Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: telekom Abuse Meldung malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.09.2012, 19:10   #1
Jiimbo
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



Hallo Zusammen.
Ich habe heute einen Brief von der Telekom bekommen, dass von meinem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind.

Ich habe bisher nur ein auffälliges Problem feststellen können.
Heute Nacht bekam ich beim einloggen bei Guild wars 2 eine Aufforderung meinen Computer zu authentifizieren, da ich von einer anderen IP Adresse eingeloggt bin. Habe natürlich schon vorher von diesem PC aus gespielt und von keinem anderen.

Ein vollständiger Systemscan mit Avira ergab

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 25. September 2012  16:57

Es wird nach 4259544 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : JIIMBO
Computername   : BOOK

Versionsinformationen:
BUILD.DAT      : 12.0.0.1199    40869 Bytes  07.09.2012 22:14:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  23.08.2012 01:03:45
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL       : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17     232200 Bytes  22.08.2012 01:04:10
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 01:03:42
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 17:36:13
VBASE007.VDF   : 7.11.41.251     2048 Bytes  06.09.2012 17:36:13
VBASE008.VDF   : 7.11.41.252     2048 Bytes  06.09.2012 17:36:13
VBASE009.VDF   : 7.11.41.253     2048 Bytes  06.09.2012 17:36:13
VBASE010.VDF   : 7.11.41.254     2048 Bytes  06.09.2012 17:36:13
VBASE011.VDF   : 7.11.41.255     2048 Bytes  06.09.2012 17:36:13
VBASE012.VDF   : 7.11.42.0       2048 Bytes  06.09.2012 17:36:13
VBASE013.VDF   : 7.11.42.1       2048 Bytes  06.09.2012 17:36:13
VBASE014.VDF   : 7.11.42.65    203264 Bytes  09.09.2012 18:28:21
VBASE015.VDF   : 7.11.42.125   156672 Bytes  11.09.2012 18:28:42
VBASE016.VDF   : 7.11.42.171   187904 Bytes  12.09.2012 18:28:40
VBASE017.VDF   : 7.11.42.235   141312 Bytes  13.09.2012 18:29:15
VBASE018.VDF   : 7.11.43.35    133632 Bytes  15.09.2012 18:41:57
VBASE019.VDF   : 7.11.43.89    129024 Bytes  18.09.2012 18:41:08
VBASE020.VDF   : 7.11.43.141   130560 Bytes  19.09.2012 18:41:16
VBASE021.VDF   : 7.11.43.187   121856 Bytes  21.09.2012 01:07:15
VBASE022.VDF   : 7.11.43.251   147456 Bytes  24.09.2012 01:07:52
VBASE023.VDF   : 7.11.43.252     2048 Bytes  24.09.2012 01:07:52
VBASE024.VDF   : 7.11.43.253     2048 Bytes  24.09.2012 01:07:52
VBASE025.VDF   : 7.11.43.254     2048 Bytes  24.09.2012 01:07:52
VBASE026.VDF   : 7.11.43.255     2048 Bytes  24.09.2012 01:07:52
VBASE027.VDF   : 7.11.44.0       2048 Bytes  24.09.2012 01:07:53
VBASE028.VDF   : 7.11.44.1       2048 Bytes  24.09.2012 01:07:53
VBASE029.VDF   : 7.11.44.2       2048 Bytes  24.09.2012 01:07:53
VBASE030.VDF   : 7.11.44.3       2048 Bytes  24.09.2012 01:07:53
VBASE031.VDF   : 7.11.44.24     62464 Bytes  24.09.2012 01:07:54
Engineversion  : 8.2.10.172
AEVDF.DLL      : 8.1.2.10      102772 Bytes  22.08.2012 01:04:08
AESCRIPT.DLL   : 8.1.4.56      459131 Bytes  25.09.2012 01:08:04
AESCN.DLL      : 8.1.8.2       131444 Bytes  16.02.2012 16:11:36
AESBX.DLL      : 8.2.5.12      606578 Bytes  22.08.2012 01:04:09
AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32
AEPACK.DLL     : 8.3.0.36      811382 Bytes  14.09.2012 18:29:24
AEOFFICE.DLL   : 8.1.2.48      201082 Bytes  25.09.2012 01:08:03
AEHEUR.DLL     : 8.1.4.104    5280119 Bytes  25.09.2012 01:08:03
AEHELP.DLL     : 8.1.23.2      258422 Bytes  22.08.2012 01:04:00
AEGEN.DLL      : 8.1.5.36      434549 Bytes  25.08.2012 01:03:36
AEEXP.DLL      : 8.1.0.86       90484 Bytes  07.09.2012 18:07:33
AEEMU.DLL      : 8.1.3.2       393587 Bytes  22.08.2012 01:03:59
AECORE.DLL     : 8.1.27.4      201078 Bytes  22.08.2012 01:03:58
AEBB.DLL       : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL     : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL     : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  23.08.2012 01:03:45
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  23.08.2012 01:03:39
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  23.08.2012 01:03:39

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Dienstag, 25. September 2012  16:57

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WajamUpdater.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'pg_ctl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3315' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:'
C:\Program Files\WinRAR\rarnew.dat
  [WARNUNG]   Das Archiv ist unbekannt oder defekt
C:\Users\JIIMBO\AppData\Local\Temp\JDownloaderSetup.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen

Beginne mit der Desinfektion:
C:\Users\JIIMBO\AppData\Local\Temp\JDownloaderSetup.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56ab7893.qua' verschoben!


Ende des Suchlaufs: Dienstag, 25. September 2012  18:02
Benötigte Zeit: 54:18 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  33110 Verzeichnisse wurden überprüft
 848013 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 848012 Dateien ohne Befall
   2439 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
 498330 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         


Ich habe die Abuse-Abteilung der Telekom noch um ein paar Informationen gebeten:
Code:
ATTFilter
Sehr geehrter Herr XXX,

Über Ihren Internetzugang wurde ein "Sinkhole" kontaktiert. Das ist ein Server, der als Falle für durch Schadsoftware befallene Rechner dient, indem er einen Command&Control-Server eines Botnets simuliert. Ein Command&Control-Server ist ein Bestandteil eines Botnets, der zwischen dem eigentlichen Verbrecher und seinen "Bots" vermittelt. Unter hxxp://www.elektronik-kompendium.de/sites/net/1501041.htm finden Sie bei Interesse eine gute Erklärung der Struktur eines Botnets sowie eine schematische Darstellung.

Bei den beschwerdegegenständlichen Zugriffen handelt es sich nicht um den Versand von E-Mails. Die Steuerung der Bots erfolgt über die Ports 80 (HTTP) und 443 (HTTPS), das ist die übliche Vorgehensweise der Botnetzbetreiber, da es keine Internetzugänge gibt, bei denen diese Ports gesperrt sind. Per HTTP(S) aktualisieren sich die Bots, liefern gestohlene Login-Daten ab und holen sich ihre Aufgabenlisten ab: An DoS-Attacken teilnehmen, rechtswidrige Inhalte verbreiten, Spam versenden, usw. (Insbesondere die rechtswidrige Verbreitung von Inhalten kann ein sehr teurer "Spaß" werden, wenn plötzlich drei, vier kostenpflichtige Abmahnungen (500-800 Euro pro Abmahnung sind durchaus normal) ins Haus flattern.)

Bei anhaltenden Beschwerden setzten wir eine Port-25-Sperre für Ihren Zugang. Wir können mittels einer solchen Mailversandbeschränkung eine Schadsoftware allerdings ausschließlich daran hindern, Spam von Rechnern aus direkt an fremde Mailsysteme zuzustellen. Alles andere, wozu diese Schadsoftware entworfen sein mag, entzieht sich unserem Einfluss. Die Sperre löst daher nur unser Problem, nämlich dass unser Netzbereich wegen eines zu hohen Spam-Aufkommens von anderen Providern als bedeutsame Quelle der Spam-Plage in deren Blacklists landen, was dann allen unseren Kunden zum Nachteil gereichte.

Die Mailversandbeschränkung bestünde lediglich darin, dass der Port 25 in fremde Netze gesperrt wäre. Dieser Port ist nur für die Zustellung von Mailserver zu Mailserver erforderlich. Die für die Endnutzer vorgesehenen Postausgangsserver benötigen diesen Port nicht.

Der E-Mail-Versand über securesmtp.t-online.de und smtpmail.t-online.de wäre nicht eingeschränkt. Informationen zur Konfiguration und Nutzung Ihres t-online.de-Postfachs mit einem E-Mail-Programm finden Sie unter hxxp://hilfe.telekom.de/hsp/cms/content/HSP/de/3370/FAQ/theme-305643298

Zwecks Verwendung von Postausgangsservern anderer Anbieter trotz einer Port-25-Sperre wenden Sie sich bitte an den Support dieses Anbieters.

