VLC Player trojaner?

Tobi-idoT · 19.02.2013, 00:13

Hallo,

leider hat auch mich vlc.de erwischt und mir startfenster.com aufs Auge gedrückt.
Könnte mir bitte jemand helfen?

markusg · 19.02.2013, 00:28

Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Tobi-idoT · 19.02.2013, 01:31

THX für die schnelle Antwort hier die OTL log eine Extra.txt find ich nicht!!!OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.02.2013 01:13:55 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Enno\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 76,94% Memory free
12,00 Gb Paging File | 10,36 Gb Available in Paging File | 86,40% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,04 Gb Total Space | 7,13 Gb Free Space | 17,80% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 5,16 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive E: | 134,15 Gb Total Space | 2,24 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
 
Computer Name: EM2015 | User Name: Enno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Enno\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Internet\Kaspersky Internet Security\avp.exe (Kaspersky Lab ZAO)
PRC - D:\Driver\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
PRC - D:\Driver\C2DtoG15\SystoG15Svc.exe (Andreas Sammann)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Internet\Kaspersky Internet Security\qtgui4.dll ()
MOD - D:\Internet\Kaspersky Internet Security\qtscript4.dll ()
MOD - D:\Internet\Kaspersky Internet Security\qtsql4.dll ()
MOD - D:\Internet\Kaspersky Internet Security\qtcore4.dll ()
MOD - D:\Internet\Kaspersky Internet Security\qtnetwork4.dll ()
MOD - D:\Internet\Kaspersky Internet Security\qtdeclarative4.dll ()
MOD - D:\Internet\Kaspersky Internet Security\imageformats\qgif4.dll ()
MOD - D:\Driver\C2DtoG15\LgLcdLibWrapper.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVP) -- D:\Internet\Kaspersky Internet Security\avp.exe (Kaspersky Lab ZAO)
SRV - (TuneUp.Defrag) -- D:\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (OODefragAgent) -- D:\Defrag Professional 15\oodag.exe (O&O Software GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SystoG15Svc) -- D:\Driver\C2DtoG15\SystoG15Svc.exe (Andreas Sammann)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- D:\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- D:\Driver\Nvidia Network Manager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- D:\Driver\Nvidia Network Manager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TuneUpUtilitiesDrv) -- D:\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinRing0_1_2_0) -- D:\Driver\C2DtoG15\WinRing0x64.sys (OpenLibSys.org)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 D7 6C 5B 22 FF CD 01  [binary data]
IE - HKU\S-1-5-21-628609525-3872644991-747859412-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-628609525-3872644991-747859412-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-628609525-3872644991-747859412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\VLC Media Player\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Video Lan Client\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Video Lan Client\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Adobe Software\Adobe Acrobat\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Internet\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru [2012.05.31 19:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Internet\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru [2012.05.31 19:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Internet\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru [2012.05.31 19:07:58 | 000,000,000 | ---D | M]
 
[2011.12.14 20:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enno\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Internet\Kaspersky Internet Security\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Internet\Kaspersky Internet Security\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Internet\Kaspersky Internet Security\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Internet\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Internet\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AVP] D:\Internet\Kaspersky Internet Security\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-628609525-3872644991-747859412-1000..\Run: [BirthdayReminder] E:\Install\My Birthday\BirthdayReminder.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Enno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = D:\Driver\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835
O7 - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O7 - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay =  [binary data]
O7 - HKU\S-1-5-21-628609525-3872644991-747859412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Internet\Kaspersky Internet Security\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Internet\Kaspersky Internet Security\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Internet\Kaspersky Internet Security\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Internet\Kaspersky Internet Security\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Internet\Kaspersky Internet Security\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Internet\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{301065DC-AC59-45A4-9329-BAC21596AA9A}: DhcpNameServer = 62.117.1.25 89.16.129.25
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e52db9d6-be25-11e1-8174-0022150a0b0d}\Shell - "" = AutoRun
O33 - MountPoints2\{e52db9d6-be25-11e1-8174-0022150a0b0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - D:\Defrag Professional 15\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.19 00:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Enno\Desktop\OTL.exe
[2013.02.18 23:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.03 00:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.03 00:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.24 22:50:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.24 02:08:59 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.19 00:34:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Enno\Desktop\OTL.exe
[2013.02.18 23:59:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.18 23:59:38 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.18 23:59:38 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.18 23:59:38 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.18 23:59:38 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.18 23:28:39 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.18 20:07:51 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 20:07:51 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 20:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 20:00:38 | 001,661,287 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.02.15 00:33:23 | 000,707,414 | ---- | M] () -- C:\Users\Enno\Desktop\IMG_20130102_1_9.VolCine.avi
[2013.02.14 01:31:06 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\VLC Player 2.0.5.lnk
[2013.02.13 16:57:59 | 000,289,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.07 14:58:32 | 000,117,694 | ---- | M] () -- C:\Users\Enno\Documents\ts3_clientui-win64-1351504843-2013-02-07 14_58_29.683000.dmp
[2013.02.06 21:19:52 | 000,113,742 | ---- | M] () -- C:\Users\Enno\Documents\ts3_clientui-win64-1351504843-2013-02-06 21_19_52.067000.dmp
[2013.02.04 23:48:35 | 000,007,591 | ---- | M] () -- C:\Users\Enno\AppData\Local\resmon.resmoncfg
[2013.01.29 01:33:08 | 000,116,052 | ---- | M] () -- C:\Users\Enno\Documents\ts3_clientui-win64-1351504843-2013-01-29 01_33_01.950000.dmp
[2013.01.25 15:19:41 | 000,000,834 | ---- | M] () -- C:\Users\Enno\Documents\CCleaner 25.01.13.reg
[2013.01.25 06:23:38 | 000,042,880 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2013.01.25 06:23:36 | 000,028,544 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2013.01.25 01:12:48 | 000,001,234 | ---- | M] () -- C:\Users\Enno\Desktop\Miranda.lnk
[2013.01.24 02:08:59 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.18 23:28:39 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.15 00:33:13 | 000,707,414 | ---- | C] () -- C:\Users\Enno\Desktop\IMG_20130102_1_9.VolCine.avi
[2013.02.08 20:45:16 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\VLC Player 2.0.5.lnk
[2013.02.07 14:58:29 | 000,117,694 | ---- | C] () -- C:\Users\Enno\Documents\ts3_clientui-win64-1351504843-2013-02-07 14_58_29.683000.dmp
[2013.02.06 21:19:52 | 000,113,742 | ---- | C] () -- C:\Users\Enno\Documents\ts3_clientui-win64-1351504843-2013-02-06 21_19_52.067000.dmp
[2013.01.29 01:33:01 | 000,116,052 | ---- | C] () -- C:\Users\Enno\Documents\ts3_clientui-win64-1351504843-2013-01-29 01_33_01.950000.dmp
[2013.01.25 15:19:39 | 000,000,834 | ---- | C] () -- C:\Users\Enno\Documents\CCleaner 25.01.13.reg
[2013.01.25 06:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2013.01.25 06:23:36 | 000,028,544 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2013.01.11 23:48:47 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.12.12 00:32:34 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.09.29 19:28:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.25 00:02:09 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.05.24 08:04:44 | 000,007,800 | ---- | C] () -- C:\Windows\cadx2.ini
[2012.05.17 22:05:00 | 000,017,408 | ---- | C] () -- C:\Users\Enno\AppData\Local\WebpageIcons.db
[2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.31 00:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 00:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 00:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 00:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 00:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.17 20:44:17 | 000,007,591 | ---- | C] () -- C:\Users\Enno\AppData\Local\resmon.resmoncfg
[2011.12.16 16:58:51 | 000,000,887 | ---- | C] () -- C:\Users\Enno\AppData\Roaming\EasyToolz.ini
[2011.12.15 01:06:55 | 000,000,600 | ---- | C] () -- C:\Users\Enno\AppData\Local\PUTTY.RND
[2011.12.14 17:34:00 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.14 17:33:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.14 17:33:58 | 000,000,290 | ---- | C] () -- C:\Windows\game.ini
[2011.12.14 16:30:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.14 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\ACD Systems
[2012.12.24 15:52:33 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\avidemux
[2012.08.25 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\Free Download Manager
[2012.08.14 20:53:10 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\GHISLER
[2013.02.16 02:15:26 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\gtk-2.0
[2013.02.17 00:32:05 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\HLSW
[2011.12.13 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\Leadertech
[2013.02.03 22:27:07 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\Opera
[2012.04.06 23:45:40 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\Samsung
[2013.02.14 00:58:26 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\TeamViewer
[2012.04.09 20:45:43 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\Temp
[2011.12.14 20:10:59 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\Thunderbird
[2012.01.16 01:15:50 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\ts3overlay
[2011.12.13 20:16:35 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\TuneUp Software
[2012.01.08 20:17:35 | 000,000,000 | ---D | M] -- C:\Users\Enno\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.12 22:04:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.12 22:03:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.03 00:49:56 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.03 00:46:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.11 23:48:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.12 22:03:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.12 22:03:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.19 01:14:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.02 20:17:28 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.12 22:03:46 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.06 01:57:53 | 000,000,000 | ---D | M] -- C:\Wincmd
[2013.02.08 20:56:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.06.11 00:58:52 | 000,421,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcp100.dll
[2011.06.11 00:58:52 | 000,773,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcr100.dll
 
