| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Komischer Virus/TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2013, 16:06
| #1 |
 |  Komischer Virus/Trojaner Als ich letztens meinen Computer eingeschalten habe, habe ich gemerkt das sich Programme wie z.b Skype sich nicht sofort starten. Dann wollte ich sie selber starten, und als ich das versucht habe kam eine Meldung das die skype.exe nicht gefunden wurde. Dann habe ich selber im Pfad nachgeschaut und die datei war aber da. So läuft es bei jeden Programm, als würde es den Pfad nicht finden. Wenn ich z.b eine Datei aus dem I-net herunterlade und ausführen möchte, zeigt es mir an das es die .exe datei nicht gefunden hat. Ich habe eine Temporäre Lösung gefunden indem ich zu .exe Datei hingehe und mit rechtsklick als administrator öffne, dann funktioniert es. Habe auch schon mit Kaspersky 2 Vollscans gemacht und nichts gefunden. Kann auch keine Systemwiederherrstellung machen weil irgendwie alle Datums weg sind. |
|
05.06.2013, 16:08
| #2 |
| /// Malware-holic   | Komischer Virus/Trojaner Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
05.06.2013, 16:29
| #3 |
| | Komischer Virus/TrojanerCode:
ATTFilter OTL logfile created on: 05.06.2013 17:14:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 16.00 Gb Total Physical Memory | 13.48 Gb Available Physical Memory | 84.25% Memory free 32.97 Gb Paging File | 29.72 Gb Available in Paging File | 90.13% Paging File free Paging file location(s): c:\pagefile.sys 1000 2000d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59.62 Gb Total Space | 4.24 Gb Free Space | 7.10% Space Free | Partition Type: NTFS Drive D: | 1397.26 Gb Total Space | 1056.87 Gb Free Space | 75.64% Space Free | Partition Type: NTFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.28 21:59:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.02.20 19:12:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.18 19:55:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.09 07:47:57 | 000,392,192 | ---- | M] () -- C:\Users\Kevin\Desktop\Spammer\Spammer.exe PRC - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe PRC - [2009.08.06 07:51:20 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe ========== Modules (No Company Name) ========== MOD - [2013.05.25 02:03:38 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\77d022b1197434c411e88730b007b89a\System.Xml.Linq.ni.dll MOD - [2013.05.25 02:03:25 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b1f3ea839257551154e34750f26fa33d\System.Runtime.Serialization.ni.dll MOD - [2013.05.25 02:03:17 | 000,239,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\c2adc6c673042117a54159fb8c66bdef\System.ComponentModel.DataAnnotations.ni.dll MOD - [2013.05.21 19:57:46 | 007,249,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\228963b918b215c3e5bcbbb7fddd7365\System.Data.ni.dll MOD - [2013.05.21 19:57:45 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\847c865b860f33a319b2c6906d9a125f\System.Windows.Forms.ni.dll MOD - [2013.05.21 19:57:43 | 007,562,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7449f505f7fb206101f361c05dd7d9be\System.Xml.ni.dll MOD - [2013.05.21 19:57:42 | 006,998,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\88080c0d9e9709c55aa0494a3b05a1df\System.Core.ni.dll MOD - [2013.05.21 19:57:37 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78d3cd0fc198e323f3eb0742f23659b2\System.Drawing.ni.dll MOD - [2013.05.21 19:57:36 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ca0ef2ddc840163b27423f6ede4ddb23\System.ni.dll MOD - [2013.05.21 19:57:31 | 016,547,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\09a71502394e43062c81789367f22d1e\mscorlib.ni.dll MOD - [2012.10.09 07:47:57 | 000,392,192 | ---- | M] () -- C:\Users\Kevin\Desktop\Spammer\Spammer.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.02.01 15:09:38 | 012,907,520 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL56) SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2013.05.15 20:04:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.23 14:48:24 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\Program Files (x86)\HiPatchService.exe -- (HiPatchService) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.20 19:12:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.18 19:55:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service) SRV - [2009.08.06 07:51:20 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.22 13:59:20 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.04.22 13:59:20 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2013.04.22 13:59:20 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013.01.18 20:05:39 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013.01.18 20:05:39 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.11 16:54:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.07.28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.06.20 10:32:00 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.04.12 00:30:00 | 000,708,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.09.05 17:32:48 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.07.29 05:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.07.29 05:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.07.06 12:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011.06.16 21:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.06.16 21:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.05.19 09:55:36 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.07.23 11:55:39 | 001,261,056 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.14 14:27:44 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010.01.14 14:27:28 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2010.01.14 14:27:28 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2010.01.14 14:27:16 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) DRV:64bit: - [2010.01.14 14:27:16 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.06.05 14:46:36 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013.01.17 14:30:50 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2010.03.12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C3972EBA-6668-4F7E-AA99-9C6403D66460} IE:64bit: - HKLM\..\SearchScopes\{C3972EBA-6668-4F7E-AA99-9C6403D66460}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {C3972EBA-6668-4F7E-AA99-9C6403D66460} IE - HKLM\..\SearchScopes\{C3972EBA-6668-4F7E-AA99-9C6403D66460}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/go/x0d [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {C3972EBA-6668-4F7E-AA99-9C6403D66460} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: helper%40savefrom.net:1.79 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.http: "109.86.201.180" FF - prefs.js..network.proxy.http_port: 54321 FF - prefs.js..network.proxy.socks_version: 4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Kevin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 13:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 13:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 13:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 13:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 13:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Users\Kevin\Desktop\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Users\Kevin\Desktop\Mozilla Firefox\plugins [2012.09.06 11:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2013.05.13 20:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\y1meoa2e.default\extensions [2013.04.06 13:47:17 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\y1meoa2e.default\extensions\ich@maltegoetz.de [2013.05.13 20:19:32 | 000,101,681 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\y1meoa2e.default\extensions\helper@savefrom.net.xpi [2013.02.21 17:11:18 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\y1meoa2e.default\extensions\plugin@yontoo.com.xpi [2013.05.13 20:22:07 | 000,350,626 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\y1meoa2e.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.04.22 13:59:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Docs = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Safe Money = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtual Keyboard = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2012.11.09 17:02:10 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft-Konto-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart File not found O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [RaidCall] D:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF08ADB-E23D-498D-80C0-03132D392079}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{4986fac4-cb79-11e2-ad41-902b3498cc8e}\Shell - "" = AutoRun O33 - MountPoints2\{4986fac4-cb79-11e2-ad41-902b3498cc8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a62c4deb-f7ff-11e1-8c73-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a62c4deb-f7ff-11e1-8c73-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 23:58:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Ines Bewerbung [2013.06.02 17:51:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\OpenOffice.org [2013.06.02 17:50:28 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.06.02 17:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.06.02 17:49:42 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files [2013.05.25 11:31:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Mozilla Firefox [2013.05.25 02:33:10 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2013.05.21 18:55:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore [2013.05.21 15:23:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes [2013.05.21 15:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.21 15:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.15 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale [2013.05.09 01:35:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Game Dev Tycoon [2013.05.09 01:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.05 17:07:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.05 17:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.05 14:53:41 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 14:53:41 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 14:52:31 | 001,622,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.05 14:52:31 | 000,699,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.05 14:52:31 | 000,654,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.05 14:52:31 | 000,149,780 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.05 14:52:31 | 000,122,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.05 14:46:38 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 14:46:37 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{4EC485E2-E0C4-4756-9E8B-C57DD781D5EE}.job [2013.06.05 14:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 14:46:32 | 4292,755,454 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 13:33:25 | 000,328,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.02 