Die Umgehung dieser Beschränkung wäre also recht einfach. Dies darf aber aufgrund obengenannter Risiken kein Grund dafür sein, nichts zu tun. Nach Beseitigung der Ursache sollte die ggf. gesetzt Port-25-Sperre auch dann aufgehoben werden, wenn Sie dadurch nicht (mehr) behindert würden. Denn solange die Mailversandbeschränkung bestünde, erhielten Sie von unserem System keine Warnungen mehr.

Die Freischaltung erfolgte übrigens, sobald Sie uns bestätigten, das Sicherheitsproblem beseitigt zu haben. Einer speziellen Form bedarf es dabei nicht.

Nun aber zurück von dem, was passieren könnte, zu dem, was passiert ist:

Die beschwerdegegenständlichen Zugriffe fanden über die folgenden, Ihrem Zugang zugewiesenen IP-Adressen zu den angegebenen Zeitpunkten statt, die relevanten Zeitangaben aus den Beschwerden haben wir in die jeweilige deutsche Zeitzone (MESZ/MEZ) umgerechnet:

80.135.XX.XXX Sa, 22.09.2012 10:40:26 MESZ Ermahnung

(...)

Mit freundlichen Grüßen Gustav Brenner
         
Das ist schon sehr beunruhigend und da wir mehrere PCs im Haus haben möchte ich gern herausfinden ob diese Problem von meinem kommt (allerdings sehr wahrscheinlich). Ausserdem muss ich wissen ob eine Neuinstallation überhaupt wirksam bei so einem Angriff ist.

Ich wäre sehr dankbar, wenn ihr mir helfen könntet. Denn da ich keine Fehlerquelle finde bin ich so ziemlich aufgeschmissen.

Alt 25.09.2012, 19:16   #2
markusg
/// Malware-holic
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 25.09.2012, 21:12   #3
Jiimbo
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



so hier:
OTL
Code:
ATTFilter
OTL logfile created on: 25.09.2012 21:43:55 - Run 1
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 73,43% Memory free
7,72 Gb Paging File | 6,44 Gb Available in Paging File | 83,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 129,78 Gb Free Space | 66,48% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 115,37 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
 
Computer Name: BOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.25 21:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.23 03:03:43 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.06.14 17:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2010.08.15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.15 09:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.24 04:40:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.14 17:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.26 22:48:34 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.22 03:22:37 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012.08.22 02:49:23 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010.03.15 10:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.15 09:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.10 15:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.12 14:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.02 15:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 96 3D A0 00 80 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Users\***\AppData\Roaming\2YourFace\ffextension [2012.08.22 03:51:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Users\***\AppData\Roaming\2YourFace\ffextension [2012.08.22 03:51:17 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.rtl.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.rtl.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: YouTube Unblocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.2.2_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: YouTube Unblocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.2.2_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\***\AppData\Roaming\2YourFace\bho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk = C:\Users\***\AppData\Roaming\2YourFace\Updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7EF302-4763-4113-8CF1-3D90B07B7B8C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.25 21:38:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.19 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.09.19 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.09.19 12:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.09.16 04:02:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.09.15 22:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.09.15 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Guild Wars 2
[2012.09.10 00:34:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.09.05 19:35:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.09.05 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla-Cache
[2012.09.05 19:34:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Party
[2012.09.05 19:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyCasino
[2012.09.02 23:31:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MPlayer
[2012.09.02 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012.09.02 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012.09.02 23:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2012.08.29 17:17:24 | 000,000,000 | ---D | C] -- C:\Casino
[2012.08.28 17:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.08.28 17:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.08.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.08.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.08.28 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.08.27 18:45:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium
[2012.08.27 18:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\rockstar games
[2012.08.27 04:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.08.27 04:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012.08.27 02:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.08.27 02:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.08.27 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.08.26 22:48:28 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.26 22:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.26 22:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.08.26 22:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.08.26 22:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.25 21:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.25 21:32:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000UA.job
[2012.09.25 18:47:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000Core.job
[2012.09.25 17:10:01 | 001,967,092 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120925_171001.jpg
[2012.09.25 16:30:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.25 13:10:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 13:10:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 13:07:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.25 13:07:24 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.25 13:07:24 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.25 13:07:24 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.25 13:07:24 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.25 13:02:36 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.21 14:59:01 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\Guild Wars 2 Handelsposten Guide - YouTube.url
[2012.09.21 14:58:46 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\BOOGIE NIGHTS - Trailer (1997) - YouTube.url
[2012.09.21 14:58:40 | 000,000,121 | ---- | M] () -- C:\Users\***\Desktop\The Introvert Advantage- How to Thrive in an Extrovert World- Amazon.de- Marti Olsen Laney- Englische Bücher.url
[2012.09.21 14:58:37 | 000,000,111 | ---- | M] () -- C:\Users\***\Desktop\Wohnen- Übersicht.url
[2012.09.19 13:00:14 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.17 18:34:32 | 000,000,059 | ---- | M] () -- C:\Users\***\Desktop\SOUND-LOAD - Download and Listen to MP3 Music FREE.url
[2012.09.17 17:22:23 | 000,000,103 | ---- | M] () -- C:\Users\***\Desktop\Szeneseitenliste.url
[2012.09.16 14:50:10 | 000,007,597 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.09.15 22:33:24 | 000,000,639 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.14 20:54:49 | 000,285,369 | ---- | M] () -- C:\Users\***\Desktop\vRNqsvgvxk6BuomjD4yRIQ2.jpg
[2012.09.13 20:21:00 | 002,165,400 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_202059.jpg
[2012.09.13 20:20:28 | 002,314,823 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_202028.jpg
[2012.09.13 20:19:31 | 002,499,276 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_201931.jpg
[2012.09.13 20:16:06 | 002,449,690 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_201606.jpg
[2012.09.13 20:15:55 | 002,106,234 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_201555.jpg
[2012.09.11 00:25:16 | 000,061,542 | ---- | M] () -- C:\Users\***\Desktop\royal spadde.JPG
[2012.09.09 20:04:23 | 000,534,510 | ---- | M] () -- C:\Users\***\Desktop\Unbet.PNG
[2012.09.09 20:04:01 | 000,566,073 | ---- | M] () -- C:\Users\***\Desktop\Unbenannvbt.PNG
[2012.09.09 20:03:35 | 000,525,035 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.PNG
[2012.09.09 00:52:52 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.09.01 22:01:16 | 000,000,082 | ---- | M] () -- C:\Users\***\Desktop\[How to] Wärmeleitpaste richtig auftragen - ComputerBase Forum.url
[2012.09.01 22:01:05 | 000,000,156 | ---- | M] () -- C:\Users\***\Desktop\Arctic Silver 5 Wärmeleitpaste 3,5g- Amazon.de- Computer & Zubehör.url
[2012.09.01 22:01:00 | 000,000,129 | ---- | M] () -- C:\Users\***\Desktop\Nero Burning ROM v11 und v10 - BoerseBZ.url
[2012.08.29 15:51:11 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\Replace Keyboard Key Toshiba Satellite Tecra Qosmio Portege P200 P205 P300 L350 L355 L355 P500 A500 - YouTube.url
[2012.08.28 18:24:57 | 000,000,566 | ---- | M] () -- C:\Users\***\Desktop\graphics standard.xml
[2012.08.27 18:42:37 | 000,001,729 | ---- | M] () -- C:\Users\***\Desktop\PlayMaxPayne3.exe - Verknüpfung.lnk
[2012.08.27 17:48:30 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.27 05:42:12 | 000,040,532 | ---- | M] () -- C:\Users\***\Desktop\schnörkel.PNG
[2012.08.26 22:48:34 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
 