< %USERPROFILE%\*.* >
[2013.02.19 01:14:47 | 001,835,008 | ---- | M] () -- C:\Users\Enno\ntuser.dat
[2013.02.19 01:14:46 | 000,262,144 | -HS- | M] () -- C:\Users\Enno\ntuser.dat.LOG1
[2011.12.12 22:03:46 | 000,000,000 | -HS- | M] () -- C:\Users\Enno\ntuser.dat.LOG2
[2012.01.02 15:33:18 | 000,000,000 | -HS- | M] () -- C:\Users\Enno\NTUSER.DAT_tureg_new.LOG1
[2012.01.02 15:33:18 | 000,000,000 | -HS- | M] () -- C:\Users\Enno\NTUSER.DAT_tureg_new.LOG2
[2013.01.13 23:43:41 | 001,835,008 | ---- | M] () -- C:\Users\Enno\NTUSER.DAT_tureg_old
[2011.12.12 22:33:16 | 000,065,536 | -HS- | M] () -- C:\Users\Enno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.12 22:33:16 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.12 22:33:16 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.21 02:18:46 | 000,065,536 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{3942430f-2b4f-11e1-baf4-0022150a0b0d}.TM.blf
[2011.12.21 02:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{3942430f-2b4f-11e1-baf4-0022150a0b0d}.TMContainer00000000000000000001.regtrans-ms
[2011.12.21 02:18:46 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{3942430f-2b4f-11e1-baf4-0022150a0b0d}.TMContainer00000000000000000002.regtrans-ms
[2012.01.02 15:46:49 | 000,065,536 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{890847ec-354e-11e1-b3d8-806e6f6e6963}.TM.blf
[2012.01.02 15:46:49 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{890847ec-354e-11e1-b3d8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012.01.02 15:46:49 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{890847ec-354e-11e1-b3d8-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2012.02.23 18:09:35 | 000,065,536 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{8b9c8c8c-5e40-11e1-806b-806e6f6e6963}.TM.blf
[2012.02.23 18:09:35 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{8b9c8c8c-5e40-11e1-806b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012.02.23 18:09:35 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{8b9c8c8c-5e40-11e1-806b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2012.02.01 03:25:32 | 000,065,536 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{9f9b1a2c-4c7b-11e1-baeb-806e6f6e6963}.TM.blf
[2012.02.01 03:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{9f9b1a2c-4c7b-11e1-baeb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012.02.01 03:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{9f9b1a2c-4c7b-11e1-baeb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2013.01.14 04:10:50 | 000,065,536 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{c0edf631-5dd2-11e2-9b36-806e6f6e6963}.TM.blf
[2013.01.14 04:10:50 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{c0edf631-5dd2-11e2-9b36-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2013.01.14 04:10:50 | 000,524,288 | -HS- | M] () -- C:\Users\Enno\ntuser.dat{c0edf631-5dd2-11e2-9b36-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2011.12.12 22:03:46 | 000,000,020 | -HS- | M] () -- C:\Users\Enno\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

markusg · 19.02.2013, 16:55

Hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Tobi-idoT · 19.02.2013, 20:11