23:40:48 | 003,306,258 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_174424.jpg [2013.06.02 23:14:56 | 002,062,864 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144121.jpg [2013.06.02 23:14:45 | 001,995,709 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144136.jpg [2013.06.02 22:48:14 | 002,771,061 | ---- | M] () -- C:\Users\Kevin\Desktop\2011-12-06 12.42.51.jpg [2013.06.02 22:48:12 | 002,816,295 | ---- | M] () -- C:\Users\Kevin\Desktop\2011-12-06 12.41.05.jpg [2013.06.02 22:48:00 | 002,673,059 | ---- | M] () -- C:\Users\Kevin\Desktop\2011-12-06 12.41.19.jpg [2013.06.02 21:59:08 | 000,361,130 | ---- | M] () -- C:\Users\Kevin\Desktop\AVdv.PNG [2013.06.02 21:40:48 | 000,071,082 | ---- | M] () -- C:\Users\Kevin\Desktop\ABC.PNG [2013.06.02 20:53:02 | 003,520,343 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_174430.jpg [2013.06.02 20:52:50 | 003,584,053 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_174427.jpg [2013.06.02 20:52:39 | 003,482,254 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_174417.jpg [2013.06.02 20:52:19 | 003,103,521 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_171320.jpg [2013.06.02 20:52:11 | 002,949,227 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_171316.jpg [2013.06.02 20:52:00 | 002,979,796 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_171313.jpg [2013.06.02 20:51:55 | 003,205,020 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_171301.jpg [2013.06.02 20:51:46 | 003,214,987 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144922.jpg [2013.06.02 20:51:30 | 002,637,565 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144813.jpg [2013.06.02 20:51:28 | 003,209,451 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144740.jpg [2013.06.02 20:51:21 | 003,445,430 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144719.jpg [2013.06.02 20:51:13 | 003,435,166 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144716.jpg [2013.06.02 20:50:53 | 002,491,004 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144528.jpg [2013.06.02 20:50:51 | 003,300,455 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144501.jpg [2013.06.02 20:50:36 | 003,036,610 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144453.jpg [2013.06.02 20:50:27 | 003,372,594 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144447.jpg [2013.06.02 20:50:12 | 002,984,341 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144429.jpg [2013.06.02 20:50:03 | 002,750,150 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144421.jpg [2013.06.02 20:49:53 | 002,832,822 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144418.jpg [2013.06.02 20:49:40 | 002,630,779 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144401.jpg [2013.06.02 20:49:26 | 002,498,929 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144329.jpg [2013.06.02 20:49:15 | 002,562,650 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144320.jpg [2013.06.02 20:49:05 | 002,582,748 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144318.jpg [2013.06.02 20:48:30 | 002,819,073 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144056.jpg [2013.06.02 20:48:26 | 002,771,780 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144040.jpg [2013.06.02 20:48:07 | 003,306,264 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144010.jpg [2013.06.02 20:47:45 | 003,310,391 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_144008.jpg [2013.06.02 20:47:20 | 003,049,214 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_143953.jpg [2013.06.02 20:47:07 | 003,142,784 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_143940.jpg [2013.06.02 20:46:45 | 002,412,793 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_124556.jpg [2013.06.02 20:46:29 | 002,188,324 | ---- | M] () -- C:\Users\Kevin\Desktop\20130529_124552.jpg [2013.06.02 17:51:53 | 000,001,201 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.06.02 17:50:28 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.31 23:00:27 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.31 23:00:27 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.31 23:00:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.28 22:22:17 | 000,212,969 | ---- | M] () -- C:\Users\Kevin\Desktop\Virus.PNG [2013.05.28 21:56:24 | 000,000,000 | ---- | M] () -- C:\Users\Kevin\defogger_reenable [2013.05.25 01:28:57 | 000,049,105 | ---- | M] () -- C:\Users\Kevin\Desktop\1369434405574.jpg [2013.05.24 17:02:04 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk [2013.05.21 19:55:26 | 001,595,702 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.21 19:16:07 | 000,024,967 | ---- | M] () -- C:\Users\Kevin\Desktop\Virus...PNG [2013.05.21 19:15:34 | 000,050,323 | ---- | M] () -- C:\Users\Kevin\Desktop\Passiert bei jedem Programm.PNG [2013.05.21 19:01:28 | 000,002,543 | ---- | M] () -- C:\Windows\diagwrn.xml [2013.05.21 19:01:12 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2013.05.21 18:20:58 | 000,004,022 | ---- | M] () -- C:\Users\Kevin\Desktop\Windows-Kompatibilitätsbericht.htm [2013.05.18 18:31:49 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.05.16 14:34:03 | 000,350,737 | ---- | M] () -- C:\Users\Kevin\Desktop\ddPNG.PNG [2013.05.15 19:13:29 | 000,005,099 | ---- | M] () -- C:\Users\Kevin\AppData\Local\recently-used.xbel [2013.05.13 06:59:07 | 002,653,353 | ---- | M] () -- C:\Users\Kevin\Desktop\20130513_053031.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 23:57:43 | 298,329,274 | ---- | C] () -- C:\Users\Kevin\Desktop\Microsoft Word 2010 + Crack {LCD}.rar [2013.06.02 22:47:43 | 002,771,061 | ---- | C] () -- C:\Users\Kevin\Desktop\2011-12-06 12.42.51.jpg [2013.06.02 22:47:40 | 002,816,295 | ---- | C] () -- C:\Users\Kevin\Desktop\2011-12-06 12.41.05.jpg [2013.06.02 22:47:28 | 002,673,059 | ---- | C] () -- C:\Users\Kevin\Desktop\2011-12-06 12.41.19.jpg [2013.06.02 21:59:08 | 000,361,130 | ---- | C] () -- C:\Users\Kevin\Desktop\AVdv.PNG [2013.06.02 21:40:48 | 000,071,082 | ---- | C] () -- C:\Users\Kevin\Desktop\ABC.PNG [2013.06.02 20:52:27 | 003,520,343 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_174430.jpg [2013.06.02 20:52:15 | 003,584,053 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_174427.jpg [2013.06.02 20:52:08 | 003,306,258 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_174424.jpg [2013.06.02 20:52:04 | 003,482,254 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_174417.jpg [2013.06.02 20:51:48 | 003,103,521 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_171320.jpg [2013.06.02 20:51:42 | 002,949,227 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_171316.jpg [2013.06.02 20:51:30 | 002,979,796 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_171313.jpg [2013.06.02 20:51:23 | 003,205,020 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_171301.jpg [2013.06.02 20:51:13 | 003,214,987 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144922.jpg [2013.06.02 20:51:03 | 002,637,565 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144813.jpg [2013.06.02 20:50:55 | 003,209,451 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144740.jpg [2013.06.02 20:50:46 | 003,445,430 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144719.jpg [2013.06.02 20:50:38 | 003,435,166 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144716.jpg [2013.06.02 20:50:28 | 002,491,004 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144528.jpg [2013.06.02 20:50:18 | 003,300,455 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144501.jpg [2013.06.02 20:50:06 | 003,036,610 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144453.jpg [2013.06.02 20:49:54 | 003,372,594 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144447.jpg [2013.06.02 20:49:43 | 002,984,341 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144429.jpg [2013.06.02 20:49:35 | 002,750,150 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144421.jpg [2013.06.02 20:49:25 | 002,832,822 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144418.jpg [2013.06.02 20:49:14 | 002,630,779 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144401.jpg [2013.06.02 20:49:02 | 002,498,929 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144329.jpg [2013.06.02 20:48:50 | 002,562,650 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144320.jpg [2013.06.02 20:48:39 | 002,582,748 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144318.jpg [2013.06.02 20:48:27 | 001,995,709 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144136.jpg [2013.06.02 20:48:15 | 002,062,864 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144121.jpg [2013.06.02 20:48:03 | 002,819,073 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144056.jpg [2013.06.02 20:47:59 | 002,771,780 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144040.jpg [2013.06.02 20:47:35 | 003,306,264 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144010.jpg [2013.06.02 20:47:14 | 003,310,391 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_144008.jpg [2013.06.02 20:46:50 | 003,049,214 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_143953.jpg [2013.06.02 20:46:36 | 003,142,784 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_143940.jpg [2013.06.02 20:46:10 | 002,412,793 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_124556.jpg [2013.06.02 20:45:56 | 002,188,324 | ---- | C] () -- C:\Users\Kevin\Desktop\20130529_124552.jpg [2013.06.02 17:51:53 | 000,001,201 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.06.02 17:50:28 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.28 22:22:17 | 000,212,969 | ---- | C] () -- C:\Users\Kevin\Desktop\Virus.PNG [2013.05.28 21:56:24 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\defogger_reenable [2013.05.25 01:28:57 | 000,049,105 | ---- | C] () -- C:\Users\Kevin\Desktop\1369434405574.jpg [2013.05.21 19:16:07 | 000,024,967 | ---- | C] () -- C:\Users\Kevin\Desktop\Virus...PNG [2013.05.21 19:15:34 | 000,050,323 | ---- | C] () -- C:\Users\Kevin\Desktop\Passiert bei jedem Programm.PNG [2013.05.21 17:55:33 | 000,004,022 | ---- | C] () -- C:\Users\Kevin\Desktop\Windows-Kompatibilitätsbericht.htm [2013.05.16 14:34:03 | 000,350,737 | ---- | C] () -- C:\Users\Kevin\Desktop\ddPNG.PNG [2013.05.15 19:13:29 | 000,005,099 | ---- | C] () -- C:\Users\Kevin\AppData\Local\recently-used.xbel [2013.05.13 06:57:38 | 002,653,353 | ---- | C] () -- C:\Users\Kevin\Desktop\20130513_053031.jpg [2013.04.12 15:13:08 | 000,000,239 | ---- | C] () -- C:\Windows\ODBCINST.INI [2013.02.23 00:13:53 | 000,000,044 | ---- | C] () -- C:\Users\Kevin\jagex_cl_oldschool_LIVE.dat [2013.02.23 00:13:53 | 000,000,001 | ---- | C] () -- C:\Users\Kevin\random.dat [2013.01.17 14:30:50 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013.01.16 20:33:39 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.16 20:33:38 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.01.16 20:33:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.12 07:23:16 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.12.12 