========== Files Created - No Company Name ==========
 
[2012.09.25 18:39:44 | 001,967,092 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120925_171001.jpg
[2012.09.21 14:59:01 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\Guild Wars 2 Handelsposten Guide - YouTube.url
[2012.09.21 14:58:46 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\BOOGIE NIGHTS - Trailer (1997) - YouTube.url
[2012.09.21 14:58:40 | 000,000,121 | ---- | C] () -- C:\Users\***\Desktop\The Introvert Advantage- How to Thrive in an Extrovert World- Amazon.de- Marti Olsen Laney- Englische Bücher.url
[2012.09.21 14:58:37 | 000,000,111 | ---- | C] () -- C:\Users\***\Desktop\Wohnen- Übersicht.url
[2012.09.19 13:00:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.09.19 13:00:14 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.17 18:34:32 | 000,000,059 | ---- | C] () -- C:\Users\***\Desktop\SOUND-LOAD - Download and Listen to MP3 Music FREE.url
[2012.09.17 17:22:23 | 000,000,103 | ---- | C] () -- C:\Users\***\Desktop\Szeneseitenliste.url
[2012.09.16 14:50:10 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.09.15 22:33:24 | 000,000,639 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.14 20:54:57 | 000,285,369 | ---- | C] () -- C:\Users\***\Desktop\vRNqsvgvxk6BuomjD4yRIQ2.jpg
[2012.09.13 20:22:08 | 002,499,276 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_201931.jpg
[2012.09.13 20:22:08 | 002,314,823 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_202028.jpg
[2012.09.13 20:22:08 | 002,165,400 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_202059.jpg
[2012.09.13 20:22:08 | 002,106,234 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_201555.jpg
[2012.09.13 20:22:07 | 002,449,690 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_201606.jpg
[2012.09.11 00:25:16 | 000,061,542 | ---- | C] () -- C:\Users\***\Desktop\royal spadde.JPG
[2012.09.09 20:04:23 | 000,534,510 | ---- | C] () -- C:\Users\***\Desktop\Unbet.PNG
[2012.09.09 20:04:01 | 000,566,073 | ---- | C] () -- C:\Users\***\Desktop\Unbenannvbt.PNG
[2012.09.09 20:03:35 | 000,525,035 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.PNG
[2012.09.01 22:01:16 | 000,000,082 | ---- | C] () -- C:\Users\***\Desktop\[How to] Wärmeleitpaste richtig auftragen - ComputerBase Forum.url
[2012.09.01 22:01:05 | 000,000,156 | ---- | C] () -- C:\Users\***\Desktop\Arctic Silver 5 Wärmeleitpaste 3,5g- Amazon.de- Computer & Zubehör.url
[2012.09.01 22:01:00 | 000,000,129 | ---- | C] () -- C:\Users\***\Desktop\Nero Burning ROM v11 und v10 - BoerseBZ.url
[2012.08.29 17:17:27 | 000,000,779 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroGrand Casino.lnk
[2012.08.29 15:51:11 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\Replace Keyboard Key Toshiba Satellite Tecra Qosmio Portege P200 P205 P300 L350 L355 L355 P500 A500 - YouTube.url
[2012.08.27 18:42:52 | 000,000,566 | ---- | C] () -- C:\Users\***\Desktop\graphics standard.xml
[2012.08.27 18:42:37 | 000,001,729 | ---- | C] () -- C:\Users\***\Desktop\PlayMaxPayne3.exe - Verknüpfung.lnk
[2012.08.22 03:56:25 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.22 02:51:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.22 02:50:18 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.22 03:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2YourFace
[2012.08.26 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.08.22 15:12:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data
[2012.09.25 02:56:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HoldemManager
[2012.09.05 19:34:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Party
[2012.08.22 03:50:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.08.22 02:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.22 02:46:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.29 17:17:24 | 000,000,000 | ---D | M] -- C:\Casino
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.22 02:46:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.09.09 03:09:14 | 000,000,000 | ---D | M] -- C:\HM2Archive
[2012.08.22 03:20:57 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.28 17:16:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.19 12:59:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.09.19 12:57:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.22 02:46:14 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.22 02:46:14 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.09.25 21:47:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.22 03:46:35 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.10 00:34:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,013,734 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.22 03:17:06 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000Core.job
[2012.08.22 03:17:07 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.09.25 21:47:29 | 001,310,720 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2012.09.25 21:47:29 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2012.08.22 02:46:21 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2012.08.22 02:50:57 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.22 02:50:57 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.22 02:50:57 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.22 02:46:21 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
Extras

Code:
ATTFilter
OTL Extras logfile created on: 25.09.2012 21:43:55 - Run 1
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 73,43% Memory free
7,72 Gb Paging File | 6,44 Gb Available in Paging File | 83,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 129,78 Gb Free Space | 66,48% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 115,37 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BEB7F46-E75A-460D-98FA-1569218AF96C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0D12CA43-0C4F-4294-B9B0-DEF2823D6215}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D30065B-5487-405F-AB21-B0B23E81EF14}" = rport=138 | protocol=17 | dir=out | app=system | 
"{179C0436-D055-4167-A1C7-A4CA6B9E5C26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2739F0E0-A771-4E1C-B0FE-B6E208575D41}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2F44639A-DDA4-41D2-A504-1A99A16653DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{37699994-039B-493B-82BE-534AA8C2DC66}" = lport=139 | protocol=6 | dir=in | app=system | 
"{42B65F13-6F0F-4FCB-A2C2-F455D6C51096}" = rport=139 | protocol=6 | dir=out | app=system | 
"{43A3FC5D-2A68-485E-BA08-4A1AF90B547E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49392EC2-146A-41E1-9ABC-0BE146303C5B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6DCAD057-2181-4260-8CB5-EA80C673A46A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7BD5BEC2-BDB0-4063-B273-1CC58C4F5CBD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CBA0984-2A4C-4724-BF19-B4CCE57E5036}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{82D5945A-DE22-40B0-9B3E-09F0CFBA092D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8FED1C3C-74EF-4D25-842F-047741BDC467}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{908DE928-0CB4-423D-8373-CF8A68532DAD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9141B63A-AA4A-42C6-AE57-DDD9C0C72DE1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99D17B5E-D3E5-496B-855A-22A9B8C2465D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9D0DFEBD-E664-4BAE-B040-207E6A0D4BDE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9F6A7A2C-2188-448C-9BB1-85B75FF46A2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4E0C092-2E5D-4898-BC6F-EF7649B93CDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CA9534AD-0D05-4185-8381-561FE2BDDB89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DEA88B96-20B6-42C3-8300-485D1F3586A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0785E183-F019-4ED5-88C8-219F13E29096}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\2yourface\updater.exe | 
"{09E39BC3-2173-4573-95DE-5D981DA1F7DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1220D42F-7A09-412D-B8E3-C77C79F646E1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{1A6D6F8F-E740-48FC-BEEA-5898972EFFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{226FB8B9-D029-4751-963F-ACFD6C6FDE01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{25288162-BB79-432F-AC72-9F63B768FD4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C20001A-95AC-42A4-977A-510E79755D8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2CEBECB4-F101-4050-B958-DAA564B86A74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DB1FF02-8B50-4316-B628-57EB1E4DA3AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31DC825D-B8B9-434A-8778-A9EDAA93D588}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{33DEDACC-0B3D-4B45-AF76-883A92EC0BE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{545C280B-1709-4A30-8E6A-7EEC21CF1864}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5B4DFB8A-8F8F-4B7C-90E2-AF0BCD3C1CBC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{625D1F23-0B2F-46B7-B82C-2D36D78BB780}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{674FF8A0-6CF8-4CE3-AE83-5E3183160B43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{775D576B-BDC9-4798-A4FA-FF9586D892A3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{792A80F7-EBCA-476C-AB33-9E238F875637}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{981EFF6F-01CF-47FA-B830-DADC711BC76E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{98AC78C3-CDD2-4A77-AE8B-10411F4677AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98C9D3C1-C66C-41C4-B721-9F68B017381F}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{A0B979C7-7AE8-4C3E-B8E3-8FDCAF32CDD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A2A129BE-2BE9-4BDE-B6E4-70D007D6C2B6}" = protocol=6 | dir=out | app=system | 
"{A3E2B81A-51FD-4007-B319-6C26743805D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ADD26313-7B21-452B-9D30-B8FFB564758E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{B508CF07-EF1A-4042-800B-AC435E483440}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\2yourface\updater.exe | 
"{B642E5C4-4E35-4D67-AC58-CD7E4B7631A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B81AA27E-0C2A-4101-A3F5-66FC5DBF24BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BAABD0D0-7F61-4FC4-B9BF-5FD00B6572C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C48A467E-445F-4C0D-8D3B-9C1AFB05FFA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D16F7193-9A5A-493B-8873-6FF5DDDC7329}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D24A869D-0492-4C4C-9678-3C08B5CF2522}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DA725E4C-F119-43E1-94BE-6A64CF1465B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCC057DF-8619-449B-A47B-1872DE3FF4F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FD2B083B-5579-4304-BEF3-1CEC16418724}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{32B0F3F2-BA2D-4007-BA8B-D68C1CC7F83E}D:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{5414D603-3AF4-4D61-B128-1684C331BB6B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{63452CD5-E390-4316-9981-68E03734DE11}C:\users\***\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\gw2.exe | 
"TCP Query User{A1B72176-2EAA-4C01-B73D-557090CF06CE}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | 
"TCP Query User{E17E83E7-A8A4-4FBA-A990-26B26D7C5247}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{E26A507D-54F5-4AA0-BF5B-0D65F5ED7D16}D:\program files (x86)\guild wars 2 - kopie\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2 - kopie\gw2.exe | 
"TCP Query User{E3D58AC4-DCE8-45FC-AE6C-06EB99EAE7FD}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{761719A0-A1DB-4486-8614-C8E1EB357EA3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{7F1F8539-D1BC-4020-B516-61391593C8D9}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | 
"UDP Query User{A01D2746-414A-4B5F-B945-98BE09294C3E}D:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{A116EC0E-F755-4231-9434-513DA5474FE3}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{A118E981-64FB-4B7D-816F-00D82BBF5DE8}C:\users\***\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\gw2.exe | 
"UDP Query User{E2E8ECE9-B5CB-42FB-963E-6A9CEE67490A}D:\program files (x86)\guild wars 2 - kopie\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2 - kopie\gw2.exe | 
"UDP Query User{F4095518-9B47-4905-B1B9-A6CFF046C57A}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{734BB935-6F4E-27BB-16EB-BFF2843373AD}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B5896016-3143-B94F-585D-DF75DAF1D879}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C0EFC-6D28-1740-C633-9762D8D823A1}" = Catalyst Control Center Core Implementation
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C45734A-4776-0437-2A1F-0673B270C037}" = CCC Help Finnish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{139303FD-A877-D219-DFDE-1FED7BC8E707}" = CCC Help Hungarian
"{146A78DF-CB21-913E-9E4B-F015B07D96DC}" = CCC Help Danish
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{20F91DE6-B502-3896-A66C-5B6961875EA1}" = CCC Help Russian
"{21744B1A-8222-2565-0BF4-91933F37CD32}" = Catalyst Control Center Graphics Full Existing
"{25BE0917-2374-4921-7C83-4DEDFE47E6BE}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
"{2E13E16A-5E1F-FEB8-6329-EBEEDC34B016}" = CCC Help Chinese Standard
"{3205D813-07EB-B6B5-AE8F-9472FA3AACEB}" = CCC Help Polish
"{3D4735F0-2BB9-0D3E-68EB-7444AE09A850}" = CCC Help Greek
"{41ECCDB3-5898-4EDF-2937-E5A328DF4BD3}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{522B2AFF-08BC-AAE9-C074-6072857415E7}" = CCC Help Swedish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5C4B623D-4F3A-4609-F666-DBD36BFDF8B1}" = CCC Help Korean
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65DD52E5-5BAB-26CB-66DB-0A2C27CE2242}" = CCC Help French
"{6B65AA2D-C096-34DE-22C9-F82BE3F7E492}" = CCC Help Dutch
"{719015FD-7256-F9CD-A6CF-014B3F9D75BE}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839D40C8-00B2-338C-63E6-46E9F03AE114}" = CCC Help Czech
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B2F2B38-E334-4DF1-3268-197213425B8D}" = CCC Help Chinese Traditional
"{8B3953E3-C79C-88AF-CBB7-7C9687557408}" = CCC Help German
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971CCF2C-4767-7FDA-BD9F-5C1B84FD274F}" = CCC Help Norwegian
"{9763F0A1-05D2-3B8B-69E9-863CBC2BBDC9}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7923E7-A4B7-672E-17D0-1B9C12CADA88}" = Catalyst Control Center Graphics Light
"{9BB7E2D9-E744-D21F-94D0-ED9DC47B85C3}" = CCC Help Portuguese
"{A04FB5AC-FB39-B5CE-BBB4-3E2AA569B6EC}" = CCC Help Japanese
"{A6F90342-311E-FE77-2461-5B398D395C07}" = Catalyst Control Center Graphics Previews Common
"{A794ED96-BF39-99BD-ADB4-EE899BAB1275}" = CCC Help Thai
"{A95654B2-4E5B-E98D-C3AA-34037DEBDE65}" = CCC Help Italian
"{AA891DD9-E2ED-D5FE-F303-CD8D1DD5DC4E}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B01E17BB-55FE-E2DA-7594-63201FC82A21}" = Catalyst Control Center Graphics Previews Vista
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DCE2759D-DB67-0558-6A51-C54775CEED71}" = Catalyst Control Center InstallProxy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FABC27-A955-4EDC-7732-F5BADB80F546}" = ccc-core-static
"2YourFace" = 2YourFace 1.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EuroGrand Casino" = EuroGrand Casino
"Guild Wars 2" = Guild Wars 2
"HoldemManager2" = Holdem Manager 2
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"PartyCasino" = PartyCasino
"PokerStars.eu" = PokerStars.eu
"PostgreSQL 8.4" = PostgreSQL 8.4
"PS3 Media Server" = PS3 Media Server
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 730" = Counter-Strike: Global Offensive
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.3
"Wajam" = Wajam
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.09.2012 18:29:10 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:29:30 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:30:30 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:31:40 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:32:25 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:33:30 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:34:15 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:35:00 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 24.09.2012 18:35:05 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 
 