20:08:18.0545 1592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:08:18.0747 1592 ============================================================
20:08:18.0747 1592 Current date / time: 2013/02/19 20:08:18.0747
20:08:18.0747 1592 SystemInfo:
20:08:18.0747 1592
20:08:18.0747 1592 OS Version: 6.1.7601 ServicePack: 1.0
20:08:18.0747 1592 Product type: Workstation
20:08:18.0747 1592 ComputerName: EM2015
20:08:18.0747 1592 UserName: Enno
20:08:18.0747 1592 Windows directory: C:\Windows
20:08:18.0747 1592 System windows directory: C:\Windows
20:08:18.0747 1592 Running under WOW64
20:08:18.0747 1592 Processor architecture: Intel x64
20:08:18.0747 1592 Number of processors: 4
20:08:18.0747 1592 Page size: 0x1000
20:08:18.0747 1592 Boot type: Normal boot
20:08:18.0747 1592 ============================================================
20:08:21.0025 1592 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:08:21.0025 1592 ============================================================
20:08:21.0025 1592 \Device\Harddisk0\DR0:
20:08:21.0025 1592 MBR partitions:
20:08:21.0025 1592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:08:21.0025 1592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5014000
20:08:21.0025 1592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5046800, BlocksNum 0x7530000
20:08:21.0025 1592 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC576800, BlocksNum 0x10C4E800
20:08:21.0025 1592 ============================================================
20:08:21.0056 1592 C: <-> \Device\Harddisk0\DR0\Partition2
20:08:21.0103 1592 D: <-> \Device\Harddisk0\DR0\Partition3
20:08:21.0321 1592 E: <-> \Device\Harddisk0\DR0\Partition4
20:08:21.0321 1592 ============================================================
20:08:21.0321 1592 Initialize success
20:08:21.0321 1592 ============================================================
20:08:32.0818 3860 ============================================================
20:08:32.0818 3860 Scan started
20:08:32.0818 3860 Mode: Manual; SigCheck; TDLFS;
20:08:32.0818 3860 ============================================================
20:08:34.0082 3860 ================ Scan system memory ========================
20:08:34.0082 3860 System memory - ok
20:08:34.0082 3860 ================ Scan services =============================
20:08:34.0253 3860 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:08:34.0425 3860 1394ohci - ok
20:08:34.0456 3860 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:08:34.0487 3860 ACPI - ok
20:08:34.0503 3860 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:08:34.0581 3860 AcpiPmi - ok
20:08:34.0674 3860 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:08:34.0690 3860 AdobeARMservice - ok
20:08:34.0721 3860 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:08:34.0768 3860 adp94xx - ok
20:08:34.0768 3860 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:08:34.0799 3860 adpahci - ok
20:08:34.0799 3860 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:08:34.0815 3860 adpu320 - ok
20:08:34.0846 3860 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:08:34.0986 3860 AeLookupSvc - ok
20:08:35.0018 3860 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:08:35.0096 3860 AFD - ok
20:08:35.0127 3860 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:08:35.0142 3860 agp440 - ok
20:08:35.0174 3860 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:08:35.0205 3860 ALG - ok
20:08:35.0220 3860 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:08:35.0236 3860 aliide - ok
20:08:35.0283 3860 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:08:35.0330 3860 AMD External Events Utility - ok
20:08:35.0330 3860 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:08:35.0345 3860 amdide - ok
20:08:35.0361 3860 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:08:35.0392 3860 AmdK8 - ok
20:08:35.0829 3860 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:08:36.0125 3860 amdkmdag - ok
20:08:36.0156 3860 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:08:36.0188 3860 amdkmdap - ok
20:08:36.0219 3860 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:08:36.0266 3860 AmdPPM - ok
20:08:36.0266 3860 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:08:36.0297 3860 amdsata - ok
20:08:36.0297 3860 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:08:36.0312 3860 amdsbs - ok
20:08:36.0328 3860 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:08:36.0344 3860 amdxata - ok
20:08:36.0359 3860 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:08:36.0515 3860 AppID - ok
20:08:36.0546 3860 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:08:36.0609 3860 AppIDSvc - ok
20:08:36.0640 3860 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:08:36.0687 3860 Appinfo - ok
20:08:36.0702 3860 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:08:36.0734 3860 AppMgmt - ok
20:08:36.0749 3860 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:08:36.0765 3860 arc - ok
20:08:36.0765 3860 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:08:36.0780 3860 arcsas - ok
20:08:36.0796 3860 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:08:36.0858 3860 AsyncMac - ok
20:08:36.0890 3860 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:08:36.0890 3860 atapi - ok
20:08:37.0716 3860 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:08:37.0841 3860 atikmdag - ok
20:08:37.0904 3860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:08:37.0997 3860 AudioEndpointBuilder - ok
20:08:38.0013 3860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:08:38.0044 3860 AudioSrv - ok
20:08:38.0200 3860 [ 38AE54966E8C0004F20965BBC00F74FB ] AVP D:\Internet\Kaspersky Internet Security\avp.exe
20:08:38.0247 3860 AVP - ok
20:08:38.0278 3860 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:08:38.0325 3860 AxInstSV - ok
20:08:38.0356 3860 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:08:38.0403 3860 b06bdrv - ok
20:08:38.0434 3860 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:08:38.0465 3860 b57nd60a - ok
20:08:38.0496 3860 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:08:38.0543 3860 BDESVC - ok
20:08:38.0559 3860 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:08:38.0621 3860 Beep - ok
20:08:38.0730 3860 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:08:38.0793 3860 BFE - ok
20:08:38.0840 3860 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:08:38.0933 3860 BITS - ok
20:08:38.0949 3860 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:08:38.0964 3860 blbdrive - ok
20:08:38.0996 3860 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:08:39.0027 3860 bowser - ok
20:08:39.0058 3860 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:08:39.0120 3860 BrFiltLo - ok
20:08:39.0120 3860 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:08:39.0136 3860 BrFiltUp - ok
20:08:39.0183 3860 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:08:39.0198 3860 Browser - ok
20:08:39.0230 3860 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:08:39.0261 3860 Brserid - ok
20:08:39.0276 3860 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:08:39.0292 3860 BrSerWdm - ok
20:08:39.0308 3860 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:08:39.0339 3860 BrUsbMdm - ok
20:08:39.0339 3860 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:08:39.0354 3860 BrUsbSer - ok
20:08:39.0370 3860 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:08:39.0386 3860 BTHMODEM - ok
20:08:39.0401 3860 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:08:39.0464 3860 bthserv - ok
20:08:39.0479 3860 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:08:39.0510 3860 cdfs - ok
20:08:39.0542 3860 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:08:39.0573 3860 cdrom - ok
20:08:39.0588 3860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:08:39.0635 3860 CertPropSvc - ok
20:08:39.0651 3860 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:08:39.0682 3860 circlass - ok
20:08:39.0698 3860 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:08:39.0713 3860 CLFS - ok
20:08:39.0776 3860 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:08:39.0807 3860 clr_optimization_v2.0.50727_32 - ok
20:08:39.0838 3860 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:08:39.0869 3860 clr_optimization_v2.0.50727_64 - ok
20:08:39.0900 3860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:08:39.0916 3860 clr_optimization_v4.0.30319_32 - ok
20:08:39.0932 3860 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:08:39.0947 3860 clr_optimization_v4.0.30319_64 - ok
20:08:39.0994 3860 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:08:40.0025 3860 CmBatt - ok
20:08:40.0041 3860 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:08:40.0056 3860 cmdide - ok
20:08:40.0103 3860 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:08:40.0166 3860 CNG - ok
20:08:40.0166 3860 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:08:40.0181 3860 Compbatt - ok
20:08:40.0197 3860 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:08:40.0212 3860 CompositeBus - ok
20:08:40.0212 3860 COMSysApp - ok
20:08:40.0228 3860 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:08:40.0244 3860 crcdisk - ok
20:08:40.0259 3860 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:08:40.0290 3860 CryptSvc - ok
20:08:40.0322 3860 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:08:40.0384 3860 CSC - ok
20:08:40.0431 3860 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:08:40.0478 3860 CscService - ok
20:08:40.0524 3860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:08:40.0587 3860 DcomLaunch - ok
20:08:40.0618 3860 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:08:40.0665 3860 defragsvc - ok
20:08:40.0696 3860 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:08:40.0758 3860 DfsC - ok
20:08:40.0790 3860 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:08:40.0821 3860 Dhcp - ok
20:08:40.0836 3860 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:08:40.0868 3860 discache - ok
20:08:40.0868 3860 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:08:40.0883 3860 Disk - ok
20:08:40.0899 3860 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:08:40.0946 3860 Dnscache - ok
20:08:40.0961 3860 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:08:41.0024 3860 dot3svc - ok
20:08:41.0055 3860 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:08:41.0086 3860 DPS - ok
20:08:41.0117 3860 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:08:41.0148 3860 drmkaud - ok
20:08:41.0180 3860 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:08:41.0211 3860 DXGKrnl - ok
20:08:41.0226 3860 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:08:41.0273 3860 EapHost - ok
20:08:41.0351 3860 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:08:41.0492 3860 ebdrv - ok
20:08:41.0523 3860 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:08:41.0570 3860 EFS - ok
20:08:41.0601 3860 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:08:41.0663 3860 ehRecvr - ok
20:08:41.0679 3860 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:08:41.0710 3860 ehSched - ok
20:08:41.0741 3860 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:08:41.0788 3860 elxstor - ok
20:08:41.0788 3860 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:08:41.0804 3860 ErrDev - ok
20:08:41.0850 3860 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:08:41.0913 3860 EventSystem - ok
20:08:41.0960 3860 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:08:42.0022 3860 exfat - ok
20:08:42.0038 3860 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:08:42.0084 3860 fastfat - ok
20:08:42.0084 3860 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:08:42.0100 3860 fdc - ok
20:08:42.0116 3860 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:08:42.0147 3860 fdPHost - ok
20:08:42.0162 3860 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:08:42.0209 3860 FDResPub - ok
20:08:42.0225 3860 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:08:42.0240 3860 FileInfo - ok
20:08:42.0240 3860 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:08:42.0287 3860 Filetrace - ok