07:23:12 | 000,084,575 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.12.12 07:23:06 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.12.12 07:23:04 | 000,004,211 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.12.12 07:23:03 | 000,000,593 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.10.29 20:57:01 | 093,754,428 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\.minecraft.rar [2012.10.04 14:15:04 | 000,007,597 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg [2012.09.06 11:36:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.09.06 11:01:14 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.09.06 11:01:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2012.09.04 13:27:33 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.09.04 13:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.30 09:11:21 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.30 09:11:21 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.08.30 09:11:20 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.16 15:09:19 | 001,595,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.09 21:26:15 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\.minecraft [2013.01.16 19:11:54 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ASUS [2013.04.16 15:49:23 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.05.15 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\deluge [2013.02.08 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Downloaded Installations [2013.03.03 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Fatshark [2013.04.10 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\foobar2000 [2012.09.06 12:51:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient [2013.04.12 15:15:15 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\MySQL [2012.10.01 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Notepad++ [2013.04.27 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NuGet [2013.06.02 17:51:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenOffice.org [2013.06.05 16:58:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin [2013.03.16 15:20:14 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\raidcall [2012.10.10 18:55:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Rainmeter [2012.09.19 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Raptr [2012.09.25 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2012.09.22 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SendSpace [2012.10.22 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Subversion [2012.10.12 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TeamViewer [2012.09.11 16:55:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TrueCrypt [2013.02.02 23:21:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TS3Client ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.01.19 15:25:29 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.01.30 13:54:14 | 000,000,000 | ---D | M] -- C:\AMD [2012.09.04 13:30:22 | 000,000,000 | -HSD | M] -- C:\Boot [2012.09.06 10:59:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.02.06 22:48:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.04.16 16:08:28 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.02 17:50:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.05.21 16:52:37 | 000,000,000 | ---D | M] -- C:\ProgramData [2012.09.06 10:59:38 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.06 11:01:10 | 000,000,000 | ---D | M] -- C:\RaidTool [2013.05.21 18:56:43 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.06 12:14:17 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.11.09 17:19:39 | 000,000,000 | ---D | M] -- C:\Simba [2013.06.05 17:15:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.12 07:56:35 | 000,000,000 | ---D | M] -- C:\Temp [2012.09.06 11:02:01 | 000,000,000 | R--D | M] -- C:\Users [2013.05.25 02:33:10 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,005,166 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.06 11:29:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.09.22 18:08:16 | 000,000,412 | -H-- | C] () -- C:\Windows\Tasks\OptimizerPro1UpdaterTask{4EC485E2-E0C4-4756-9E8B-C57DD781D5EE}.job [2013.02.20 20:51:39 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.02.20 20:51:39 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.05.28 21:56:24 | 000,000,000 | ---- | M] () -- C:\Users\Kevin\defogger_reenable [2013.02.23 00:13:53 | 000,000,044 | ---- | M] () -- C:\Users\Kevin\jagex_cl_oldschool_LIVE.dat [2013.06.05 17:18:54 | 002,359,296 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat [2013.06.05 17:18:53 | 000,262,144 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat.LOG1 [2012.09.06 11:02:06 | 000,000,000 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat.LOG2 [2012.09.06 11:23:07 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.09.06 11:23:07 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.09.06 11:23:07 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.05.21 15:58:43 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat{c2a1bdd8-c21d-11e2-8814-902b3498cc8e}.TM.blf [2013.05.21 15:58:43 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat{c2a1bdd8-c21d-11e2-8814-902b3498cc8e}.TMContainer00000000000000000001.regtrans-ms [2013.05.21 15:58:43 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat{c2a1bdd8-c21d-11e2-8814-902b3498cc8e}.TMContainer00000000000000000002.regtrans-ms [2010.11.21 04:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\Kevin\ntuser.ini [2013.02.23 00:14:45 | 000,000,001 | ---- | M] () -- C:\Users\Kevin\random.dat < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
05.06.2013, 18:12
| #4 |
| /// Malware-holic | Komischer Virus/Trojaner Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 19:23
| #5 |
| | Komischer Virus/TrojanerCode:
ATTFilter 20:19:09.0687 5432 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:19:09.0834 5432 ============================================================
20:19:09.0834 5432 Current date / time: 2013/06/05 20:19:09.0834
20:19:09.0834 5432 SystemInfo:
20:19:09.0834 5432
20:19:09.0834 5432 OS Version: 6.1.7601 ServicePack: 1.0
20:19:09.0834 5432 Product type: Workstation
20:19:09.0834 5432 ComputerName: ****-PC
20:19:09.0835 5432 UserName: *****
20:19:09.0835 5432 Windows directory: C:\Windows
20:19:09.0835 5432 System windows directory: C:\Windows
20:19:09.0835 5432 Running under WOW64
20:19:09.0835 5432 Processor architecture: Intel x64
20:19:09.0835 5432 Number of processors: 8
20:19:09.0835 5432 Page size: 0x1000
20:19:09.0835 5432 Boot type: Normal boot
20:19:09.0835 5432 ============================================================
20:19:10.0365 5432 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:19:10.0374 5432 Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:19:10.0379 5432 ============================================================
20:19:10.0379 5432 \Device\Harddisk0\DR0:
20:19:10.0379 5432 MBR partitions:
20:19:10.0379 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
20:19:10.0379 5432 \Device\Harddisk1\DR1:
20:19:10.0379 5432 MBR partitions:
20:19:10.0379 5432 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773FAB0
20:19:10.0379 5432 ============================================================
20:19:10.0380 5432 C: <-> \Device\Harddisk1\DR1\Partition1
20:19:10.0392 5432 D: <-> \Device\Harddisk0\DR0\Partition1
20:19:10.0392 5432 ============================================================
20:19:10.0393 5432 Initialize success
20:19:10.0393 5432 ============================================================
20:19:41.0894 5732 ============================================================
20:19:41.0894 5732 Scan started
20:19:41.0894 5732 Mode: Manual; SigCheck; TDLFS;
20:19:41.0894 5732 ============================================================
20:19:42.0471 5732 ================ Scan system memory ========================
20:19:42.0471 5732 System memory - ok
20:19:42.0472 5732 ================ Scan services =============================
20:19:42.0497 5732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:19:42.0544 5732 1394ohci - ok
20:19:42.0550 5732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:19:42.0564 5732 ACPI - ok
20:19:42.0568 5732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:19:42.0582 5732 AcpiPmi - ok
20:19:42.0586 5732 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:19:42.0597 5732 AdobeARMservice - ok
20:19:42.0611 5732 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:19:42.0622 5732 AdobeFlashPlayerUpdateSvc - ok
20:19:42.0630 5732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:19:42.0648 5732 adp94xx - ok
20:19:42.0654 5732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:19:42.0669 5732 adpahci - ok
20:19:42.0674 5732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:19:42.0687 5732 adpu320 - ok
20:19:42.0692 5732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:19:42.0723 5732 AeLookupSvc - ok
20:19:42.0731 5732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:19:42.0748 5732 AFD - ok
20:19:42.0751 5732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:19:42.0762 5732 agp440 - ok
20:19:42.0766 5732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:19:42.0778 5732 ALG - ok
20:19:42.0782 5732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:19:42.0792 5732 aliide - ok
20:19:42.0797 5732 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:19:42.0814 5732 AMD External Events Utility - ok
20:19:42.0818 5732 AMD FUEL Service - ok
20:19:42.0821 5732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:19:42.0831 5732 amdide - ok
20:19:42.0834 5732 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
20:19:42.0851 5732 amdiox64 - ok
20:19:42.0855 5732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:19:42.0867 5732 AmdK8 - ok
20:19:42.0951 5732 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:19:43.0092 5732 amdkmdag - ok
20:19:43.0104 5732 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:19:43.0123 5732 amdkmdap - ok
20:19:43.0127 5732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:19:43.0139 5732 AmdPPM - ok
20:19:43.0143 5732 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:19:43.0151 5732 amdsata - ok
20:19:43.0156 5732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:19:43.0168 5732 amdsbs - ok
20:19:43.0172 5732 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:19:43.0180 5732 amdxata - ok
20:19:43.0184 5732 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
20:19:43.0194 5732 amd_sata - ok
20:19:43.0198 5732 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
20:19:43.0206 5732 amd_xata - ok
20:19:43.0210 5732 [ B934322C68C30DCECA96C0274A51F7B0 ] AODDriver C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
20:19:43.0219 5732 AODDriver - ok
20:19:43.0221 5732 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:19:43.0230 5732 AODDriver4.2 - ok
20:19:43.0234 5732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:19:43.0264 5732 AppID - ok