Error - 25.09.2012 07:03:02 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 2012-09-25 13:03:02 CESTFATAL:  the database system is starting up

 
[ System Events ]
Error - 27.08.2012 13:02:43 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 27.08.2012 13:02:43 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 05.09.2012 13:48:01 | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR3 gefunden.
 
Error - 07.09.2012 19:31:56 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 10.09.2012 13:58:17 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 14.09.2012 15:04:09 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 15.09.2012 14:40:52 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 16.09.2012 08:44:28 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 21.09.2012 04:54:12 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 22.09.2012 19:43:47 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         
__________________

Alt 25.09.2012, 21:31   #4
markusg
/// Malware-holic
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.09.2012, 22:01   #5
Jiimbo
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



Code:
ATTFilter
ComboFix 12-09-24.03 - *** 25.09.2012  22:42:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3955.2750 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\2YourFace
c:\users\***\AppData\Roaming\2YourFace\2YourFace.crx
c:\users\***\AppData\Roaming\2YourFace\bho.dll
c:\users\***\AppData\Roaming\2YourFace\FF8Installer.exe
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome.manifest
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\content\ff-overlay.js
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\content\ff-overlay.xul
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\content\overlay.js
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\locale\en-US\overlay.dtd
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\locale\en-US\overlay.properties
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\skin\overlay.css
c:\users\***\AppData\Roaming\2YourFace\ffextension\defaults\preferences\prefs.js
c:\users\***\AppData\Roaming\2YourFace\ffextension\install.rdf
c:\users\***\AppData\Roaming\2YourFace\uninst.exe
c:\users\***\AppData\Roaming\2YourFace\Updater.exe
c:\users\***\AppData\Roaming\2YourFace\version.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-25 bis 2012-09-25  ))))))))))))))))))))))))))))))
.
.
2012-09-25 20:46 . 2012-09-25 20:46	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-09-25 20:46 . 2012-09-25 20:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-19 10:59 . 2012-09-19 11:00	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-09-16 02:02 . 2012-09-16 02:02	--------	d-----w-	c:\users\***\AppData\Local\ElevatedDiagnostics
2012-09-09 22:34 . 2012-09-09 22:34	--------	d-----w-	c:\windows\Sun
2012-09-05 17:34 . 2012-09-05 17:34	--------	d-----w-	c:\users\***\AppData\Roaming\Mozilla-Cache
2012-09-05 17:34 . 2012-09-05 17:34	--------	d-----w-	c:\users\***\AppData\Roaming\Party
2012-09-02 21:31 . 2012-09-02 21:31	--------	d-----w-	c:\users\***\AppData\Local\MPlayer
2012-09-02 21:29 . 2012-09-02 21:31	--------	d-----w-	c:\programdata\PMS
2012-09-02 21:29 . 2012-09-04 21:26	--------	d-----w-	c:\program files (x86)\PS3 Media Server
2012-08-29 15:17 . 2012-08-29 15:17	--------	d-----w-	C:\Casino
2012-08-28 15:18 . 2012-08-28 15:18	--------	d-----w-	c:\programdata\ATI
2012-08-28 15:16 . 2012-08-28 15:16	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-08-28 15:16 . 2012-08-28 15:16	--------	d-----w-	c:\program files\ATI
2012-08-28 15:15 . 2012-08-28 15:17	--------	d-----w-	c:\program files\ATI Technologies
2012-08-27 16:45 . 2012-08-27 16:45	--------	d-----w-	c:\users\***\AppData\Local\Chromium
2012-08-27 02:31 . 2012-08-27 02:31	--------	d-----w-	c:\programdata\Rockstar Games
2012-08-27 00:12 . 2012-08-27 02:56	--------	d-----w-	c:\program files (x86)\Rockstar Games
2012-08-27 00:06 . 2012-08-27 00:06	--------	d-----w-	c:\program files\7-Zip
2012-08-26 20:48 . 2012-08-26 20:48	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-26 20:48 . 2012-08-26 20:49	--------	d-----w-	c:\users\***\AppData\Roaming\DAEMON Tools Lite
2012-08-26 20:48 . 2012-08-26 20:48	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 10:15 . 2012-08-22 10:15	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-22 10:14 . 2012-08-22 10:15	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-08-22 10:14 . 2012-08-22 10:15	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-22 02:00 . 2012-08-22 02:00	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-08-22 02:00 . 2012-08-22 02:00	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2012-08-22 02:00 . 2012-08-22 02:00	470016	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2012-08-22 02:00 . 2012-08-22 02:00	283648	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2012-08-22 02:00 . 2012-08-22 02:00	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2012-08-22 02:00 . 2012-08-22 02:00	229888	----a-w-	c:\windows\system32\XpsRasterService.dll
2012-08-22 02:00 . 2012-08-22 02:00	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2012-08-22 02:00 . 2012-08-22 02:00	1863680	----a-w-	c:\windows\system32\ExplorerFrame.dll
2012-08-22 02:00 . 2012-08-22 02:00	1619456	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2012-08-22 02:00 . 2012-08-22 02:00	1495040	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2012-08-22 02:00 . 2012-08-22 02:00	144384	----a-w-	c:\windows\system32\cdd.dll
2012-08-22 02:00 . 2012-08-22 02:00	135168	----a-w-	c:\windows\SysWow64\XpsRasterService.dll
2012-08-22 02:00 . 2012-08-22 02:00	1133568	----a-w-	c:\windows\system32\FntCache.dll
2012-08-22 02:00 . 2012-08-22 02:00	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2012-08-22 02:00 . 2012-08-22 02:00	4068864	----a-w-	c:\windows\system32\mf.dll
2012-08-22 02:00 . 2012-08-22 02:00	3181568	----a-w-	c:\windows\SysWow64\mf.dll
2012-08-22 02:00 . 2012-08-22 02:00	257024	----a-w-	c:\windows\system32\mfreadwrite.dll
2012-08-22 02:00 . 2012-08-22 02:00	206848	----a-w-	c:\windows\system32\mfps.dll
2012-08-22 02:00 . 2012-08-22 02:00	196608	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2012-08-22 01:22 . 2012-08-22 01:22	20592	----a-w-	c:\windows\system32\drivers\CeKbFilter.sys
2012-08-22 00:56 . 2012-08-22 00:56	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 00:56 . 2012-08-22 00:56	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 00:49 . 2012-08-22 00:49	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2012-08-22 00:49 . 2012-08-22 00:49	95472	----a-w-	c:\windows\system32\bcmwlcoi.dll
2012-08-22 00:49 . 2012-08-22 00:49	3891200	----a-w-	c:\windows\system32\bcmihvsrv64.dll
2012-08-22 00:49 . 2012-08-22 00:49	3555840	----a-w-	c:\windows\system32\bcmihvui64.dll
2012-08-22 00:49 . 2012-08-22 00:49	3058168	----a-w-	c:\windows\system32\drivers\BCMWL664.SYS
2012-06-30 06:46 . 2012-08-22 01:50	95744	----a-w-	c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-23 348664]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2YourFace_Updater.lnk - c:\users\***\AppData\Roaming\2YourFace\Updater.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2012-8-22 91464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-08-22 20592]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-26 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 01:17]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-2YourFace - c:\users\***\AppData\Roaming\2YourFace\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-25  22:48:19
ComboFix-quarantined-files.txt  2012-09-25 20:48
.
Vor Suchlauf: 9 Verzeichnis(se), 139.167.318.016 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 141.156.610.048 Bytes frei
.
- - End Of File - - 188C7DCC447BF80245849431C1F2F557
         