20:08:42.0303 3860 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:08:42.0318 3860 flpydisk - ok
20:08:42.0334 3860 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:08:42.0350 3860 FltMgr - ok
20:08:42.0396 3860 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:08:42.0459 3860 FontCache - ok
20:08:42.0521 3860 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:42.0552 3860 FontCache3.0.0.0 - ok
20:08:42.0693 3860 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) D:\Driver\Nvidia Network Manager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
20:08:42.0740 3860 ForceWare Intelligent Application Manager (IAM) - ok
20:08:42.0740 3860 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:08:42.0755 3860 FsDepends - ok
20:08:42.0771 3860 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:08:42.0786 3860 Fs_Rec - ok
20:08:42.0802 3860 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:08:42.0833 3860 fvevol - ok
20:08:42.0833 3860 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:08:42.0849 3860 gagp30kx - ok
20:08:42.0927 3860 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:08:42.0989 3860 gpsvc - ok
20:08:43.0005 3860 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:08:43.0036 3860 hcw85cir - ok
20:08:43.0052 3860 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:08:43.0083 3860 HdAudAddService - ok
20:08:43.0098 3860 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:08:43.0114 3860 HDAudBus - ok
20:08:43.0130 3860 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:08:43.0145 3860 HidBatt - ok
20:08:43.0145 3860 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:08:43.0176 3860 HidBth - ok
20:08:43.0176 3860 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:08:43.0192 3860 HidIr - ok
20:08:43.0208 3860 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:08:43.0254 3860 hidserv - ok
20:08:43.0301 3860 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:08:43.0317 3860 HidUsb - ok
20:08:43.0348 3860 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:08:43.0395 3860 hkmsvc - ok
20:08:43.0410 3860 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:08:43.0442 3860 HomeGroupListener - ok
20:08:43.0473 3860 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:08:43.0488 3860 HomeGroupProvider - ok
20:08:43.0504 3860 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:08:43.0520 3860 HpSAMD - ok
20:08:43.0566 3860 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:08:43.0629 3860 HTTP - ok
20:08:43.0644 3860 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:08:43.0660 3860 hwpolicy - ok
20:08:43.0691 3860 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:08:43.0722 3860 i8042prt - ok
20:08:43.0738 3860 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:08:43.0754 3860 iaStorV - ok
20:08:43.0800 3860 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:43.0847 3860 idsvc - ok
20:08:43.0863 3860 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:08:43.0878 3860 iirsp - ok
20:08:43.0910 3860 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:08:43.0972 3860 IKEEXT - ok
20:08:44.0144 3860 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:08:44.0190 3860 IntcAzAudAddService - ok
20:08:44.0206 3860 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:08:44.0237 3860 intelide - ok
20:08:44.0253 3860 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:08:44.0268 3860 intelppm - ok
20:08:44.0300 3860 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:08:44.0346 3860 IPBusEnum - ok
20:08:44.0378 3860 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:44.0440 3860 IpFilterDriver - ok
20:08:44.0471 3860 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:08:44.0518 3860 iphlpsvc - ok
20:08:44.0534 3860 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:08:44.0565 3860 IPMIDRV - ok
20:08:44.0580 3860 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:08:44.0643 3860 IPNAT - ok
20:08:44.0643 3860 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:08:44.0674 3860 IRENUM - ok
20:08:44.0674 3860 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:08:44.0690 3860 isapnp - ok
20:08:44.0705 3860 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:08:44.0721 3860 iScsiPrt - ok
20:08:44.0736 3860 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:08:44.0752 3860 kbdclass - ok
20:08:44.0768 3860 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:08:44.0783 3860 kbdhid - ok
20:08:44.0799 3860 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:08:44.0814 3860 KeyIso - ok
20:08:44.0846 3860 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
20:08:44.0877 3860 KL1 - ok
20:08:44.0877 3860 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
20:08:44.0892 3860 kl2 - ok
20:08:44.0924 3860 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:08:44.0955 3860 KLIF - ok
20:08:44.0986 3860 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:08:45.0002 3860 KLIM6 - ok
20:08:45.0017 3860 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:08:45.0033 3860 klmouflt - ok
20:08:45.0064 3860 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:08:45.0080 3860 KSecDD - ok
20:08:45.0111 3860 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:08:45.0126 3860 KSecPkg - ok
20:08:45.0158 3860 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:08:45.0204 3860 ksthunk - ok
20:08:45.0220 3860 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:08:45.0298 3860 KtmRm - ok
20:08:45.0329 3860 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:08:45.0376 3860 LanmanServer - ok
20:08:45.0392 3860 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:08:45.0438 3860 LanmanWorkstation - ok
20:08:45.0532 3860 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:08:45.0563 3860 LBTServ - ok
20:08:45.0594 3860 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
20:08:45.0610 3860 LGBusEnum - ok
20:08:45.0641 3860 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
20:08:45.0641 3860 LGVirHid - ok
20:08:45.0672 3860 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:08:45.0688 3860 LHidFilt - ok
20:08:45.0719 3860 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:08:45.0735 3860 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:08:45.0735 3860 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:08:45.0766 3860 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:08:45.0813 3860 lltdio - ok
20:08:45.0875 3860 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:08:45.0953 3860 lltdsvc - ok
20:08:45.0969 3860 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:08:46.0000 3860 lmhosts - ok
20:08:46.0047 3860 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:08:46.0062 3860 LMouFilt - ok
20:08:46.0094 3860 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:08:46.0109 3860 LSI_FC - ok
20:08:46.0125 3860 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:08:46.0140 3860 LSI_SAS - ok
20:08:46.0140 3860 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:08:46.0156 3860 LSI_SAS2 - ok
20:08:46.0156 3860 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:08:46.0172 3860 LSI_SCSI - ok
20:08:46.0187 3860 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:08:46.0218 3860 luafv - ok
20:08:46.0250 3860 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:08:46.0281 3860 Mcx2Svc - ok
20:08:46.0296 3860 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:08:46.0312 3860 megasas - ok
20:08:46.0328 3860 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:08:46.0343 3860 MegaSR - ok
20:08:46.0374 3860 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:08:46.0421 3860 MMCSS - ok
20:08:46.0421 3860 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:08:46.0452 3860 Modem - ok
20:08:46.0468 3860 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:08:46.0499 3860 monitor - ok
20:08:46.0530 3860 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:08:46.0546 3860 mouclass - ok
20:08:46.0562 3860 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:08:46.0577 3860 mouhid - ok
20:08:46.0608 3860 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:08:46.0624 3860 mountmgr - ok
20:08:46.0640 3860 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:08:46.0655 3860 mpio - ok
20:08:46.0671 3860 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:08:46.0702 3860 mpsdrv - ok
20:08:46.0780 3860 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:08:46.0842 3860 MpsSvc - ok
20:08:46.0905 3860 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:08:46.0952 3860 MRxDAV - ok
20:08:46.0967 3860 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:47.0014 3860 mrxsmb - ok
20:08:47.0014 3860 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:47.0045 3860 mrxsmb10 - ok
20:08:47.0045 3860 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:47.0076 3860 mrxsmb20 - ok
20:08:47.0092 3860 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:08:47.0108 3860 msahci - ok
20:08:47.0123 3860 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:08:47.0139 3860 msdsm - ok
20:08:47.0154 3860 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:08:47.0170 3860 MSDTC - ok
20:08:47.0201 3860 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:08:47.0232 3860 Msfs - ok
20:08:47.0232 3860 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:08:47.0279 3860 mshidkmdf - ok
20:08:47.0279 3860 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:08:47.0295 3860 msisadrv - ok
20:08:47.0310 3860 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:08:47.0342 3860 MSiSCSI - ok
20:08:47.0342 3860 msiserver - ok
20:08:47.0373 3860 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:08:47.0404 3860 MSKSSRV - ok
20:08:47.0420 3860 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:47.0466 3860 MSPCLOCK - ok
20:08:47.0466 3860 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:08:47.0498 3860 MSPQM - ok
20:08:47.0529 3860 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:08:47.0544 3860 MsRPC - ok
20:08:47.0560 3860 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:08:47.0576 3860 mssmbios - ok
20:08:47.0576 3860 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:08:47.0622 3860 MSTEE - ok
20:08:47.0638 3860 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:08:47.0669 3860 MTConfig - ok
20:08:47.0685 3860 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:08:47.0716 3860 MTsensor - ok
20:08:47.0732 3860 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:08:47.0747 3860 Mup - ok
20:08:47.0778 3860 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:08:47.0825 3860 napagent - ok
20:08:47.0856 3860 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:08:47.0888 3860 NativeWifiP - ok
20:08:47.0950 3860 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:08:47.0997 3860 NDIS - ok
20:08:48.0012 3860 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:48.0044 3860 NdisCap - ok
20:08:48.0059 3860 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:48.0106 3860 NdisTapi - ok
20:08:48.0122 3860 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:48.0184 3860 Ndisuio - ok
20:08:48.0184 3860 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:48.0231 3860 NdisWan - ok
20:08:48.0262 3860 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:08:48.0309 3860 NDProxy - ok
20:08:48.0527 3860 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:08:48.0590 3860 Nero BackItUp Scheduler 4.0 - ok
20:08:48.0605 3860 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:08:48.0652 3860 NetBIOS - ok
20:08:48.0683 3860 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:08:48.0730 3860 NetBT - ok
20:08:48.0730 3860 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:08:48.0746 3860 Netlogon - ok
20:08:48.0777 3860 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:08:48.0824 3860 Netman - ok
20:08:48.0839 3860 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:08:48.0917 3860 netprofm - ok
20:08:48.0948 3860 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:08:48.0964 3860 NetTcpPortSharing - ok
20:08:48.0980 3860 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:08:48.0995 3860 nfrd960 - ok