20:19:43.0268 5732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:19:43.0299 5732 AppIDSvc - ok
20:19:43.0303 5732 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:19:43.0315 5732 Appinfo - ok
20:19:43.0318 5732 [ 4A0EDCA9BD0D24E7C424EE3C9D35A761 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
20:19:43.0327 5732 AppleCharger - ok
20:19:43.0330 5732 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
20:19:43.0340 5732 AppleChargerSrv - ok
20:19:43.0343 5732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:19:43.0355 5732 arc - ok
20:19:43.0359 5732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:19:43.0370 5732 arcsas - ok
20:19:43.0379 5732 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:19:43.0391 5732 aspnet_state - ok
20:19:43.0395 5732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:19:43.0426 5732 AsyncMac - ok
20:19:43.0429 5732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:19:43.0439 5732 atapi - ok
20:19:43.0445 5732 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:19:43.0456 5732 AtiHDAudioService - ok
20:19:43.0465 5732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:19:43.0501 5732 AudioEndpointBuilder - ok
20:19:43.0510 5732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:19:43.0544 5732 AudioSrv - ok
20:19:43.0554 5732 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
20:19:43.0568 5732 AVP - ok
20:19:43.0573 5732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:19:43.0590 5732 AxInstSV - ok
20:19:43.0598 5732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:19:43.0613 5732 b06bdrv - ok
20:19:43.0619 5732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:19:43.0634 5732 b57nd60a - ok
20:19:43.0639 5732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:19:43.0651 5732 BDESVC - ok
20:19:43.0654 5732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:19:43.0684 5732 Beep - ok
20:19:43.0694 5732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:19:43.0729 5732 BFE - ok
20:19:43.0740 5732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:19:43.0781 5732 BITS - ok
20:19:43.0785 5732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:19:43.0796 5732 blbdrive - ok
20:19:43.0800 5732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:19:43.0811 5732 bowser - ok
20:19:43.0814 5732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:19:43.0828 5732 BrFiltLo - ok
20:19:43.0831 5732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:19:43.0844 5732 BrFiltUp - ok
20:19:43.0848 5732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:19:43.0861 5732 Browser - ok
20:19:43.0867 5732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:19:43.0881 5732 Brserid - ok
20:19:43.0885 5732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:19:43.0899 5732 BrSerWdm - ok
20:19:43.0902 5732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:19:43.0915 5732 BrUsbMdm - ok
20:19:43.0919 5732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:19:43.0930 5732 BrUsbSer - ok
20:19:43.0934 5732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:19:43.0950 5732 BTHMODEM - ok
20:19:43.0955 5732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:19:43.0987 5732 bthserv - ok
20:19:43.0991 5732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:19:44.0034 5732 cdfs - ok
20:19:44.0038 5732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:19:44.0051 5732 cdrom - ok
20:19:44.0055 5732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:19:44.0091 5732 CertPropSvc - ok
20:19:44.0094 5732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:19:44.0108 5732 circlass - ok
20:19:44.0115 5732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:19:44.0129 5732 CLFS - ok
20:19:44.0134 5732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:19:44.0144 5732 clr_optimization_v2.0.50727_32 - ok
20:19:44.0148 5732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:19:44.0158 5732 clr_optimization_v2.0.50727_64 - ok
20:19:44.0164 5732 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:19:44.0177 5732 clr_optimization_v4.0.30319_32 - ok
20:19:44.0181 5732 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:19:44.0193 5732 clr_optimization_v4.0.30319_64 - ok
20:19:44.0197 5732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:19:44.0214 5732 CmBatt - ok
20:19:44.0218 5732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:19:44.0227 5732 cmdide - ok
20:19:44.0241 5732 [ 2DECC0F887375AC45948B681EDCC8E3A ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
20:19:44.0271 5732 cmudaxp - ok
20:19:44.0279 5732 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:19:44.0300 5732 CNG - ok
20:19:44.0304 5732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:19:44.0313 5732 Compbatt - ok
20:19:44.0317 5732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:19:44.0336 5732 CompositeBus - ok
20:19:44.0339 5732 COMSysApp - ok
20:19:44.0352 5732 cpuz136 - ok
20:19:44.0356 5732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:19:44.0366 5732 crcdisk - ok
20:19:44.0372 5732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:19:44.0384 5732 CryptSvc - ok
20:19:44.0393 5732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:19:44.0428 5732 DcomLaunch - ok
20:19:44.0435 5732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:19:44.0468 5732 defragsvc - ok
20:19:44.0472 5732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:19:44.0503 5732 DfsC - ok
20:19:44.0509 5732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:19:44.0523 5732 Dhcp - ok
20:19:44.0527 5732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:19:44.0558 5732 discache - ok
20:19:44.0562 5732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:19:44.0573 5732 Disk - ok
20:19:44.0578 5732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:19:44.0591 5732 Dnscache - ok
20:19:44.0596 5732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:19:44.0630 5732 dot3svc - ok
20:19:44.0634 5732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:19:44.0666 5732 DPS - ok
20:19:44.0669 5732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:19:44.0682 5732 drmkaud - ok
20:19:44.0694 5732 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:19:44.0717 5732 DXGKrnl - ok
20:19:44.0722 5732 [ A6DB3A7828B456A574243066E2E77D8C ] E100B C:\Windows\system32\DRIVERS\efe5b32e.sys
20:19:44.0735 5732 E100B - ok
20:19:44.0740 5732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:19:44.0772 5732 EapHost - ok
20:19:44.0800 5732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:19:44.0850 5732 ebdrv - ok
20:19:44.0854 5732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:19:44.0866 5732 EFS - ok
20:19:44.0876 5732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:19:44.0895 5732 ehRecvr - ok
20:19:44.0899 5732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:19:44.0911 5732 ehSched - ok
20:19:44.0919 5732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:19:44.0937 5732 elxstor - ok
20:19:44.0940 5732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:19:44.0951 5732 ErrDev - ok
20:19:44.0955 5732 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
20:19:44.0964 5732 ES lite Service - ok
20:19:44.0969 5732 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
20:19:44.0980 5732 EtronHub3 - ok
20:19:44.0984 5732 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
20:19:44.0993 5732 EtronXHCI - ok
20:19:45.0002 5732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:19:45.0036 5732 EventSystem - ok
20:19:45.0042 5732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:19:45.0074 5732 exfat - ok
20:19:45.0079 5732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:19:45.0113 5732 fastfat - ok
20:19:45.0122 5732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:19:45.0141 5732 Fax - ok
20:19:45.0147 5732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:19:45.0159 5732 fdc - ok
20:19:45.0162 5732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:19:45.0193 5732 fdPHost - ok
20:19:45.0196 5732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:19:45.0227 5732 FDResPub - ok
20:19:45.0231 5732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:19:45.0241 5732 FileInfo - ok
20:19:45.0245 5732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:19:45.0275 5732 Filetrace - ok
20:19:45.0278 5732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:19:45.0289 5732 flpydisk - ok
20:19:45.0295 5732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:19:45.0309 5732 FltMgr - ok
20:19:45.0322 5732 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:19:45.0346 5732 FontCache - ok
20:19:45.0350 5732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:19:45.0359 5732 FontCache3.0.0.0 - ok
20:19:45.0363 5732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:19:45.0373 5732 FsDepends - ok
20:19:45.0377 5732 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:19:45.0389 5732 fssfltr - ok
20:19:45.0391 5732 fsssvc - ok
20:19:45.0396 5732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:19:45.0406 5732 Fs_Rec - ok
20:19:45.0410 5732 [ 290EBA98AD0CE0D1B880B5D71194B069 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
20:19:45.0422 5732 Futuremark SystemInfo Service - ok
20:19:45.0428 5732 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:19:45.0443 5732 fvevol - ok
20:19:45.0447 5732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:19:45.0458 5732 gagp30kx - ok
20:19:45.0461 5732 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
20:19:45.0469 5732 gdrv - ok
20:19:45.0479 5732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:19:45.0517 5732 gpsvc - ok
20:19:45.0522 5732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:19:45.0531 5732 gupdate - ok
20:19:45.0534 5732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:19:45.0543 5732 gupdatem - ok
20:19:45.0546 5732 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
20:19:45.0556 5732 GVTDrv64 - ok
20:19:45.0559 5732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:19:45.0569 5732 hcw85cir - ok
20:19:45.0576 5732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:19:45.0592 5732 HdAudAddService - ok
20:19:45.0597 5732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:19:45.0611 5732 HDAudBus - ok
20:19:45.0619 5732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:19:45.0637 5732 HidBatt - ok
20:19:45.0643 5732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:19:45.0660 5732 HidBth - ok
20:19:45.0663 5732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:19:45.0676 5732 HidIr - ok
20:19:45.0680 5732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:19:45.0713 5732 hidserv - ok
20:19:45.0721 5732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:19:45.0732 5732 HidUsb - ok
20:19:45.0768 5732 [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService D:\Program Files (x86)\HiPatchService.exe
20:19:45.0783 5732 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
20:19:45.0783 5732 HiPatchService - detected UnsignedFile.Multi.Generic (1)