Alt 25.09.2012, 22:05   #6
markusg
/// Malware-holic
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



frage. ist das der einzige pc im haus?
2. öffne avira, verwaltung, quarantäne, poste funde mit pfadangabe
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> telekom Abuse Meldung malware

Alt 25.09.2012, 22:24   #7
Jiimbo
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



Nein wir haben noch 2 andere im Haus. Bei mir ists nur am wahrscheinlichsten, dass ich mir da was eingefangen hab.

Quarantäne:
Code:
ATTFilter
Typ:	Datei
Quelle:	C:\Users\***\AppData\Local\Temp\JDownloaderSetup.exe
Status:	Infiziert
Quarantäne-Objekt:	56ab7893.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.172
Virendefinitionsdatei:	7.11.44.24
Meldung:	ADWARE/InstallCore.Gen
Datum/Uhrzeit:	25.09.2012, 18:02
         
TDSSkiller log


Code:
ATTFilter
23:17:49.0889 2308  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:17:50.0324 2308  ============================================================
23:17:50.0324 2308  Current date / time: 2012/09/25 23:17:50.0324
23:17:50.0324 2308  SystemInfo:
23:17:50.0324 2308  
23:17:50.0324 2308  OS Version: 6.1.7600 ServicePack: 0.0
23:17:50.0324 2308  Product type: Workstation
23:17:50.0324 2308  ComputerName: ***
23:17:50.0324 2308  UserName: ***
23:17:50.0324 2308  Windows directory: C:\Windows
23:17:50.0324 2308  System windows directory: C:\Windows
23:17:50.0324 2308  Running under WOW64
23:17:50.0325 2308  Processor architecture: Intel x64
23:17:50.0325 2308  Number of processors: 4
23:17:50.0325 2308  Page size: 0x1000
23:17:50.0325 2308  Boot type: Normal boot
23:17:50.0325 2308  ============================================================
23:17:51.0289 2308  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:51.0301 2308  ============================================================
23:17:51.0301 2308  \Device\Harddisk0\DR0:
23:17:51.0302 2308  MBR partitions:
23:17:51.0302 2308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:17:51.0302 2308  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866E000
23:17:51.0302 2308  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x21CE5000
23:17:51.0302 2308  ============================================================
23:17:51.0328 2308  C: <-> \Device\Harddisk0\DR0\Partition2
23:17:51.0376 2308  D: <-> \Device\Harddisk0\DR0\Partition3
23:17:51.0376 2308  ============================================================
23:17:51.0376 2308  Initialize success
23:17:51.0376 2308  ============================================================
23:19:02.0989 5356  ============================================================
23:19:02.0989 5356  Scan started
23:19:02.0989 5356  Mode: Manual; SigCheck; 
23:19:02.0989 5356  ============================================================
23:19:04.0050 5356  ================ Scan system memory ========================
23:19:04.0050 5356  System memory - ok
23:19:04.0050 5356  ================ Scan services =============================
23:19:04.0206 5356  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:19:04.0268 5356  1394ohci - ok
23:19:04.0315 5356  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:19:04.0315 5356  ACPI - ok
23:19:04.0346 5356  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:19:04.0393 5356  AcpiPmi - ok
23:19:04.0502 5356  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:19:04.0502 5356  AdobeARMservice - ok
23:19:04.0564 5356  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:19:04.0580 5356  adp94xx - ok
23:19:04.0611 5356  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:19:04.0627 5356  adpahci - ok
23:19:04.0658 5356  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:19:04.0658 5356  adpu320 - ok
23:19:04.0689 5356  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:19:04.0736 5356  AeLookupSvc - ok
23:19:04.0798 5356  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
23:19:04.0830 5356  AFD - ok
23:19:04.0876 5356  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:19:04.0892 5356  agp440 - ok
23:19:04.0923 5356  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:19:04.0954 5356  ALG - ok
23:19:04.0970 5356  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:19:04.0986 5356  aliide - ok
23:19:05.0048 5356  [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:19:05.0110 5356  AMD External Events Utility - ok
23:19:05.0142 5356  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:19:05.0142 5356  amdide - ok
23:19:05.0173 5356  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:19:05.0188 5356  AmdK8 - ok
23:19:05.0344 5356  [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
23:19:05.0422 5356  amdkmdag - ok
23:19:05.0454 5356  [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:19:05.0469 5356  amdkmdap - ok
23:19:05.0500 5356  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:19:05.0516 5356  AmdPPM - ok
23:19:05.0547 5356  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
23:19:05.0563 5356  amdsata - ok
23:19:05.0578 5356  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:19:05.0594 5356  amdsbs - ok
23:19:05.0625 5356  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
23:19:05.0625 5356  amdxata - ok
23:19:05.0688 5356  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:19:05.0703 5356  AntiVirSchedulerService - ok
23:19:05.0719 5356  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:19:05.0719 5356  AntiVirService - ok
23:19:05.0766 5356  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
23:19:05.0812 5356  AppID - ok
23:19:05.0828 5356  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:19:05.0875 5356  AppIDSvc - ok
23:19:05.0922 5356  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
23:19:05.0953 5356  Appinfo - ok
23:19:06.0000 5356  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:19:06.0000 5356  arc - ok
23:19:06.0015 5356  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:19:06.0031 5356  arcsas - ok
23:19:06.0109 5356  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:19:06.0109 5356  aspnet_state - ok
23:19:06.0140 5356  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:06.0171 5356  AsyncMac - ok
23:19:06.0202 5356  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:19:06.0218 5356  atapi - ok
23:19:06.0265 5356  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:19:06.0327 5356  AudioEndpointBuilder - ok
23:19:06.0327 5356  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:19:06.0374 5356  AudioSrv - ok
23:19:06.0390 5356  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:19:06.0405 5356  avgntflt - ok
23:19:06.0436 5356  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:19:06.0452 5356  avipbb - ok
23:19:06.0468 5356  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:19:06.0468 5356  avkmgr - ok
23:19:06.0499 5356  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:19:06.0717 5356  AxInstSV - ok
23:19:06.0764 5356  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:19:06.0795 5356  b06bdrv - ok
23:19:06.0842 5356  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:06.0873 5356  b57nd60a - ok
23:19:06.0967 5356  [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
23:19:07.0014 5356  BCM43XX - ok
23:19:07.0060 5356  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:19:07.0076 5356  BDESVC - ok
23:19:07.0123 5356  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:19:07.0154 5356  Beep - ok
23:19:07.0216 5356  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
23:19:07.0248 5356  BFE - ok
23:19:07.0294 5356  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
23:19:07.0326 5356  BITS - ok
23:19:07.0357 5356  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:07.0357 5356  blbdrive - ok
23:19:07.0404 5356  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:19:07.0435 5356  bowser - ok
23:19:07.0466 5356  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:19:07.0482 5356  BrFiltLo - ok
23:19:07.0482 5356  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:19:07.0497 5356  BrFiltUp - ok
23:19:07.0513 5356  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:19:07.0544 5356  BridgeMP - ok
23:19:07.0575 5356  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
23:19:07.0606 5356  Browser - ok
23:19:07.0638 5356  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:19:07.0653 5356  Brserid - ok
23:19:07.0669 5356  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:07.0684 5356  BrSerWdm - ok
23:19:07.0716 5356  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:07.0731 5356  BrUsbMdm - ok
23:19:07.0747 5356  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:07.0778 5356  BrUsbSer - ok
23:19:07.0825 5356  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
23:19:07.0856 5356  BthEnum - ok
23:19:07.0872 5356  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:19:07.0903 5356  BTHMODEM - ok
23:19:07.0950 5356  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:19:07.0965 5356  BthPan - ok
23:19:08.0012 5356  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:19:08.0059 5356  BTHPORT - ok
23:19:08.0090 5356  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:19:08.0137 5356  bthserv - ok
23:19:08.0152 5356  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:19:08.0168 5356  BTHUSB - ok
23:19:08.0215 5356  catchme - ok
23:19:08.0246 5356  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:19:08.0277 5356  cdfs - ok
23:19:08.0324 5356  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:19:08.0340 5356  cdrom - ok
23:19:08.0386 5356  [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
23:19:08.0386 5356  CeKbFilter - ok
23:19:08.0433 5356  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:19:08.0480 5356  CertPropSvc - ok
23:19:08.0496 5356  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:19:08.0527 5356  circlass - ok
23:19:08.0558 5356  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:19:08.0574 5356  CLFS - ok
23:19:08.0636 5356  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:08.0652 5356  clr_optimization_v2.0.50727_32 - ok