20:08:49.0026 3860 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:08:49.0058 3860 NlaSvc - ok
20:08:49.0073 3860 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:08:49.0120 3860 Npfs - ok
20:08:49.0136 3860 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:08:49.0182 3860 nsi - ok
20:08:49.0182 3860 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:08:49.0229 3860 nsiproxy - ok
20:08:49.0292 3860 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp D:\Driver\Nvidia Network Manager\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
20:08:49.0323 3860 nSvcIp - ok
20:08:49.0510 3860 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:08:49.0588 3860 Ntfs - ok
20:08:49.0619 3860 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:08:49.0650 3860 Null - ok
20:08:49.0682 3860 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
20:08:49.0728 3860 NVENETFD - ok
20:08:49.0728 3860 NVHDA - ok
20:08:51.0054 3860 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:08:51.0382 3860 nvlddmkm - ok
20:08:51.0429 3860 [ 956A1F47826514C1EA0C295FE13C7377 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
20:08:51.0444 3860 NVNET - ok
20:08:51.0460 3860 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:08:51.0491 3860 nvraid - ok
20:08:51.0507 3860 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:08:51.0522 3860 nvstor - ok
20:08:51.0554 3860 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
20:08:51.0569 3860 nvstor64 - ok
20:08:51.0585 3860 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:08:51.0600 3860 nv_agp - ok
20:08:51.0600 3860 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:08:51.0616 3860 ohci1394 - ok
20:08:51.0741 3860 [ 2E71117CE9F783A7F3EB763E23DADE61 ] OODefragAgent D:\Defrag Professional 15\oodag.exe
20:08:51.0850 3860 OODefragAgent - ok
20:08:51.0897 3860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:08:51.0928 3860 p2pimsvc - ok
20:08:51.0944 3860 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:08:51.0975 3860 p2psvc - ok
20:08:51.0975 3860 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:08:51.0990 3860 Parport - ok
20:08:52.0022 3860 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:08:52.0037 3860 partmgr - ok
20:08:52.0053 3860 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:08:52.0068 3860 PcaSvc - ok
20:08:52.0084 3860 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:08:52.0100 3860 pci - ok
20:08:52.0115 3860 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:08:52.0131 3860 pciide - ok
20:08:52.0146 3860 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:08:52.0162 3860 pcmcia - ok
20:08:52.0178 3860 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:08:52.0193 3860 pcw - ok
20:08:52.0240 3860 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:08:52.0318 3860 PEAUTH - ok
20:08:52.0365 3860 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:08:52.0412 3860 PeerDistSvc - ok
20:08:52.0490 3860 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:08:52.0521 3860 PerfHost - ok
20:08:52.0568 3860 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:08:52.0677 3860 pla - ok
20:08:52.0708 3860 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:08:52.0739 3860 PlugPlay - ok
20:08:52.0739 3860 PnkBstrA - ok
20:08:52.0770 3860 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:08:52.0802 3860 PNRPAutoReg - ok
20:08:52.0817 3860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:08:52.0848 3860 PNRPsvc - ok
20:08:52.0880 3860 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:08:52.0942 3860 PolicyAgent - ok
20:08:52.0958 3860 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:08:53.0004 3860 Power - ok
20:08:53.0036 3860 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:08:53.0082 3860 PptpMiniport - ok
20:08:53.0114 3860 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:08:53.0145 3860 Processor - ok
20:08:53.0192 3860 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:08:53.0223 3860 ProfSvc - ok
20:08:53.0238 3860 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:08:53.0254 3860 ProtectedStorage - ok
20:08:53.0285 3860 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:08:53.0332 3860 Psched - ok
20:08:53.0379 3860 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:08:53.0441 3860 ql2300 - ok
20:08:53.0457 3860 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:08:53.0472 3860 ql40xx - ok
20:08:53.0488 3860 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:08:53.0504 3860 QWAVE - ok
20:08:53.0519 3860 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:08:53.0535 3860 QWAVEdrv - ok
20:08:53.0550 3860 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:08:53.0582 3860 RasAcd - ok
20:08:53.0613 3860 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:53.0644 3860 RasAgileVpn - ok
20:08:53.0644 3860 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:08:53.0675 3860 RasAuto - ok
20:08:53.0691 3860 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:53.0738 3860 Rasl2tp - ok
20:08:53.0769 3860 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:08:53.0816 3860 RasMan - ok
20:08:53.0831 3860 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:53.0878 3860 RasPppoe - ok
20:08:53.0894 3860 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:08:53.0940 3860 RasSstp - ok
20:08:53.0956 3860 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:08:54.0003 3860 rdbss - ok
20:08:54.0003 3860 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:54.0018 3860 rdpbus - ok
20:08:54.0034 3860 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:54.0065 3860 RDPCDD - ok
20:08:54.0096 3860 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:08:54.0112 3860 RDPDR - ok
20:08:54.0128 3860 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:08:54.0159 3860 RDPENCDD - ok
20:08:54.0174 3860 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:08:54.0206 3860 RDPREFMP - ok
20:08:54.0237 3860 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:08:54.0268 3860 RdpVideoMiniport - ok
20:08:54.0299 3860 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:08:54.0315 3860 RDPWD - ok
20:08:54.0346 3860 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:08:54.0362 3860 rdyboost - ok
20:08:54.0393 3860 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:08:54.0455 3860 RemoteAccess - ok
20:08:54.0471 3860 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:08:54.0518 3860 RemoteRegistry - ok
20:08:54.0533 3860 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:08:54.0580 3860 RpcEptMapper - ok
20:08:54.0596 3860 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:08:54.0611 3860 RpcLocator - ok
20:08:54.0627 3860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:08:54.0658 3860 RpcSs - ok
20:08:54.0689 3860 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:08:54.0752 3860 rspndr - ok
20:08:54.0783 3860 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:08:54.0798 3860 s3cap - ok
20:08:54.0814 3860 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:08:54.0830 3860 SamSs - ok
20:08:54.0861 3860 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:08:54.0876 3860 sbp2port - ok
20:08:54.0908 3860 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:08:54.0939 3860 SCardSvr - ok
20:08:54.0954 3860 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:08:55.0001 3860 scfilter - ok
20:08:55.0032 3860 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:08:55.0126 3860 Schedule - ok
20:08:55.0157 3860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:08:55.0188 3860 SCPolicySvc - ok
20:08:55.0204 3860 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:08:55.0235 3860 SDRSVC - ok
20:08:55.0251 3860 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:08:55.0313 3860 secdrv - ok
20:08:55.0329 3860 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:08:55.0360 3860 seclogon - ok
20:08:55.0391 3860 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:08:55.0422 3860 SENS - ok
20:08:55.0438 3860 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:08:55.0454 3860 SensrSvc - ok
20:08:55.0469 3860 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:08:55.0485 3860 Serenum - ok
20:08:55.0500 3860 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:08:55.0516 3860 Serial - ok
20:08:55.0516 3860 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:08:55.0532 3860 sermouse - ok
20:08:55.0563 3860 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:08:55.0594 3860 SessionEnv - ok
20:08:55.0610 3860 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:08:55.0625 3860 sffdisk - ok
20:08:55.0641 3860 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:08:55.0656 3860 sffp_mmc - ok
20:08:55.0656 3860 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:08:55.0672 3860 sffp_sd - ok
20:08:55.0672 3860 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:08:55.0703 3860 sfloppy - ok
20:08:55.0734 3860 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:08:55.0781 3860 SharedAccess - ok
20:08:55.0812 3860 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:08:55.0875 3860 ShellHWDetection - ok
20:08:55.0890 3860 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:08:55.0890 3860 SiSRaid2 - ok
20:08:55.0906 3860 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:08:55.0922 3860 SiSRaid4 - ok
20:08:55.0922 3860 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:08:55.0968 3860 Smb - ok
20:08:56.0000 3860 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:08:56.0015 3860 SNMPTRAP - ok
20:08:56.0046 3860 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:08:56.0046 3860 spldr - ok
20:08:56.0078 3860 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:08:56.0124 3860 Spooler - ok
20:08:56.0608 3860 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:08:56.0748 3860 sppsvc - ok
20:08:56.0780 3860 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:08:56.0811 3860 sppuinotify - ok
20:08:56.0889 3860 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:08:56.0967 3860 srv - ok
20:08:57.0029 3860 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:08:57.0092 3860 srv2 - ok
20:08:57.0107 3860 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:08:57.0138 3860 srvnet - ok
20:08:57.0170 3860 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
20:08:57.0201 3860 ssadbus - ok
20:08:57.0216 3860 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:08:57.0248 3860 ssadmdfl - ok
20:08:57.0263 3860 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
20:08:57.0279 3860 ssadmdm - ok
20:08:57.0310 3860 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:08:57.0357 3860 SSDPSRV - ok
20:08:57.0388 3860 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:08:57.0435 3860 SstpSvc - ok
20:08:57.0450 3860 Steam Client Service - ok
20:08:57.0466 3860 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:08:57.0466 3860 stexstor - ok
20:08:57.0497 3860 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:08:57.0560 3860 stisvc - ok
20:08:57.0591 3860 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:08:57.0591 3860 storflt - ok
20:08:57.0622 3860 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:08:57.0638 3860 StorSvc - ok
20:08:57.0638 3860 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:08:57.0653 3860 storvsc - ok
20:08:57.0669 3860 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:08:57.0684 3860 swenum - ok
20:08:57.0716 3860 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:08:57.0762 3860 swprv - ok
20:08:58.0043 3860 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:08:58.0106 3860 SysMain - ok
20:08:58.0152 3860 [ 3E5A277622E689068D8D2C0D98316A32 ] SystoG15Svc D:\Driver\C2DtoG15\SystoG15Svc.exe
20:08:58.0168 3860 SystoG15Svc ( UnsignedFile.Multi.Generic ) - warning
20:08:58.0168 3860 SystoG15Svc - detected UnsignedFile.Multi.Generic (1)
20:08:58.0184 3860 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:08:58.0230 3860 TabletInputService - ok
20:08:58.0230 3860 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:08:58.0293 3860 TapiSrv - ok