20:19:45.0787 5732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:19:45.0832 5732 hkmsvc - ok
20:19:45.0838 5732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:19:45.0852 5732 HomeGroupListener - ok
20:19:45.0857 5732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:19:45.0870 5732 HomeGroupProvider - ok
20:19:45.0874 5732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:19:45.0884 5732 HpSAMD - ok
20:19:45.0894 5732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:19:45.0931 5732 HTTP - ok
20:19:45.0935 5732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:19:45.0945 5732 hwpolicy - ok
20:19:45.0948 5732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:19:45.0960 5732 i8042prt - ok
20:19:45.0966 5732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:19:45.0981 5732 iaStorV - ok
20:19:45.0985 5732 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:19:45.0990 5732 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:19:45.0990 5732 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:19:46.0001 5732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:19:46.0022 5732 idsvc - ok
20:19:46.0026 5732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:19:46.0037 5732 iirsp - ok
20:19:46.0048 5732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:19:46.0086 5732 IKEEXT - ok
20:19:46.0114 5732 [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:19:46.0169 5732 IntcAzAudAddService - ok
20:19:46.0173 5732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:19:46.0183 5732 intelide - ok
20:19:46.0187 5732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
20:19:46.0199 5732 intelppm - ok
20:19:46.0202 5732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:19:46.0234 5732 IPBusEnum - ok
20:19:46.0238 5732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:19:46.0268 5732 IpFilterDriver - ok
20:19:46.0276 5732 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:19:46.0293 5732 iphlpsvc - ok
20:19:46.0297 5732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:19:46.0309 5732 IPMIDRV - ok
20:19:46.0313 5732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:19:46.0344 5732 IPNAT - ok
20:19:46.0348 5732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:19:46.0363 5732 IRENUM - ok
20:19:46.0366 5732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:19:46.0376 5732 isapnp - ok
20:19:46.0382 5732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:19:46.0396 5732 iScsiPrt - ok
20:19:46.0408 5732 [ B4CDA1B4263B53D249AC27A4892DA634 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
20:19:46.0413 5732 JMB36X ( UnsignedFile.Multi.Generic ) - warning
20:19:46.0413 5732 JMB36X - detected UnsignedFile.Multi.Generic (1)
20:19:46.0417 5732 [ C0D9BA660A41EE8A269EF804E6CD0D7B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:19:46.0427 5732 JRAID - ok
20:19:46.0431 5732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:19:46.0442 5732 kbdclass - ok
20:19:46.0445 5732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:19:46.0456 5732 kbdhid - ok
20:19:46.0460 5732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:19:46.0470 5732 KeyIso - ok
20:19:46.0478 5732 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:19:46.0494 5732 kl1 - ok
20:19:46.0505 5732 [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:19:46.0523 5732 KLIF - ok
20:19:46.0527 5732 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:19:46.0537 5732 KLIM6 - ok
20:19:46.0540 5732 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
20:19:46.0550 5732 klkbdflt - ok
20:19:46.0553 5732 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:19:46.0563 5732 klmouflt - ok
20:19:46.0566 5732 [ 982974975E679276F0FA39EFA331A268 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
20:19:46.0576 5732 kltdi - ok
20:19:46.0581 5732 [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps C:\Windows\system32\DRIVERS\kneps.sys
20:19:46.0592 5732 kneps - ok
20:19:46.0596 5732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:19:46.0607 5732 KSecDD - ok
20:19:46.0612 5732 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:19:46.0623 5732 KSecPkg - ok
20:19:46.0627 5732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:19:46.0658 5732 ksthunk - ok
20:19:46.0664 5732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:19:46.0699 5732 KtmRm - ok
20:19:46.0705 5732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:19:46.0737 5732 LanmanServer - ok
20:19:46.0741 5732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:19:46.0773 5732 LanmanWorkstation - ok
20:19:46.0778 5732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:19:46.0809 5732 lltdio - ok
20:19:46.0815 5732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:19:46.0850 5732 lltdsvc - ok
20:19:46.0853 5732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:19:46.0884 5732 lmhosts - ok
20:19:46.0889 5732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:19:46.0901 5732 LSI_FC - ok
20:19:46.0905 5732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:19:46.0916 5732 LSI_SAS - ok
20:19:46.0920 5732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:19:46.0931 5732 LSI_SAS2 - ok
20:19:46.0935 5732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:19:46.0946 5732 LSI_SCSI - ok
20:19:46.0950 5732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:19:46.0981 5732 luafv - ok
20:19:46.0985 5732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:19:46.0999 5732 Mcx2Svc - ok
20:19:47.0002 5732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:19:47.0012 5732 megasas - ok
20:19:47.0018 5732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:19:47.0032 5732 MegaSR - ok
20:19:47.0036 5732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:19:47.0068 5732 MMCSS - ok
20:19:47.0071 5732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:19:47.0102 5732 Modem - ok
20:19:47.0106 5732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:19:47.0119 5732 monitor - ok
20:19:47.0122 5732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:19:47.0133 5732 mouclass - ok
20:19:47.0136 5732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:19:47.0147 5732 mouhid - ok
20:19:47.0151 5732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:19:47.0162 5732 mountmgr - ok
20:19:47.0165 5732 MozillaMaintenance - ok
20:19:47.0171 5732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:19:47.0183 5732 mpio - ok
20:19:47.0187 5732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:19:47.0218 5732 mpsdrv - ok
20:19:47.0234 5732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:19:47.0274 5732 MpsSvc - ok
20:19:47.0279 5732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:19:47.0295 5732 MRxDAV - ok
20:19:47.0301 5732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:19:47.0313 5732 mrxsmb - ok
20:19:47.0321 5732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:19:47.0334 5732 mrxsmb10 - ok
20:19:47.0338 5732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:19:47.0350 5732 mrxsmb20 - ok
20:19:47.0353 5732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:19:47.0363 5732 msahci - ok
20:19:47.0368 5732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:19:47.0380 5732 msdsm - ok
20:19:47.0388 5732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:19:47.0402 5732 MSDTC - ok
20:19:47.0408 5732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:19:47.0439 5732 Msfs - ok
20:19:47.0442 5732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:19:47.0473 5732 mshidkmdf - ok
20:19:47.0476 5732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:19:47.0486 5732 msisadrv - ok
20:19:47.0491 5732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:19:47.0523 5732 MSiSCSI - ok
20:19:47.0526 5732 msiserver - ok
20:19:47.0529 5732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:19:47.0560 5732 MSKSSRV - ok
20:19:47.0563 5732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:19:47.0594 5732 MSPCLOCK - ok
20:19:47.0597 5732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:19:47.0628 5732 MSPQM - ok
20:19:47.0634 5732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:19:47.0649 5732 MsRPC - ok
20:19:47.0654 5732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:19:47.0664 5732 mssmbios - ok
20:19:47.0667 5732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:19:47.0698 5732 MSTEE - ok
20:19:47.0701 5732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:19:47.0712 5732 MTConfig - ok
20:19:47.0716 5732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:19:47.0726 5732 Mup - ok
20:19:47.0730 5732 MySQL56 - ok
20:19:47.0738 5732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:19:47.0772 5732 napagent - ok
20:19:47.0778 5732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:19:47.0797 5732 NativeWifiP - ok
20:19:47.0809 5732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:19:47.0830 5732 NDIS - ok
20:19:47.0834 5732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:19:47.0865 5732 NdisCap - ok
20:19:47.0868 5732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:19:47.0899 5732 NdisTapi - ok
20:19:47.0903 5732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:19:47.0933 5732 Ndisuio - ok
20:19:47.0938 5732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:19:47.0970 5732 NdisWan - ok
20:19:47.0974 5732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:19:48.0004 5732 NDProxy - ok
20:19:48.0007 5732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:19:48.0038 5732 NetBIOS - ok
20:19:48.0044 5732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:19:48.0075 5732 NetBT - ok
20:19:48.0078 5732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:19:48.0089 5732 Netlogon - ok
20:19:48.0096 5732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:19:48.0131 5732 Netman - ok
20:19:48.0137 5732 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:48.0151 5732 NetMsmqActivator - ok
20:19:48.0155 5732 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:48.0167 5732 NetPipeActivator - ok
20:19:48.0175 5732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:19:48.0211 5732 netprofm - ok
20:19:48.0215 5732 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:48.0228 5732 NetTcpActivator - ok
20:19:48.0231 5732 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:48.0243 5732 NetTcpPortSharing - ok
20:19:48.0247 5732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:19:48.0258 5732 nfrd960 - ok
20:19:48.0263 5732 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:19:48.0278 5732 NlaSvc - ok
20:19:48.0282 5732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:19:48.0313 5732 Npfs - ok
20:19:48.0316 5732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:19:48.0347 5732 nsi - ok
20:19:48.0350 5732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:19:48.0381 5732 nsiproxy - ok
20:19:48.0399 5732 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:19:48.0433 5732 Ntfs - ok
20:19:48.0437 5732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:19:48.0467 5732 Null - ok