23:19:08.0683 5356  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:08.0683 5356  clr_optimization_v2.0.50727_64 - ok
23:19:08.0761 5356  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:08.0761 5356  clr_optimization_v4.0.30319_32 - ok
23:19:08.0808 5356  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:08.0808 5356  clr_optimization_v4.0.30319_64 - ok
23:19:08.0854 5356  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:19:08.0870 5356  CmBatt - ok
23:19:08.0886 5356  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:19:08.0901 5356  cmdide - ok
23:19:08.0932 5356  [ 937BEB186A735ACA91D717044A49D17E ] CNG             C:\Windows\system32\Drivers\cng.sys
23:19:08.0979 5356  CNG - ok
23:19:09.0010 5356  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:19:09.0026 5356  Compbatt - ok
23:19:09.0057 5356  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:19:09.0088 5356  CompositeBus - ok
23:19:09.0104 5356  COMSysApp - ok
23:19:09.0135 5356  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:19:09.0151 5356  crcdisk - ok
23:19:09.0198 5356  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:19:09.0229 5356  CryptSvc - ok
23:19:09.0276 5356  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:19:09.0322 5356  DcomLaunch - ok
23:19:09.0338 5356  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:19:09.0400 5356  defragsvc - ok
23:19:09.0432 5356  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:19:09.0447 5356  DfsC - ok
23:19:09.0494 5356  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:19:09.0541 5356  Dhcp - ok
23:19:09.0572 5356  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:19:09.0619 5356  discache - ok
23:19:09.0650 5356  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:19:09.0666 5356  Disk - ok
23:19:09.0697 5356  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:19:09.0712 5356  Dnscache - ok
23:19:09.0744 5356  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
23:19:09.0790 5356  dot3svc - ok
23:19:09.0806 5356  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
23:19:09.0868 5356  DPS - ok
23:19:09.0900 5356  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:19:09.0915 5356  drmkaud - ok
23:19:09.0962 5356  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:19:09.0962 5356  dtsoftbus01 - ok
23:19:10.0009 5356  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:19:10.0024 5356  DXGKrnl - ok
23:19:10.0056 5356  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:19:10.0102 5356  EapHost - ok
23:19:10.0180 5356  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:19:10.0243 5356  ebdrv - ok
23:19:10.0258 5356  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
23:19:10.0274 5356  EFS - ok
23:19:10.0336 5356  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:19:10.0368 5356  ehRecvr - ok
23:19:10.0414 5356  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:19:10.0430 5356  ehSched - ok
23:19:10.0477 5356  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:19:10.0492 5356  elxstor - ok
23:19:10.0508 5356  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:19:10.0524 5356  ErrDev - ok
23:19:10.0586 5356  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:19:10.0617 5356  EventSystem - ok
23:19:10.0648 5356  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:19:10.0695 5356  exfat - ok
23:19:10.0711 5356  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:19:10.0758 5356  fastfat - ok
23:19:10.0804 5356  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
23:19:10.0836 5356  Fax - ok
23:19:10.0851 5356  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:19:10.0882 5356  fdc - ok
23:19:10.0929 5356  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:19:10.0960 5356  fdPHost - ok
23:19:10.0976 5356  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:19:11.0007 5356  FDResPub - ok
23:19:11.0023 5356  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:19:11.0038 5356  FileInfo - ok
23:19:11.0054 5356  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:19:11.0101 5356  Filetrace - ok
23:19:11.0132 5356  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:11.0132 5356  flpydisk - ok
23:19:11.0179 5356  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:19:11.0194 5356  FltMgr - ok
23:19:11.0241 5356  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
23:19:11.0288 5356  FontCache - ok
23:19:11.0350 5356  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:11.0350 5356  FontCache3.0.0.0 - ok
23:19:11.0382 5356  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:19:11.0382 5356  FsDepends - ok
23:19:11.0428 5356  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:19:11.0428 5356  Fs_Rec - ok
23:19:11.0460 5356  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:19:11.0475 5356  fvevol - ok
23:19:11.0491 5356  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:19:11.0506 5356  gagp30kx - ok
23:19:11.0553 5356  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
23:19:11.0584 5356  gpsvc - ok
23:19:11.0616 5356  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:19:11.0647 5356  hcw85cir - ok
23:19:11.0678 5356  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:19:11.0694 5356  HdAudAddService - ok
23:19:11.0834 5356  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:11.0865 5356  HDAudBus - ok
23:19:11.0896 5356  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:11.0896 5356  HECIx64 - ok
23:19:11.0912 5356  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:19:11.0928 5356  HidBatt - ok
23:19:11.0943 5356  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:19:11.0959 5356  HidBth - ok
23:19:11.0974 5356  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:19:11.0974 5356  HidIr - ok
23:19:12.0006 5356  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
23:19:12.0052 5356  hidserv - ok
23:19:12.0084 5356  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:19:12.0099 5356  HidUsb - ok
23:19:12.0146 5356  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:19:12.0177 5356  hkmsvc - ok
23:19:12.0208 5356  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:19:12.0240 5356  HomeGroupListener - ok
23:19:12.0271 5356  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:19:12.0302 5356  HomeGroupProvider - ok
23:19:12.0333 5356  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:19:12.0349 5356  HpSAMD - ok
23:19:12.0380 5356  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:19:12.0427 5356  HTTP - ok
23:19:12.0442 5356  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:19:12.0458 5356  hwpolicy - ok
23:19:12.0474 5356  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:12.0474 5356  i8042prt - ok
23:19:12.0489 5356  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
23:19:12.0505 5356  iaStorV - ok
23:19:12.0567 5356  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:12.0583 5356  idsvc - ok
23:19:12.0614 5356  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:19:12.0614 5356  iirsp - ok
23:19:12.0661 5356  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:19:12.0723 5356  IKEEXT - ok
23:19:12.0754 5356  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:19:12.0786 5356  Impcd - ok
23:19:12.0864 5356  [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:19:12.0895 5356  IntcAzAudAddService - ok
23:19:12.0926 5356  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:19:12.0942 5356  intelide - ok
23:19:12.0957 5356  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:19:12.0988 5356  intelppm - ok
23:19:13.0020 5356  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:19:13.0066 5356  IPBusEnum - ok
23:19:13.0098 5356  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:13.0129 5356  IpFilterDriver - ok
23:19:13.0176 5356  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:19:13.0222 5356  iphlpsvc - ok
23:19:13.0238 5356  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:19:13.0238 5356  IPMIDRV - ok
23:19:13.0254 5356  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:19:13.0285 5356  IPNAT - ok
23:19:13.0332 5356  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:19:13.0332 5356  IRENUM - ok
23:19:13.0363 5356  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:19:13.0378 5356  isapnp - ok
23:19:13.0394 5356  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:19:13.0410 5356  iScsiPrt - ok
23:19:13.0441 5356  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:13.0441 5356  kbdclass - ok
23:19:13.0488 5356  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:13.0503 5356  kbdhid - ok
23:19:13.0519 5356  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
23:19:13.0519 5356  KeyIso - ok
23:19:13.0550 5356  [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:19:13.0566 5356  KSecDD - ok
23:19:13.0581 5356  [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:19:13.0597 5356  KSecPkg - ok
23:19:13.0628 5356  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:19:13.0675 5356  ksthunk - ok
23:19:13.0706 5356  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:19:13.0753 5356  KtmRm - ok
23:19:13.0800 5356  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:19:13.0846 5356  LanmanServer - ok
23:19:13.0862 5356  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:13.0909 5356  LanmanWorkstation - ok
23:19:13.0971 5356  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:19:14.0002 5356  lltdio - ok
23:19:14.0018 5356  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:19:14.0065 5356  lltdsvc - ok
23:19:14.0080 5356  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:19:14.0112 5356  lmhosts - ok
23:19:14.0190 5356  [ 23DE5B62B0445A6F874BE633C95B483E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:14.0205 5356  LMS - ok
23:19:14.0252 5356  [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
23:19:14.0268 5356  LPCFilter - ok
23:19:14.0283 5356  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:14.0299 5356  LSI_FC - ok
23:19:14.0299 5356  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:14.0314 5356  LSI_SAS - ok
23:19:14.0330 5356  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:14.0346 5356  LSI_SAS2 - ok