20:08:58.0293 3860 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:08:58.0340 3860 TBS - ok
20:08:58.0683 3860 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:08:58.0761 3860 Tcpip - ok
20:08:58.0808 3860 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:08:58.0839 3860 TCPIP6 - ok
20:08:58.0886 3860 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:08:58.0901 3860 tcpipreg - ok
20:08:58.0948 3860 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:08:58.0964 3860 TDPIPE - ok
20:08:58.0979 3860 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:08:58.0995 3860 TDTCP - ok
20:08:59.0026 3860 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:08:59.0057 3860 tdx - ok
20:08:59.0229 3860 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:08:59.0322 3860 TeamViewer7 - ok
20:08:59.0338 3860 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:08:59.0369 3860 TermDD - ok
20:08:59.0510 3860 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:08:59.0588 3860 TermService - ok
20:08:59.0603 3860 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:08:59.0650 3860 Themes - ok
20:08:59.0666 3860 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:08:59.0697 3860 THREADORDER - ok
20:08:59.0712 3860 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:08:59.0759 3860 TrkWks - ok
20:08:59.0806 3860 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:08:59.0868 3860 TrustedInstaller - ok
20:08:59.0884 3860 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:59.0915 3860 tssecsrv - ok
20:08:59.0946 3860 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:08:59.0978 3860 TsUsbFlt - ok
20:09:00.0040 3860 [ E78BFED571B62D4D8B299902939C1D95 ] TuneUp.Defrag D:\TuneUp Utilities 2010\TuneUpDefragService.exe
20:09:00.0071 3860 TuneUp.Defrag - ok
20:09:00.0430 3860 [ 6842DF1C70E5C53B24352D03044E5FB2 ] TuneUp.UtilitiesSvc D:\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
20:09:00.0477 3860 TuneUp.UtilitiesSvc - ok
20:09:00.0508 3860 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv D:\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
20:09:00.0539 3860 TuneUpUtilitiesDrv - ok
20:09:00.0555 3860 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:09:00.0602 3860 tunnel - ok
20:09:00.0633 3860 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:09:00.0633 3860 uagp35 - ok
20:09:00.0664 3860 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:09:00.0711 3860 udfs - ok
20:09:00.0742 3860 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:09:00.0773 3860 UI0Detect - ok
20:09:00.0773 3860 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:09:00.0789 3860 uliagpkx - ok
20:09:00.0804 3860 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:09:00.0836 3860 umbus - ok
20:09:00.0851 3860 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:09:00.0851 3860 UmPass - ok
20:09:00.0882 3860 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:09:00.0898 3860 UmRdpService - ok
20:09:00.0914 3860 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:09:00.0960 3860 upnphost - ok
20:09:00.0960 3860 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:09:00.0992 3860 usbaudio - ok
20:09:01.0007 3860 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:01.0038 3860 usbccgp - ok
20:09:01.0054 3860 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:09:01.0070 3860 usbcir - ok
20:09:01.0085 3860 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:09:01.0101 3860 usbehci - ok
20:09:01.0132 3860 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:09:01.0148 3860 usbhub - ok
20:09:01.0179 3860 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:09:01.0210 3860 usbohci - ok
20:09:01.0226 3860 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:09:01.0272 3860 usbprint - ok
20:09:01.0288 3860 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:01.0304 3860 USBSTOR - ok
20:09:01.0304 3860 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:09:01.0335 3860 usbuhci - ok
20:09:01.0350 3860 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:09:01.0366 3860 usbvideo - ok
20:09:01.0382 3860 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:09:01.0428 3860 UxSms - ok
20:09:01.0444 3860 [ F10E3434396B76C7E0413975262FAC13 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
20:09:01.0460 3860 UxTuneUp - ok
20:09:01.0475 3860 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:09:01.0491 3860 VaultSvc - ok
20:09:01.0506 3860 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:09:01.0538 3860 vdrvroot - ok
20:09:01.0600 3860 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:09:01.0678 3860 vds - ok
20:09:01.0709 3860 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:01.0725 3860 vga - ok
20:09:01.0740 3860 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:09:01.0787 3860 VgaSave - ok
20:09:01.0803 3860 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:09:01.0818 3860 vhdmp - ok
20:09:01.0834 3860 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:09:01.0834 3860 viaide - ok
20:09:01.0850 3860 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:09:01.0865 3860 vmbus - ok
20:09:01.0865 3860 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:09:01.0896 3860 VMBusHID - ok
20:09:01.0896 3860 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:09:01.0912 3860 volmgr - ok
20:09:01.0928 3860 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:09:01.0943 3860 volmgrx - ok
20:09:01.0974 3860 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:09:01.0990 3860 volsnap - ok
20:09:02.0021 3860 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
20:09:02.0052 3860 vpcbus - ok
20:09:02.0068 3860 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:09:02.0084 3860 vpcnfltr - ok
20:09:02.0099 3860 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
20:09:02.0115 3860 vpcusb - ok
20:09:02.0146 3860 [ 14578FF302B4C985C9740A0F327AE3C0 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
20:09:02.0177 3860 vpcuxd - ok
20:09:02.0193 3860 [ C5B651E52540E6F46DA66574C74B4898 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
20:09:02.0208 3860 vpcvmm - ok
20:09:02.0240 3860 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:09:02.0255 3860 vsmraid - ok
20:09:02.0349 3860 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:09:02.0458 3860 VSS - ok
20:09:02.0458 3860 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:09:02.0489 3860 vwifibus - ok
20:09:02.0505 3860 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:09:02.0583 3860 W32Time - ok
20:09:02.0614 3860 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:09:02.0630 3860 WacomPen - ok
20:09:02.0645 3860 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:09:02.0692 3860 WANARP - ok
20:09:02.0692 3860 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:09:02.0723 3860 Wanarpv6 - ok
20:09:02.0957 3860 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:09:03.0020 3860 WatAdminSvc - ok
20:09:03.0066 3860 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:09:03.0144 3860 wbengine - ok
20:09:03.0176 3860 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:09:03.0191 3860 WbioSrvc - ok
20:09:03.0207 3860 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:09:03.0238 3860 wcncsvc - ok
20:09:03.0238 3860 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:09:03.0254 3860 WcsPlugInService - ok
20:09:03.0285 3860 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:09:03.0300 3860 Wd - ok
20:09:03.0347 3860 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:09:03.0394 3860 Wdf01000 - ok
20:09:03.0410 3860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:09:03.0441 3860 WdiServiceHost - ok
20:09:03.0456 3860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:09:03.0472 3860 WdiSystemHost - ok
20:09:03.0488 3860 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:09:03.0519 3860 WebClient - ok
20:09:03.0566 3860 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:09:03.0628 3860 Wecsvc - ok
20:09:03.0628 3860 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:09:03.0675 3860 wercplsupport - ok
20:09:03.0706 3860 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:09:03.0737 3860 WerSvc - ok
20:09:03.0784 3860 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:09:03.0815 3860 WfpLwf - ok
20:09:03.0815 3860 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:09:03.0831 3860 WIMMount - ok
20:09:03.0846 3860 WinDefend - ok
20:09:03.0862 3860 WinHttpAutoProxySvc - ok
20:09:03.0909 3860 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:09:03.0956 3860 Winmgmt - ok
20:09:04.0002 3860 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 D:\Driver\C2DtoG15\WinRing0x64.sys
20:09:04.0018 3860 WinRing0_1_2_0 - ok
20:09:04.0080 3860 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:09:04.0174 3860 WinRM - ok
20:09:04.0205 3860 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:09:04.0221 3860 WinUsb - ok
20:09:04.0252 3860 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:09:04.0299 3860 Wlansvc - ok
20:09:04.0314 3860 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:09:04.0330 3860 WmiAcpi - ok
20:09:04.0346 3860 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:09:04.0377 3860 wmiApSrv - ok
20:09:04.0408 3860 WMPNetworkSvc - ok
20:09:04.0439 3860 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:09:04.0455 3860 WPCSvc - ok
20:09:04.0486 3860 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:09:04.0517 3860 WPDBusEnum - ok
20:09:04.0533 3860 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:09:04.0580 3860 ws2ifsl - ok
20:09:04.0580 3860 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:09:04.0611 3860 wscsvc - ok
20:09:04.0626 3860 WSearch - ok
20:09:04.0704 3860 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:09:04.0798 3860 wuauserv - ok
20:09:04.0814 3860 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:09:04.0845 3860 WudfPf - ok
20:09:04.0860 3860 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:04.0907 3860 WUDFRd - ok
20:09:04.0923 3860 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:09:04.0970 3860 wudfsvc - ok
20:09:04.0985 3860 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:09:05.0016 3860 WwanSvc - ok
20:09:05.0016 3860 ================ Scan global ===============================
20:09:05.0063 3860 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:09:05.0079 3860 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:09:05.0094 3860 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:09:05.0126 3860 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:09:05.0157 3860 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:09:05.0157 3860 [Global] - ok
20:09:05.0157 3860 ================ Scan MBR ==================================
20:09:05.0172 3860 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:09:06.0670 3860 \Device\Harddisk0\DR0 - ok
20:09:06.0670 3860 ================ Scan VBR ==================================
20:09:06.0748 3860 [ 04BFCF90D0BDDBA0C83FEAC9B750A7BA ] \Device\Harddisk0\DR0\Partition1
20:09:06.0842 3860 \Device\Harddisk0\DR0\Partition1 - ok
20:09:06.0888 3860 [ C8968187DEBFC363E31B36FA6D98202A ] \Device\Harddisk0\DR0\Partition2
20:09:06.0935 3860 \Device\Harddisk0\DR0\Partition2 - ok
20:09:06.0966 3860 [ 780310230913A8B413DA4110CEFEE2DA ] \Device\Harddisk0\DR0\Partition3
20:09:06.0982 3860 \Device\Harddisk0\DR0\Partition3 - ok
20:09:06.0998 3860 [ D7C4214FF89E583AD94C7018942B7CBD ] \Device\Harddisk0\DR0\Partition4
20:09:07.0091 3860 \Device\Harddisk0\DR0\Partition4 - ok
20:09:07.0091 3860 ============================================================
20:09:07.0091 3860 Scan finished
20:09:07.0091 3860 ============================================================
20:09:07.0091 3344 Detected object count: 2
20:09:07.0091 3344 Actual detected object count: 2
20:10:14.0043 3344 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:10:14.0043 3344 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:10:14.0043 3344 SystoG15Svc ( UnsignedFile.Multi.Generic ) - skipped by user
20:10:14.0043 3344 SystoG15Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 19.02.2013, 21:14

Hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tobi-idoT · 19.02.2013, 21:24

Ich bin dir sehr dank bar für deine Hilfe aber ich verstehe nicht was es bringen soll ständig irgendwelche Tools die ich nicht kenne auf meinem Rechner auszuführen. Versteh mich bitte nicht falsch will nur auf Nr. sicher gehen was bring dir die Log von Combofix im Vergleich zu den andern Logs?

markusg · 19.02.2013, 21:33

wweitere infos über evtl. vorhandene malware, und ich neme an, dass du das Problem, weswegen du hergekommen bist, lösen möchtest, also bringts dir einen sauberen pc

Tobi-idoT · 19.02.2013, 21:46

Na ich weiß ja nicht ob ich mir was eingefangen habe oder nicht, die Startseite konnte ich wieder entfernen. Hatte ja zum Glück benutzerdefinierte Installation aus geführt und nur VLC installiert. Will jetzt nur sicher gehen das mir der VLC installer nicht vielleicht doch was rauf gehauen hat was mein Kaspersky nicht erkennt. Wenn ich mir jetzt die Anleitung ComboFix durch lese (Du solltest Combofix nicht ausführen, wenn Du nicht ausdrücklich von einem ausgebildetem Helfer dazu aufgefordert wurdest. Im Zuge der enormen Fähigkeiten dieses Programmes wird außerdem dringend empfohlen, dass Du nicht ohne Betreuung durch einen trainierten Helfer versuchst, mit den von ComboFix dargestellten Informationen auf eigene Faust zu arbeiten. Wenn dem dennoch so ist, kann es zu Problemen mit der Funktionalität des Computers kommen.) Hab ich als leihe schon angst das ich was falsch mache und mein System zerschieße.

Aus diesem Grund hatte ich noch mal nach gefragt ob es wirklich nötig ist (ob dir die beiden oben gezeigten Logs irgendwelche Anzeichen von Malware zeigen)

markusg · 19.02.2013, 21:48

Hi,
es ist nötig

Tobi-idoT · 19.02.2013, 22:29

Hmm alles klar, dann werd ich es morgen mal in angriff nehmen. Dank dir noch mal für deine Hilfe.