20:19:48.0555 5732 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:19:48.0739 5732 nvlddmkm - ok
20:19:48.0748 5732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:19:48.0760 5732 nvraid - ok
20:19:48.0764 5732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:19:48.0776 5732 nvstor - ok
20:19:48.0780 5732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:19:48.0792 5732 nv_agp - ok
20:19:48.0796 5732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:19:48.0808 5732 ohci1394 - ok
20:19:48.0813 5732 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:19:48.0823 5732 ose - ok
20:19:48.0865 5732 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:19:48.0951 5732 osppsvc - ok
20:19:48.0959 5732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:19:48.0973 5732 p2pimsvc - ok
20:19:48.0981 5732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:19:48.0996 5732 p2psvc - ok
20:19:49.0000 5732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:19:49.0012 5732 Parport - ok
20:19:49.0016 5732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:19:49.0027 5732 partmgr - ok
20:19:49.0031 5732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:19:49.0049 5732 PcaSvc - ok
20:19:49.0054 5732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:19:49.0065 5732 pci - ok
20:19:49.0069 5732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:19:49.0079 5732 pciide - ok
20:19:49.0084 5732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:19:49.0097 5732 pcmcia - ok
20:19:49.0101 5732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:19:49.0111 5732 pcw - ok
20:19:49.0120 5732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:19:49.0157 5732 PEAUTH - ok
20:19:49.0163 5732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:19:49.0175 5732 PerfHost - ok
20:19:49.0195 5732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:19:49.0241 5732 pla - ok
20:19:49.0248 5732 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:19:49.0264 5732 PlugPlay - ok
20:19:49.0267 5732 PnkBstrA - ok
20:19:49.0271 5732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:19:49.0282 5732 PNRPAutoReg - ok
20:19:49.0288 5732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:19:49.0301 5732 PNRPsvc - ok
20:19:49.0309 5732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:19:49.0344 5732 PolicyAgent - ok
20:19:49.0351 5732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:19:49.0383 5732 Power - ok
20:19:49.0388 5732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:19:49.0418 5732 PptpMiniport - ok
20:19:49.0422 5732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:19:49.0434 5732 Processor - ok
20:19:49.0439 5732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:19:49.0453 5732 ProfSvc - ok
20:19:49.0456 5732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:19:49.0467 5732 ProtectedStorage - ok
20:19:49.0471 5732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:19:49.0502 5732 Psched - ok
20:19:49.0518 5732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:19:49.0551 5732 ql2300 - ok
20:19:49.0555 5732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:19:49.0567 5732 ql40xx - ok
20:19:49.0572 5732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:19:49.0591 5732 QWAVE - ok
20:19:49.0594 5732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:19:49.0610 5732 QWAVEdrv - ok
20:19:49.0613 5732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:19:49.0644 5732 RasAcd - ok
20:19:49.0648 5732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:19:49.0678 5732 RasAgileVpn - ok
20:19:49.0682 5732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:19:49.0715 5732 RasAuto - ok
20:19:49.0719 5732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:19:49.0749 5732 Rasl2tp - ok
20:19:49.0755 5732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:19:49.0788 5732 RasMan - ok
20:19:49.0793 5732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:19:49.0824 5732 RasPppoe - ok
20:19:49.0827 5732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:19:49.0858 5732 RasSstp - ok
20:19:49.0864 5732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:19:49.0896 5732 rdbss - ok
20:19:49.0900 5732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:19:49.0913 5732 rdpbus - ok
20:19:49.0916 5732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:19:49.0948 5732 RDPCDD - ok
20:19:49.0954 5732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:19:49.0985 5732 RDPENCDD - ok
20:19:49.0991 5732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:19:50.0021 5732 RDPREFMP - ok
20:19:50.0029 5732 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:19:50.0040 5732 RdpVideoMiniport - ok
20:19:50.0046 5732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:19:50.0060 5732 RDPWD - ok
20:19:50.0069 5732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:19:50.0081 5732 rdyboost - ok
20:19:50.0086 5732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:19:50.0119 5732 RemoteAccess - ok
20:19:50.0124 5732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:19:50.0157 5732 RemoteRegistry - ok
20:19:50.0161 5732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:19:50.0193 5732 RpcEptMapper - ok
20:19:50.0196 5732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:19:50.0208 5732 RpcLocator - ok
20:19:50.0219 5732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:19:50.0254 5732 RpcSs - ok
20:19:50.0258 5732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:19:50.0288 5732 rspndr - ok
20:19:50.0295 5732 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:19:50.0308 5732 RTHDMIAzAudService - ok
20:19:50.0319 5732 [ BD9BA262CF26EFE9A9867EBE32D12164 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:19:50.0336 5732 RTL8167 - ok
20:19:50.0340 5732 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
20:19:50.0348 5732 RtNdPt60 - ok
20:19:50.0352 5732 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
20:19:50.0361 5732 RTTEAMPT - ok
20:19:50.0364 5732 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
20:19:50.0372 5732 RTVLANPT - ok
20:19:50.0375 5732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:19:50.0386 5732 SamSs - ok
20:19:50.0389 5732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:19:50.0400 5732 sbp2port - ok
20:19:50.0406 5732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:19:50.0439 5732 SCardSvr - ok
20:19:50.0442 5732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:19:50.0472 5732 scfilter - ok
20:19:50.0484 5732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:19:50.0525 5732 Schedule - ok
20:19:50.0529 5732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:19:50.0559 5732 SCPolicySvc - ok
20:19:50.0563 5732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:19:50.0577 5732 SDRSVC - ok
20:19:50.0580 5732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:19:50.0611 5732 secdrv - ok
20:19:50.0614 5732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:19:50.0644 5732 seclogon - ok
20:19:50.0648 5732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:19:50.0683 5732 SENS - ok
20:19:50.0687 5732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:19:50.0699 5732 SensrSvc - ok
20:19:50.0702 5732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:19:50.0713 5732 Serenum - ok
20:19:50.0717 5732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:19:50.0729 5732 Serial - ok
20:19:50.0733 5732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:19:50.0744 5732 sermouse - ok
20:19:50.0753 5732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:19:50.0785 5732 SessionEnv - ok
20:19:50.0788 5732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:19:50.0802 5732 sffdisk - ok
20:19:50.0805 5732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:19:50.0819 5732 sffp_mmc - ok
20:19:50.0822 5732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:19:50.0835 5732 sffp_sd - ok
20:19:50.0838 5732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:19:50.0849 5732 sfloppy - ok
20:19:50.0856 5732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:19:50.0890 5732 SharedAccess - ok
20:19:50.0897 5732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:19:50.0931 5732 ShellHWDetection - ok
20:19:50.0935 5732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:19:50.0945 5732 SiSRaid2 - ok
20:19:50.0949 5732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:19:50.0960 5732 SiSRaid4 - ok
20:19:50.0964 5732 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:19:50.0975 5732 SkypeUpdate - ok
20:19:50.0979 5732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:19:51.0011 5732 Smb - ok
20:19:51.0017 5732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:19:51.0030 5732 SNMPTRAP - ok
20:19:51.0033 5732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:19:51.0043 5732 spldr - ok
20:19:51.0051 5732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:19:51.0068 5732 Spooler - ok
20:19:51.0098 5732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:19:51.0161 5732 sppsvc - ok
20:19:51.0166 5732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:19:51.0198 5732 sppuinotify - ok
20:19:51.0205 5732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:19:51.0221 5732 srv - ok
20:19:51.0228 5732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:19:51.0242 5732 srv2 - ok
20:19:51.0247 5732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:19:51.0259 5732 srvnet - ok
20:19:51.0264 5732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:19:51.0297 5732 SSDPSRV - ok
20:19:51.0301 5732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:19:51.0333 5732 SstpSvc - ok
20:19:51.0336 5732 Steam Client Service - ok
20:19:51.0340 5732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:19:51.0350 5732 stexstor - ok
20:19:51.0359 5732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:19:51.0382 5732 stisvc - ok
20:19:51.0385 5732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:19:51.0395 5732 swenum - ok
20:19:51.0403 5732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:19:51.0440 5732 swprv - ok
20:19:51.0457 5732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:19:51.0494 5732 SysMain - ok
20:19:51.0499 5732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:19:51.0516 5732 TabletInputService - ok
20:19:51.0523 5732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:19:51.0557 5732 TapiSrv - ok
20:19:51.0561 5732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:19:51.0593 5732 TBS - ok
20:19:51.0612 5732 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:19:51.0650 5732 Tcpip - ok
20:19:51.0669 5732 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:19:51.0703 5732 TCPIP6 - ok
20:19:51.0709 5732 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:19:51.0719 5732 tcpipreg - ok
20:19:51.0724 5732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:19:51.0735 5732 TDPIPE - ok
20:19:51.0738 5732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:19:51.0751 5732 TDTCP - ok
20:19:51.0755 5732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:19:51.0785 5732 tdx - ok