23:19:14.0377 5356  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:14.0377 5356  LSI_SCSI - ok
23:19:14.0392 5356  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:19:14.0439 5356  luafv - ok
23:19:14.0470 5356  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:19:14.0486 5356  Mcx2Svc - ok
23:19:14.0502 5356  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:19:14.0517 5356  megasas - ok
23:19:14.0548 5356  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:14.0564 5356  MegaSR - ok
23:19:14.0580 5356  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:19:14.0626 5356  MMCSS - ok
23:19:14.0642 5356  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:19:14.0689 5356  Modem - ok
23:19:14.0720 5356  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:19:14.0751 5356  monitor - ok
23:19:14.0798 5356  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:19:14.0814 5356  mouclass - ok
23:19:14.0829 5356  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:19:14.0845 5356  mouhid - ok
23:19:14.0860 5356  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:19:14.0876 5356  mountmgr - ok
23:19:14.0892 5356  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:19:14.0907 5356  mpio - ok
23:19:14.0938 5356  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:19:14.0970 5356  mpsdrv - ok
23:19:15.0016 5356  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:19:15.0079 5356  MpsSvc - ok
23:19:15.0094 5356  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:19:15.0126 5356  MRxDAV - ok
23:19:15.0141 5356  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:15.0157 5356  mrxsmb - ok
23:19:15.0188 5356  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:15.0219 5356  mrxsmb10 - ok
23:19:15.0235 5356  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:15.0266 5356  mrxsmb20 - ok
23:19:15.0282 5356  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:19:15.0297 5356  msahci - ok
23:19:15.0313 5356  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:19:15.0328 5356  msdsm - ok
23:19:15.0344 5356  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:19:15.0375 5356  MSDTC - ok
23:19:15.0422 5356  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:19:15.0453 5356  Msfs - ok
23:19:15.0453 5356  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:19:15.0500 5356  mshidkmdf - ok
23:19:15.0516 5356  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:19:15.0516 5356  msisadrv - ok
23:19:15.0547 5356  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:19:15.0594 5356  MSiSCSI - ok
23:19:15.0594 5356  msiserver - ok
23:19:15.0640 5356  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:19:15.0672 5356  MSKSSRV - ok
23:19:15.0703 5356  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:15.0734 5356  MSPCLOCK - ok
23:19:15.0765 5356  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:19:15.0812 5356  MSPQM - ok
23:19:15.0828 5356  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:19:15.0843 5356  MsRPC - ok
23:19:15.0859 5356  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:15.0874 5356  mssmbios - ok
23:19:15.0890 5356  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:19:15.0921 5356  MSTEE - ok
23:19:15.0952 5356  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:19:15.0968 5356  MTConfig - ok
23:19:15.0999 5356  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:19:16.0015 5356  Mup - ok
23:19:16.0030 5356  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
23:19:16.0077 5356  napagent - ok
23:19:16.0124 5356  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:19:16.0155 5356  NativeWifiP - ok
23:19:16.0202 5356  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:19:16.0218 5356  NDIS - ok
23:19:16.0233 5356  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:16.0280 5356  NdisCap - ok
23:19:16.0311 5356  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:16.0374 5356  NdisTapi - ok
23:19:16.0389 5356  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:16.0420 5356  Ndisuio - ok
23:19:16.0452 5356  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:16.0483 5356  NdisWan - ok
23:19:16.0498 5356  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:19:16.0530 5356  NDProxy - ok
23:19:16.0545 5356  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:19:16.0592 5356  NetBIOS - ok
23:19:16.0623 5356  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:19:16.0654 5356  NetBT - ok
23:19:16.0670 5356  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
23:19:16.0670 5356  Netlogon - ok
23:19:16.0717 5356  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:19:16.0748 5356  Netman - ok
23:19:16.0779 5356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0795 5356  NetMsmqActivator - ok
23:19:16.0810 5356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0810 5356  NetPipeActivator - ok
23:19:16.0842 5356  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:19:16.0935 5356  netprofm - ok
23:19:16.0951 5356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0966 5356  NetTcpActivator - ok
23:19:16.0966 5356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0982 5356  NetTcpPortSharing - ok
23:19:17.0013 5356  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:19:17.0029 5356  nfrd960 - ok
23:19:17.0060 5356  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:19:17.0122 5356  NlaSvc - ok
23:19:17.0138 5356  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:19:17.0169 5356  Npfs - ok
23:19:17.0200 5356  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:19:17.0232 5356  nsi - ok
23:19:17.0263 5356  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:19:17.0294 5356  nsiproxy - ok
23:19:17.0341 5356  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:19:17.0372 5356  Ntfs - ok
23:19:17.0403 5356  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:19:17.0450 5356  Null - ok
23:19:17.0466 5356  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:19:17.0481 5356  nvraid - ok
23:19:17.0497 5356  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:19:17.0497 5356  nvstor - ok
23:19:17.0528 5356  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:19:17.0528 5356  nv_agp - ok
23:19:17.0559 5356  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:19:17.0559 5356  ohci1394 - ok
23:19:17.0590 5356  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:19:17.0637 5356  p2pimsvc - ok
23:19:17.0653 5356  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:19:17.0668 5356  p2psvc - ok
23:19:17.0700 5356  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:19:17.0700 5356  Parport - ok
23:19:17.0731 5356  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:19:17.0746 5356  partmgr - ok
23:19:17.0778 5356  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:19:17.0793 5356  PcaSvc - ok
23:19:17.0824 5356  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:19:17.0840 5356  pci - ok
23:19:17.0856 5356  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:19:17.0856 5356  pciide - ok
23:19:17.0871 5356  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:19:17.0887 5356  pcmcia - ok
23:19:17.0918 5356  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:19:17.0918 5356  pcw - ok
23:19:17.0934 5356  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:19:17.0996 5356  PEAUTH - ok
23:19:18.0074 5356  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:19:18.0090 5356  PerfHost - ok
23:19:18.0136 5356  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
23:19:18.0136 5356  PGEffect - ok
23:19:18.0183 5356  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
23:19:18.0261 5356  pla - ok
23:19:18.0292 5356  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:19:18.0339 5356  PlugPlay - ok
23:19:18.0370 5356  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:19:18.0386 5356  PNRPAutoReg - ok
23:19:18.0417 5356  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:19:18.0433 5356  PNRPsvc - ok
23:19:18.0464 5356  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:19:18.0511 5356  PolicyAgent - ok
23:19:18.0558 5356  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:19:18.0589 5356  Power - ok
23:19:18.0636 5356  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:19:18.0682 5356  PptpMiniport - ok
23:19:18.0698 5356  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:19:18.0698 5356  Processor - ok
23:19:18.0745 5356  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
23:19:18.0792 5356  ProfSvc - ok
23:19:18.0807 5356  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:19:18.0823 5356  ProtectedStorage - ok
23:19:18.0838 5356  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:19:18.0885 5356  Psched - ok
23:19:18.0932 5356  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:19:18.0963 5356  ql2300 - ok
23:19:18.0994 5356  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:19:18.0994 5356  ql40xx - ok
23:19:19.0026 5356  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:19:19.0041 5356  QWAVE - ok
23:19:19.0057 5356  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:19:19.0072 5356  QWAVEdrv - ok
23:19:19.0088 5356  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:19:19.0135 5356  RasAcd - ok
23:19:19.0182 5356  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:19.0213 5356  RasAgileVpn - ok
23:19:19.0228 5356  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:19:19.0291 5356  RasAuto - ok
23:19:19.0322 5356  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:19.0384 5356  Rasl2tp - ok
23:19:19.0416 5356  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
23:19:19.0447 5356  RasMan - ok
23:19:19.0478 5356  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:19.0525 5356  RasPppoe - ok
23:19:19.0540 5356  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:19:19.0572 5356  RasSstp - ok
23:19:19.0603 5356  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:19:19.0650 5356  rdbss - ok
23:19:19.0665 5356  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:19:19.0681 5356  rdpbus - ok
23:19:19.0696 5356  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:19.0728 5356  RDPCDD - ok
