C2D6A45491D52EB5B8C7EB7E2C07D5E3B8AFD6AFA5461F57BCA03DC151FC2152630A670E93B61F647924D8078F8B3DC750E2EFE629A405D9EAFECE65D548B91A70091985BBF47C3B7B95026E249641CBABEBA9563ABD926113D343FC1DF429E0ECE999363D9A4ACB2701D60712D003A937219F48167BA7F1C88886EB9851AA1531C3C0BEDEF4428EB8D0B74695A95902B55EE22E0C8DD5F37287743CCD6B2F8967B2D85EFA1450DA4173FDC9FBD24BD53D01769A01E7E333CB415E19D598D87111599DFDFE4E1470A658F34E28429A8FB56C52476C404BE0622709D55EF0FEE7815AC326ECBB64F2A076D938143234795F86E3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-21  21:14:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-21 20:14
.
Vor Suchlauf: 11 Verzeichnis(se), 127.097.679.872 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 141.538.652.160 Bytes frei
.
- - End Of File - - EC983093B5303F3BC58D0218010252D0
         
--- --- ---

Alt 21.01.2013, 21:33   #10
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



sehr gut.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 21:39   #11
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



Soll ich meinen Virusscanner dabei wieder abschalten?

Alt 21.01.2013, 21:40   #12
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



ja, und sonstige laufene Programme.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 22:29   #13
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



... puh ganz schön langer Weg und den Compi wieder sauber zu bekommen

hier die log



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Nana :: NANOTSCHKA [Administrator]

21.01.2013 21:43:53
mbam-log-2013-01-21 (21-43-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418491
Laufzeit: 41 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Nana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\33266425-40fd0ed6 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cdf4df6-6cf4e2e6 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01202013_221415\E_Users\Nana\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 22.01.2013, 13:01   #14
markusg
/// Malware-holic
 
Bundestrojaner - Standard

Bundestrojaner



hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 21:41   #15
nano4sparta
 
Bundestrojaner - Standard

Bundestrojaner



and here we go.

Adobe Digital Editions 2.0 (unbekannt) Adobe Systems Incorporated (unbekannt) 10.12.2012 15,3MB 2.0
Adobe Flash Player 11 ActiveX (unbekannt) Adobe Systems Incorporated (unbekannt) 07.11.2012 6,00MB 11.5.502.110
Adobe Flash Player 11 Plugin (unbekannt)Adobe Systems Incorporated (unbekannt) 05.11.2012 6,00MB 11.4.402.287
Adobe Photoshop Elements 8.0 (notwendig) Adobe Systems Incorporated (unbekannt) 26.07.2011 1,54GB 8.0
Adobe Reader X (10.1.5) - Deutsch (notwendig) Adobe Systems Incorporated (unbekannt) 21.01.2013 126MB 10.1.5
AMR to MP3 Converter 1.4 (unnötig) amrtomp3converter.com 17.09.2012
ATI Catalyst Install Manager (notwendig) ATI Technologies, Inc. (notwendig) 26.07.2011 16,6MB 3.0.829.0
Aureon 7.1 PCI (unbekannt) 26.07.2011
Braid Number None, Inc. (unnötig) 28.07.2011
calibre Kovid Goyal 03.01.2013 137MB 0.9.12
Call of Duty: Black Ops Treyarch (notwendig) 26.07.2011
Call of Duty: Black Ops - Multiplayer Treyarch (notwendig) 26.07.2011
Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward (notwendig) 09.09.2011
CCleaner Piriform (notwendig) 19.12.2012 3.26
Creation Kit (ubekannt) 01.01.2013
Die*Sims™*3 (notwendig) Electronic Arts 28.06.2012 1.0.631
EA Download Manager (unnötig) Electronic Arts, Inc. 28.06.2012 5.0.0.255
F.E.A.R. 2: Project Origin (notwendig) Monolith Productions, Inc. 27.07.2011
Fallout 3 - Game of the Year Edition (notwendig) Bethesda Softworks 27.07.2011
Java(TM) 6 Update 22 Oracle 26.07.2011 (notwendig) 97,0MB 6.0.220
Killing Floor Tripwire Interactive (notwendig) 26.07.2011
Lead and Gold - Gangs of the Wild West Fatshark (unnötig) 28.07.2011
LIMBO (unnötig) 09.06.2012
Malwarebytes Anti-Malware Version 1.70.0.1100 (unbekannt) Malwarebytes Corporation 21.01.2013 18,4MB 1.70.0.1100
Metro 2033 THQ 27.07.2011

(nötig)

Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.07.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 15.07.2011 2,93MB 4.0.30319
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 27.07.2011 32,5MB 2.0.672.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 16.09.2012 14.0.6029.1000
Microsoft Security Essentials Microsoft Corporation 30.12.2012 4.1.522.0
Microsoft Silverlight Microsoft Corporation 11.09.2012 60,4MB 4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 17.09.2012 1,69MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.10.2012 2,38MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.10.2012 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.07.2011 240KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.07.2011 596KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.09.2012 600KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 02.01.2013 15,0MB 10.0.40219
Microsoft WSE 3.0 Runtime Microsoft Corp. 28.06.2012 942KB 3.0.5305.0
Microsoft Xbox 360 Accessories 1.2 Microsoft 26.07.2011 6,93MB 1.20.146.0
NVIDIA 3D Vision Controller-Treiber 280.19 NVIDIA Corporation 10.10.2011 280.19
NVIDIA Drivers NVIDIA Corporation 26.07.2011 3,25MB 1.10.62.40
NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 18.11.2012 306.97
NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 10.10.2011 9.10.0514
NVIDIA Update 1.10.8 NVIDIA Corporation 18.11.2012 1.10.8
O&O Defrag Professional O&O Software GmbH 04.01.2013 56,9MB 16.0.139
OpenOffice.org 3.3 OpenOffice.org 26.07.2011 412MB 3.3.9567
Opera 12.12 Opera Software ASA 01.01.2013 12.12.1707


Prince of Persia T2T (unnötig) Ubisoft 20.05.2012 1.00.999
Sacred 2 (notwendig)Ascaron Entertainment 13.09.2011 12,0GB 2.0.2.0
Skype™ 6.0 (notwendig) Skype Technologies S.A. 22.11.2012 20,3MB 6.0.126
SpeedFan (remove only) (notwendig) 26.07.2011
Spotify Spotify AB (notwedig) 09.11.2012 0.8.5.1333.g822e0de8
StarCraft II Blizzard Entertainment 8unnötig) 31.12.2012 1.5.3.23260
Steam Valve Corporation (unnötig) 26.07.2011 42,2MB 1.0.0.0
TeamSpeak 3 Client (nötig) TeamSpeak Systems GmbH 05.11.2011
TeamViewer 6 (notwendig) TeamViewer GmbH 11.09.2011 6.0.11117
The Elder Scrolls V: Skyrim (notwendig) Bethesda Game Studios 01.01.2013
The Witcher Enhanced Edition Version 1.6 (notwendig) CD Projekt RED 01.10.2012 7,83GB 1.6
The Witcher: Enhanced Edition (notwendig) CD Projekt RED 26.07.2011
TreeSize Free V2.7 (unbekannt)= JAM Software 01.01.2013 3,96MB 2.7
Trine Frozenbyte (unnötig) 26.07.2011
Venetica dtp (notwendig) 19.06.2012
VLC media player 1.1.11 (notwendig) VideoLAN 19.10.2011 1.1.11
Windows Live Essentials Microsoft Corporation 8notwendig) 17.09.2012 16.4.3503.0728
Windows Mobile-Gerätecenter (notwendig) Microsoft Corporation 13.12.2012 27,4MB 6.1.6965.0
Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 13.12.2012 42,4MB 6.1.6965.0
Xfire (remove only) 26.07.2011

Antwort

Themen zu Bundestrojaner
adobe, autorun.inf, bho, browser, button, cdrom, defender, error, explorer, explorer.exe, format, helper, logfile, microsoft, nvidia, nvidia update, office, plug-in, registry, scan, security, service.exe, software, sound, spotify web helper, system32, trojaner-board, win32, winlogon



Ähnliche Themen: Bundestrojaner


  1. Bundestrojaner auf 2.ten Pc
    Plagegeister aller Art und deren Bekämpfung - 26.06.2015 (18)
  2. Bundestrojaner ?
    Log-Analyse und Auswertung - 01.01.2015 (1)
  3. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (9)
  4. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  5. GVU Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (5)
  6. GVU - Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (15)
  7. Bundestrojaner
    Log-Analyse und Auswertung - 23.11.2012 (2)
  8. Bundestrojaner will 100€
    Log-Analyse und Auswertung - 21.11.2012 (34)
  9. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (13)
  10. Bundestrojaner
    Log-Analyse und Auswertung - 27.09.2012 (31)
  11. Bundestrojaner 1.13 :(
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (10)
  12. Bundestrojaner
    Log-Analyse und Auswertung - 09.09.2012 (2)
  13. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)
  14. Bundestrojaner
    Log-Analyse und Auswertung - 25.03.2012 (3)
  15. Bundestrojaner
    Log-Analyse und Auswertung - 09.03.2012 (15)
  16. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (11)
  17. Bundestrojaner
    Log-Analyse und Auswertung - 14.02.2012 (22)

Zum Thema Bundestrojaner - Liebe Trojaner-Board Community, vor ungefähr einer Woche habe ich mir einen Bundestrojaner eingefangen. Da ich nicht sehr viel von dem Thema verstehe hat mir mein Freund geholfen, und mich auf - Bundestrojaner...
Archiv
Du betrachtest: Bundestrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.