20:19:51.0788 5732 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
20:19:51.0796 5732 TEAM - ok
20:19:51.0840 5732 [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
20:19:51.0895 5732 TeamViewer8 - ok
20:19:51.0900 5732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:19:51.0911 5732 TermDD - ok
20:19:51.0920 5732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:19:51.0958 5732 TermService - ok
20:19:51.0962 5732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:19:51.0978 5732 Themes - ok
20:19:51.0982 5732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:19:52.0012 5732 THREADORDER - ok
20:19:52.0016 5732 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
20:19:52.0028 5732 TPM - ok
20:19:52.0033 5732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:19:52.0066 5732 TrkWks - ok
20:19:52.0072 5732 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
20:19:52.0084 5732 truecrypt - ok
20:19:52.0089 5732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:19:52.0120 5732 TrustedInstaller - ok
20:19:52.0125 5732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:19:52.0155 5732 tssecsrv - ok
20:19:52.0158 5732 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:19:52.0170 5732 TsUsbFlt - ok
20:19:52.0173 5732 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:19:52.0184 5732 TsUsbGD - ok
20:19:52.0188 5732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:19:52.0222 5732 tunnel - ok
20:19:52.0226 5732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:19:52.0236 5732 uagp35 - ok
20:19:52.0242 5732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:19:52.0275 5732 udfs - ok
20:19:52.0284 5732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:19:52.0297 5732 UI0Detect - ok
20:19:52.0301 5732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:19:52.0312 5732 uliagpkx - ok
20:19:52.0316 5732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:19:52.0327 5732 umbus - ok
20:19:52.0330 5732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:19:52.0344 5732 UmPass - ok
20:19:52.0354 5732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:19:52.0389 5732 upnphost - ok
20:19:52.0397 5732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:19:52.0408 5732 usbccgp - ok
20:19:52.0412 5732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:19:52.0426 5732 usbcir - ok
20:19:52.0430 5732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:19:52.0440 5732 usbehci - ok
20:19:52.0444 5732 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:19:52.0453 5732 usbfilter - ok
20:19:52.0459 5732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:19:52.0473 5732 usbhub - ok
20:19:52.0476 5732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:19:52.0487 5732 usbohci - ok
20:19:52.0490 5732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:19:52.0504 5732 usbprint - ok
20:19:52.0507 5732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:19:52.0519 5732 USBSTOR - ok
20:19:52.0522 5732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:19:52.0533 5732 usbuhci - ok
20:19:52.0537 5732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:19:52.0569 5732 UxSms - ok
20:19:52.0572 5732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:19:52.0583 5732 VaultSvc - ok
20:19:52.0587 5732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:19:52.0597 5732 vdrvroot - ok
20:19:52.0606 5732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:19:52.0641 5732 vds - ok
20:19:52.0646 5732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:19:52.0659 5732 vga - ok
20:19:52.0663 5732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:19:52.0694 5732 VgaSave - ok
20:19:52.0699 5732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:19:52.0712 5732 vhdmp - ok
20:19:52.0716 5732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:19:52.0726 5732 viaide - ok
20:19:52.0729 5732 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] VLAN C:\Windows\system32\DRIVERS\RtVLAN60.sys
20:19:52.0737 5732 VLAN - ok
20:19:52.0741 5732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:19:52.0752 5732 volmgr - ok
20:19:52.0759 5732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:19:52.0773 5732 volmgrx - ok
20:19:52.0779 5732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:19:52.0793 5732 volsnap - ok
20:19:52.0798 5732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:19:52.0810 5732 vsmraid - ok
20:19:52.0826 5732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:19:52.0871 5732 VSS - ok
20:19:52.0875 5732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:19:52.0889 5732 vwifibus - ok
20:19:52.0896 5732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:19:52.0932 5732 W32Time - ok
20:19:52.0937 5732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:19:52.0949 5732 WacomPen - ok
20:19:52.0954 5732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:19:52.0984 5732 WANARP - ok
20:19:52.0987 5732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:19:53.0016 5732 Wanarpv6 - ok
20:19:53.0032 5732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:19:53.0061 5732 wbengine - ok
20:19:53.0067 5732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:19:53.0085 5732 WbioSrvc - ok
20:19:53.0092 5732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:19:53.0112 5732 wcncsvc - ok
20:19:53.0116 5732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:19:53.0128 5732 WcsPlugInService - ok
20:19:53.0132 5732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:19:53.0142 5732 Wd - ok
20:19:53.0153 5732 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:19:53.0174 5732 Wdf01000 - ok
20:19:53.0179 5732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:19:53.0197 5732 WdiServiceHost - ok
20:19:53.0199 5732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:19:53.0216 5732 WdiSystemHost - ok
20:19:53.0222 5732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:19:53.0241 5732 WebClient - ok
20:19:53.0247 5732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:19:53.0281 5732 Wecsvc - ok
20:19:53.0285 5732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:19:53.0318 5732 wercplsupport - ok
20:19:53.0322 5732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:19:53.0355 5732 WerSvc - ok
20:19:53.0358 5732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:19:53.0389 5732 WfpLwf - ok
20:19:53.0392 5732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:19:53.0402 5732 WIMMount - ok
20:19:53.0405 5732 WinDefend - ok
20:19:53.0412 5732 WinHttpAutoProxySvc - ok
20:19:53.0420 5732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:19:53.0452 5732 Winmgmt - ok
20:19:53.0472 5732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:19:53.0526 5732 WinRM - ok
20:19:53.0542 5732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:19:53.0568 5732 Wlansvc - ok
20:19:53.0591 5732 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:19:53.0630 5732 wlidsvc - ok
20:19:53.0634 5732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:19:53.0645 5732 WmiAcpi - ok
20:19:53.0653 5732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:19:53.0666 5732 wmiApSrv - ok
20:19:53.0669 5732 WMPNetworkSvc - ok
20:19:53.0674 5732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:19:53.0686 5732 WPCSvc - ok
20:19:53.0690 5732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:19:53.0705 5732 WPDBusEnum - ok
20:19:53.0708 5732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:19:53.0738 5732 ws2ifsl - ok
20:19:53.0743 5732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:19:53.0760 5732 wscsvc - ok
20:19:53.0763 5732 WSearch - ok
20:19:53.0788 5732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:19:53.0836 5732 wuauserv - ok
20:19:53.0841 5732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:19:53.0853 5732 WudfPf - ok
20:19:53.0858 5732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:19:53.0871 5732 WUDFRd - ok
20:19:53.0876 5732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:19:53.0889 5732 wudfsvc - ok
20:19:53.0895 5732 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:19:53.0910 5732 WwanSvc - ok
20:19:53.0914 5732 ================ Scan global ===============================
20:19:53.0917 5732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:19:53.0922 5732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:19:53.0928 5732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:19:53.0933 5732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:19:53.0940 5732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:19:53.0944 5732 [Global] - ok
20:19:53.0944 5732 ================ Scan MBR ==================================
20:19:53.0946 5732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:19:54.0017 5732 \Device\Harddisk0\DR0 - ok
20:19:54.0019 5732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:19:54.0088 5732 \Device\Harddisk1\DR1 - ok
20:19:54.0088 5732 ================ Scan VBR ==================================
20:19:54.0090 5732 [ A64C1BB1B582CD8A6325971B422A80AE ] \Device\Harddisk0\DR0\Partition1
20:19:54.0091 5732 \Device\Harddisk0\DR0\Partition1 - ok
20:19:54.0093 5732 [ 04E0D0EB47F3347F259E08FC62CB3C1B ] \Device\Harddisk1\DR1\Partition1
20:19:54.0094 5732 \Device\Harddisk1\DR1\Partition1 - ok
20:19:54.0094 5732 ============================================================
20:19:54.0094 5732 Scan finished
20:19:54.0094 5732 ============================================================
20:19:54.0101 6112 Detected object count: 3
20:19:54.0101 6112 Actual detected object count: 3
20:20:10.0749 6112 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:10.0749 6112 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:10.0750 6112 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:10.0750 6112 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:10.0751 6112 JMB36X ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:10.0751 6112 JMB36X ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.06.2013, 19:24
| #6 |
| /// Malware-holic | Komischer Virus/Trojaner Hi, Scan mit Combofix
__________________ --> Komischer Virus/Trojaner |
|
05.06.2013, 19:30
| #7 |
| | Komischer Virus/Trojaner Es zeigt mir an das Kaspersky offen ist aber ich finde es nur beim Task Manager unter Dienste und da kann ich den Dienst nicht beenden und es kommt nur Zugrif verweigert. |
|
05.06.2013, 19:45
| #8 |
| /// Malware-holic | Komischer Virus/Trojaner dan klicke in combofix mal auf ok,dann sollte es weiter gehen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 19:57
| #9 |
| | Komischer Virus/TrojanerCode:
ATTFilter ComboFix 13-06-05.04 - Kevin 05.06.2013 20:48:34.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16381.13616 [GMT 2:00]
ausgeführt von:: c:\users\Kevin\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\skype\skype.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\SysWow64\frapsvid.dll
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-05 bis 2013-06-05 ))))))))))))))))))))))))))))))
.
.