Tobi-idoT · 21.02.2013, 16:11

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-02-21.02 - Enno 21.02.2013  15:58:04.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6143.4876 [GMT 1:00]
ausgeführt von:: c:\users\Enno\Desktop\ComboFix.exe
AV: Kaspersky Security Suite CBE *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-21 bis 2013-02-21  ))))))))))))))))))))))))))))))
.
.
2013-02-21 15:02 . 2013-02-21 15:02	--------	d-----w-	c:\users\Enno\AppData\Local\temp
2013-02-21 15:02 . 2013-02-21 15:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-21 01:02 . 2013-02-21 01:02	310688	----a-w-	c:\windows\system32\javaws.exe
2013-02-21 01:02 . 2013-02-21 01:02	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-21 01:02 . 2013-02-21 01:02	188832	----a-w-	c:\windows\system32\javaw.exe
2013-02-21 01:02 . 2013-02-21 01:02	188320	----a-w-	c:\windows\system32\java.exe
2013-02-21 01:02 . 2013-02-21 01:02	--------	d-----w-	c:\program files\Java
2013-02-21 00:56 . 2013-02-21 00:56	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-02-21 00:56 . 2013-02-21 00:55	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-21 00:55 . 2013-02-21 00:55	--------	d-----w-	c:\program files (x86)\Java
2013-02-20 20:18 . 2011-05-30 13:42	240640	----a-w-	c:\windows\SysWow64\xvidvfw.dll
2013-02-20 20:18 . 2011-05-30 13:42	255488	----a-w-	c:\windows\system32\xvidvfw.dll
2013-02-20 20:18 . 2011-05-23 09:52	153088	----a-w-	c:\windows\SysWow64\xvid.ax
2013-02-20 20:18 . 2011-05-23 07:49	173568	----a-w-	c:\windows\system32\xvid.ax
2013-02-20 20:18 . 2011-05-23 07:46	645632	----a-w-	c:\windows\SysWow64\xvidcore.dll
2013-02-20 20:18 . 2011-05-23 07:45	696832	----a-w-	c:\windows\system32\xvidcore.dll
2013-02-13 15:50 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:50 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:48 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 15:48 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 15:48 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 15:48 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 15:48 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-25 05:23 . 2013-01-25 05:23	42880	----a-w-	c:\windows\SysWow64\xfcodec.dll
2013-01-25 05:23 . 2013-01-25 05:23	28544	----a-w-	c:\windows\system32\xfcodec64.dll
2013-01-24 01:08 . 2013-01-24 01:08	98304	----a-w-	c:\windows\SysWow64\CmdLineExt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 01:02 . 2012-06-22 14:56	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-21 01:02 . 2012-06-22 14:56	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-21 00:55 . 2012-05-05 14:46	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-02-21 00:55 . 2011-12-14 21:45	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-13 15:54 . 2011-12-14 20:02	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-13 12:25 . 2012-03-28 18:41	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 12:25 . 2011-12-14 21:44	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-12 19:43 . 2011-12-14 16:34	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-12 19:43 . 2011-12-14 16:34	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-01-04 04:43 . 2013-02-13 15:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 19:23	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 19:23	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:23	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:23	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 14:16	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 14:16	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 14:16	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 14:16	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 14:16	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 14:16	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 14:16	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 14:16	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 14:16	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 14:16	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 14:16	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 14:16	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 14:16	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 14:16	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 14:16	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 14:16	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 14:16	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 14:16	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:16	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 14:16	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 14:16	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 14:16	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 14:16	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 14:16	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 14:16	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 14:16	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 14:16	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 14:16	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 14:16	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 14:16	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 14:16	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:16	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 14:15	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 14:15	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 14:15	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 14:15	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 14:15	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 14:15	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 14:15	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 14:15	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BirthdayReminder"="e:\install\My Birthday\BirthdayReminder.exe" [2002-03-09 620544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\internet\Kaspersky Internet Security\avp.exe" [2012-04-10 202296]
.
c:\users\Enno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C2DtoG15.lnk - d:\driver\C2DtoG15\C2DtoG15.exe [2012-10-11 596992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"KiesTrayAgent"=d:\driver\Samsung Kies\Kies\KiesTrayAgent.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"StartCCC"="d:\driver\Grafik Treiber\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 OODefragAgent;O&O Defrag;d:\defrag professional 15\oodag.exe [2011-11-17 3273552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\tuneup utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\tuneup utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 SystoG15Svc;SystoG15 Service;d:\driver\C2DtoG15\SystoG15Svc.exe [2011-01-26 59392]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\driver\C2DtoG15\WinRing0x64.sys [2008-07-26 14544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - d:\internet\Kaspersky Internet Security\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - d:\office~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.117.1.25 89.16.129.25
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-86538185.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-628609525-3872644991-747859412-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,4e,ac,4f,44,5e,5e,fb,cb,ed,be,a6,2e,45,48,4a,ae,cf,2b,86,74,96,99,
   b1,ed,95,9c,0f,ba,ee,c6,4d,fc,81,b7,a4,88,46,be,75,d1,c9,fb,a1,b5,af,57,fc,\
"??"=hex:6c,4a,95,f2,4f,4e,c2,04,92,5b,56,50,d1,6c,f6,3a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="1B38A5EF7881B7A83A34715E7A4D3412EDACAB2B7C184D2A9A00995BD1B58DB7B36937F5A098F8222555452E4F8274C4C573FD698109B39BE22F488FA6ECBDB6D0DF86271CBEFC0B155F6FCB57CD67821D6177E82574A96683A050517BA5EF9EE75B6D945357B5AED0A2203E9BB126182A714347B2189200449DF7727AF9F2A47093E9E673FAF8A7A1E02F20E9E2B129269331B23966B7ACEF63A6D9163A7855E7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6171C11EC38DE3D1402D9B75AC0DC289595CEE8A95CC902DD75496001E6A40146D6E87A797ED318F0E6F089DE792DC4EF4CCF2344A6ABE2472B857E69A0F79638C2D160EDACBE40DA19339C57B560830F33BC26E4C55F5EB45D3028341F324F3B0C713A3458548CFB42C9186D94B3C7E98AF1791244E8888807796765F5BA11BE04F031EEBA7FD2702BEF66801ABA7868B86269870D9EF99844A889B61B514427228A3574F504ED4646F63723ADDB02E6459185B5F2AECE2E59171E936A84D6C9008D774C8CF63D832741FD1B1ED2D237DD99233F2C1729092AB4FB1D2039BBF1DE5E6E35E541A32083C9F0639A2C601F5327597BCFAB2D59C202BAA86029675E20F1D2204DA207063A9A0BAA374DA0561AFC05775E9582C54F97393DAFE0D3C3CA56A533712B519749558CD36D6B900B4BEE46F0364ED669221D9697FAC0FEC70AA8A5C7E6C17327D5AD78F499912FDD246680DB1FA85AD0B152B9A90FFCE9062D9D5CEBA59FDDFEA5EB95D87A1F80E205E15CE041C5C17E1608CB961E1F9A0D267B915F07D187D827ECEEFC35458BA373F1C6D9AA9E45E78F27B8373F049BDF0C9ED3994B3C6C65E89F5494D38D5C9E97BBED57CB7EA27800A7B198ECDCF8751A74F54417128AC8A089570740CF82C2BF77C81CFA86998D6B192E7985AD443AAF028E3AEF5F649B23C2516DCBBC91F55B740D21F0286F797C1DE351CACE940BCEDEF510C28080E8ED77DB172C56A1910092B711CBACEC80016AD2C563ED833C1F344C8A5D286A3221E7D607F8F24E62E548094B0CB0DDDE6B4ABAB5D90D2D156A43F121F4DA2E6901E7E4722D3FB6296B1E85E397229342521DA0309DFCB4CF21DE0E04207462F7F3DFEDC42BB7FD9B903074213845E14B6DD24E797F6ABF1B556D8A1359A09ABA08CC9B1CB6304E62F8B1E27F9AB223911DF2510C3651F61C3DEA166581E1F2FE6ABEDECBF7CFCF996F68202FD155B11F60977992DB80086635E62343DB8D090BF1D969597B91B554602AC092D06DEFEF606E5DEDF09EA5093B84E5A98ECE019793D5B380B1423094DCE71DC0F20FC278653BD4B35524057FF2FADA4CA6227F4DED8078AE6E87F95719A1D087F3A1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-21  16:04:27
ComboFix-quarantined-files.txt  2013-02-21 15:04
.
Vor Suchlauf: 8 Verzeichnis(se), 10.710.929.408 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 10.179.436.544 Bytes frei
.
- - End Of File - - 76EE408FA445C9CF584A8F41170A390B

--- --- ---

markusg · 21.02.2013, 17:24

sieht gut aus.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Tobi-idoT · 21.02.2013, 20:09

Alles klar werde es aber frühstens Samstag in angriff nehmen können wegen Arbeit. Kann ich ComboFix wieder deinstallieren?

markusg · 21.02.2013, 20:11

deinstalationen machen wir später.
ok ich werde dir dann spätestens Montag antworten, wegen wochenende :-)

19.02.2013, 21:48	#10
markusg /// Malware-holic	VLC Player trojaner? Hi, es ist nötig __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

VLC Player trojaner?

Plagegeister aller Art und deren Bekämpfung: VLC Player trojaner?