2013-06-04 11:56 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C635E963-F8AA-40E9-B98D-B5B6F9E46525}\mpengine.dll
2013-06-02 15:51 . 2013-06-02 15:51 -------- d-----w- c:\users\Kevin\AppData\Roaming\OpenOffice.org
2013-06-02 15:50 . 2013-06-02 15:50 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-05-25 00:33 . 2013-05-25 00:33 -------- d-----w- c:\windows\rescache
2013-05-21 16:55 . 2013-05-21 16:55 -------- d-----w- c:\users\Kevin\AppData\Local\VirtualStore
2013-05-21 13:23 . 2013-05-21 13:23 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2013-05-21 13:23 . 2013-05-21 14:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-21 13:23 . 2013-05-21 13:23 -------- d-----w- c:\programdata\Malwarebytes
2013-05-15 17:20 . 2013-05-15 17:35 49152 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}\NewShortcut1_FD1E17BC29564AD7B937D23F06F1A5E8.exe
2013-05-08 23:35 . 2013-05-11 14:05 -------- d-----w- c:\users\Kevin\AppData\Local\Game Dev Tycoon
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-05 12:46 . 2013-01-17 12:30 25640 ----a-w- c:\windows\gdrv.sys
2013-05-31 21:00 . 2013-01-16 18:33 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-31 21:00 . 2012-09-06 12:45 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-31 21:00 . 2012-09-06 12:43 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-16 12:01 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 20:52 . 2012-09-07 12:43 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 18:04 . 2012-09-06 09:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 18:04 . 2012-09-06 09:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 17:35 . 2013-05-15 17:35 81408 ----a-w- c:\windows\apppatch\ntleam1.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-22 11:59 . 2013-01-18 17:51 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-04-22 11:59 . 2013-01-18 17:51 620128 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-22 11:59 . 2012-08-13 15:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-04-22 11:59 . 2012-06-08 10:38 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-13 05:49 . 2013-05-15 13:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:08 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-03 15:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 16:09 . 2013-04-03 16:09 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-03 16:09 . 2013-04-03 16:09 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-03 16:09 . 2013-04-03 16:09 188320 ----a-w- c:\windows\system32\java.exe
2013-04-03 16:09 . 2013-04-03 16:09 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-03 16:09 . 2012-09-14 12:37 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-03 16:09 . 2012-09-14 12:37 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-03 15:59 . 2012-09-06 11:54 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-03 15:59 . 2012-09-06 11:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-30 01:36 . 2013-03-30 01:36 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-30 01:36 . 2013-03-30 01:36 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-30 01:36 . 2013-03-30 01:36 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-30 01:36 . 2013-03-30 01:36 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-30 01:36 . 2013-03-30 01:36 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-30 01:36 . 2013-03-30 01:36 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-30 01:36 . 2013-03-30 01:36 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-30 01:36 . 2013-03-30 01:36 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-30 01:36 . 2013-03-30 01:36 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-30 01:36 . 2013-03-30 01:36 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-30 01:36 . 2013-03-30 01:36 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-30 01:36 . 2013-03-30 01:36 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-30 01:36 . 2013-03-30 01:36 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-30 01:36 . 2013-03-30 01:36 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-30 01:36 . 2013-03-30 01:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-30 01:36 . 2013-03-30 01:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-30 01:36 . 2013-03-30 01:36 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-30 01:36 . 2013-03-30 01:36 441856 ----a-w- c:\windows\system32\html.iec
2013-03-30 01:36 . 2013-03-30 01:36 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-30 01:36 . 2013-03-30 01:36 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-30 01:36 . 2013-03-30 01:36 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-30 01:36 . 2013-03-30 01:36 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-30 01:36 . 2013-03-30 01:36 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-30 01:36 . 2013-03-30 01:36 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-30 01:36 . 2013-03-30 01:36 235008 ----a-w- c:\windows\system32\url.dll
2013-03-30 01:36 . 2013-03-30 01:36 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-30 01:36 . 2013-03-30 01:36 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-30 01:36 . 2013-03-30 01:36 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-30 01:36 . 2013-03-30 01:36 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-30 01:36 . 2013-03-30 01:36 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-30 01:36 . 2013-03-30 01:36 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-30 01:36 . 2013-03-30 01:36 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-30 01:36 . 2013-03-30 01:36 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-30 01:36 . 2013-03-30 01:36 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-30 01:36 . 2013-03-30 01:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-30 01:36 . 2013-03-30 01:36 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-30 01:36 . 2013-03-30 01:36 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-30 01:36 . 2013-03-30 01:36 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-30 01:36 . 2013-03-30 01:36 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-30 01:36 . 2013-03-30 01:36 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-30 01:36 . 2013-03-30 01:36 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-30 01:36 . 2013-03-30 01:36 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-30 01:36 . 2013-03-30 01:36 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-30 01:36 . 2013-03-30 01:36 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-30 01:36 . 2013-03-30 01:36 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-30 01:36 . 2013-03-30 01:36 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-30 01:36 . 2013-03-30 01:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-30 01:36 . 2013-03-30 01:36 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-30 01:36 . 2013-03-30 01:36 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 18:21 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:21 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:21 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:21 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-18 17:58 222712 ----a-w- c:\users\Kevin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-18 17:58 222712 ----a-w- c:\users\Kevin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-18 17:58 222712 ----a-w- c:\users\Kevin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-05 3456080]
"Steam"="d:\steam\steam.exe" [2013-05-03 1635752]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-18 356376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RaidCall"="d:\program files (x86)\RaidCall\raidcall.exe" [2013-05-06 3423928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\HiPatchService.exe;d:\program files (x86)\HiPatchService.exe [x]
S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 23160482
*Deregistered* - 23160482
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-25 00:08 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 18:04]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 18:51]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-18 17:58 261624 ----a-w- c:\users\Kevin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-18 17:58 261624 ----a-w- c:\users\Kevin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-18 17:58 261624 ----a-w- c:\users\Kevin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-09 2275944]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-08 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Dateityp-Verknüpfung -------
.
exefile\shell\ntlea\command="c:\users\Kevin\Desktop\Neuer Ordner (7)\NTLEA0.92 for Win7 64bit\\NtleaGUI.exe" -shell "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Dolby Home Theater v4 - c:\program files (x86)\Dolby Home Theater v4\pcee4.exe
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Cheat Engine 6.2_is1 - c:\program files (x86)\Cheat Engine 6.2\unins000.exe
AddRemove-Deluge - c:\program files (x86)\Deluge\Deluge-uninst.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27} - c:\program files (x86)\InstallShield Installation Information\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\setup.exe
AddRemove-Notepad++ - c:\program files (x86)\Notepad++\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-Yogda - c:\program files (x86)\Yogda\uninst.exe
AddRemove-{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1 - c:\program files (x86)\Game Dev Tycoon\unins000.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
AddRemove-{DADC7AB0-E554-4705-9F6A-83EA82ED708E} - c:\program files (x86)\InstallShield Installation Information\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-05 20:55:27
ComboFix-quarantined-files.txt 2013-06-05 18:55
.
Vor Suchlauf: 4.109.488.128 Bytes frei
Nach Suchlauf: 4.596.510.720 Bytes frei
.
- - End Of File - - C662E196E33AC6912FB5EC5E715B361A
|
|
05.06.2013, 20:01
| #10 |
| /// Malware-holic | Komischer Virus/Trojaner hi, poste mal alle Malwarebytes logs mit Funden: http://www.trojaner-board.de/125889-...en-posten.html update das programm und führe außerdem einen vollständigen Scan aus, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 20:55
| #11 |
| | Komischer Virus/TrojanerCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Kevin :: KEVIN-PC [Administrator] Schutz: Aktiviert 05.06.2013 21:05:31 MBAM-log-2013-06-05 (21-53-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 537561 Laufzeit: 45 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\WOW\**********************.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. (Ende) |
|
05.06.2013, 22:10
| #12 |
| /// Malware-holic | Komischer Virus/Trojaner hi, da du die datei mit *** benannt hast, und risk.ck auf keygen hinweist, kann ich hier nur hilfe beim neu aufsetzen geben, wer solche Programme nutzt, musss sich über PC-Probleme nicht wundern. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2013, 12:41
| #13 |
| | Komischer Virus/Trojaner Ich bezweifle sehr das es an dieser Datei liegen könnte mein Problem da diese Datei schon sehr lange auf meinen Computer existiert. und ich versuche auch schon die ganze zeit windows neuzuinstallieren, aber immer wenn ich die cd einlege und auf installation klicke zeigt es mir an das C: zu wenig speicherplatz hätte und ich kann nicht mehr auf C: freimachen weil es nur 60GB hat und windows dort installiert ist. |
|
08.06.2013, 17:23
| #14 |
| /// Malware-holic | Komischer Virus/Trojaner du musst ja auch c: formatieren bevor du windows instalierst. starte die cd, gehe auf benutzerdefiniert, weiter, bis zur partitionsauswahl, erweiterte optionen, formatieren. dann windows instalieren, dann treiber updaten, pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: http://support.google.com/chrome/bin...&answer=118663 anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 14:00
| #15 |
| | Komischer Virus/Trojaner Wenn ich die Oem wiederherstellungs cd einlege und dann auf benutzerdefiniert weiter etc. zur Partitionsauswahl komme habe ich nicht die möglichkeit auf erweiterte optionen zu gehen. ein screenshot: imgur: ht tp://imgur.com/w26FKjV |
|
| Themen zu Komischer Virus/Trojaner |
| administrator, ausführen, compu, computer, datei, ellung, funktionier, funktioniert, gefunde, gemerkt, i-net, kaspersky, komischer, lösung, meldung, nichts, programme, rechtsklick, skype, sofort, starte, temporäre, versuch, versucht, würde |
WARNUNG an die MITLESER: 
Linear-Darstellung