23:19:19.0759 5356  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:19:19.0790 5356  RDPENCDD - ok
23:19:19.0806 5356  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:19:19.0837 5356  RDPREFMP - ok
23:19:19.0868 5356  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:19:19.0915 5356  RDPWD - ok
23:19:19.0946 5356  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:19:19.0946 5356  rdyboost - ok
23:19:19.0977 5356  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:19:20.0040 5356  RemoteAccess - ok
23:19:20.0055 5356  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:19:20.0102 5356  RemoteRegistry - ok
23:19:20.0133 5356  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:19:20.0164 5356  RFCOMM - ok
23:19:20.0196 5356  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:19:20.0242 5356  RpcEptMapper - ok
23:19:20.0274 5356  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:19:20.0274 5356  RpcLocator - ok
23:19:20.0320 5356  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
23:19:20.0367 5356  RpcSs - ok
23:19:20.0398 5356  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:19:20.0445 5356  rspndr - ok
23:19:20.0476 5356  [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
23:19:20.0492 5356  RTHDMIAzAudService - ok
23:19:20.0539 5356  [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:19:20.0539 5356  RTL8167 - ok
23:19:20.0554 5356  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
23:19:20.0570 5356  SamSs - ok
23:19:20.0586 5356  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:19:20.0601 5356  sbp2port - ok
23:19:20.0617 5356  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:19:20.0664 5356  SCardSvr - ok
23:19:20.0679 5356  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:19:20.0742 5356  scfilter - ok
23:19:20.0773 5356  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
23:19:20.0804 5356  Schedule - ok
23:19:20.0835 5356  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:19:20.0866 5356  SCPolicySvc - ok
23:19:20.0898 5356  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:19:20.0913 5356  SDRSVC - ok
23:19:20.0960 5356  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:19:21.0007 5356  secdrv - ok
23:19:21.0038 5356  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
23:19:21.0085 5356  seclogon - ok
23:19:21.0100 5356  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
23:19:21.0147 5356  SENS - ok
23:19:21.0163 5356  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:19:21.0194 5356  SensrSvc - ok
23:19:21.0210 5356  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:19:21.0225 5356  Serenum - ok
23:19:21.0272 5356  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:19:21.0303 5356  Serial - ok
23:19:21.0319 5356  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:19:21.0350 5356  sermouse - ok
23:19:21.0366 5356  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
23:19:21.0397 5356  SessionEnv - ok
23:19:21.0428 5356  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:19:21.0459 5356  sffdisk - ok
23:19:21.0459 5356  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:19:21.0475 5356  sffp_mmc - ok
23:19:21.0475 5356  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:19:21.0490 5356  sffp_sd - ok
23:19:21.0490 5356  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:19:21.0506 5356  sfloppy - ok
23:19:21.0537 5356  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:19:21.0584 5356  SharedAccess - ok
23:19:21.0615 5356  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:19:21.0631 5356  ShellHWDetection - ok
23:19:21.0678 5356  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:19:21.0693 5356  SiSRaid2 - ok
23:19:21.0709 5356  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:19:21.0709 5356  SiSRaid4 - ok
23:19:21.0756 5356  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:19:21.0756 5356  SkypeUpdate - ok
23:19:21.0787 5356  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:19:21.0834 5356  Smb - ok
23:19:21.0865 5356  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:19:21.0880 5356  SNMPTRAP - ok
23:19:21.0896 5356  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:19:21.0912 5356  spldr - ok
23:19:21.0943 5356  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
23:19:21.0958 5356  Spooler - ok
23:19:22.0052 5356  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:19:22.0114 5356  sppsvc - ok
23:19:22.0146 5356  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:19:22.0177 5356  sppuinotify - ok
23:19:22.0224 5356  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:19:22.0255 5356  srv - ok
23:19:22.0286 5356  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:19:22.0317 5356  srv2 - ok
23:19:22.0333 5356  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:19:22.0348 5356  srvnet - ok
23:19:22.0395 5356  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:19:22.0426 5356  SSDPSRV - ok
23:19:22.0426 5356  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:19:22.0473 5356  SstpSvc - ok
23:19:22.0504 5356  Steam Client Service - ok
23:19:22.0536 5356  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:19:22.0536 5356  stexstor - ok
23:19:22.0582 5356  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
23:19:22.0614 5356  stisvc - ok
23:19:22.0629 5356  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:19:22.0645 5356  swenum - ok
23:19:22.0676 5356  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:19:22.0723 5356  swprv - ok
23:19:22.0770 5356  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:19:22.0785 5356  SynTP - ok
23:19:22.0848 5356  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
23:19:22.0894 5356  SysMain - ok
23:19:22.0910 5356  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:19:22.0926 5356  TabletInputService - ok
23:19:22.0941 5356  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:19:22.0988 5356  TapiSrv - ok
23:19:22.0988 5356  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:19:23.0035 5356  TBS - ok
23:19:23.0097 5356  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:19:23.0128 5356  Tcpip - ok
23:19:23.0191 5356  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:19:23.0222 5356  TCPIP6 - ok
23:19:23.0253 5356  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:19:23.0284 5356  tcpipreg - ok
23:19:23.0316 5356  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:19:23.0331 5356  TDPIPE - ok
23:19:23.0362 5356  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:19:23.0394 5356  TDTCP - ok
23:19:23.0409 5356  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:19:23.0456 5356  tdx - ok
23:19:23.0472 5356  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:19:23.0472 5356  TermDD - ok
23:19:23.0518 5356  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
23:19:23.0550 5356  TermService - ok
23:19:23.0565 5356  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:19:23.0581 5356  Themes - ok
23:19:23.0596 5356  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:19:23.0628 5356  THREADORDER - ok
23:19:23.0659 5356  [ 11699D47B3491D86249C168496D55C92 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
23:19:23.0659 5356  tosrfec - ok
23:19:23.0690 5356  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:19:23.0737 5356  TrkWks - ok
23:19:23.0784 5356  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:19:23.0815 5356  TrustedInstaller - ok
23:19:23.0830 5356  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:23.0862 5356  tssecsrv - ok
23:19:23.0893 5356  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:19:23.0940 5356  tunnel - ok
23:19:23.0971 5356  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:19:23.0971 5356  uagp35 - ok
23:19:23.0986 5356  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:19:24.0018 5356  udfs - ok
23:19:24.0049 5356  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:19:24.0064 5356  UI0Detect - ok
23:19:24.0080 5356  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:19:24.0096 5356  uliagpkx - ok
23:19:24.0127 5356  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:19:24.0142 5356  umbus - ok
23:19:24.0158 5356  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:19:24.0174 5356  UmPass - ok
23:19:24.0252 5356  [ CC3775100ABA633984F73DFAE1F55CAE ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:19:24.0298 5356  UNS - ok
23:19:24.0330 5356  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:19:24.0376 5356  upnphost - ok
23:19:24.0408 5356  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:24.0423 5356  usbccgp - ok
23:19:24.0439 5356  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:19:24.0454 5356  usbcir - ok
23:19:24.0486 5356  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:19:24.0501 5356  usbehci - ok
23:19:24.0532 5356  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:19:24.0548 5356  usbhub - ok
23:19:24.0564 5356  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:19:24.0579 5356  usbohci - ok
23:19:24.0595 5356  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:19:24.0626 5356  usbprint - ok
23:19:24.0642 5356  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:24.0657 5356  USBSTOR - ok
23:19:24.0688 5356  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:19:24.0704 5356  usbuhci - ok
23:19:24.0735 5356  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:19:24.0751 5356  usbvideo - ok
23:19:24.0782 5356  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:19:24.0813 5356  UxSms - ok
23:19:24.0829 5356  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
23:19:24.0829 5356  VaultSvc - ok
23:19:24.0860 5356  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:19:24.0860 5356  vdrvroot - ok
23:19:24.0907 5356  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
23:19:24.0922 5356  vds - ok
23:19:24.0954 5356  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:24.0969 5356  vga - ok
23:19:25.0000 5356  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:19:25.0047 5356  VgaSave - ok
23:19:25.0047 5356  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:19:25.0063 5356  vhdmp - ok
23:19:25.0078 5356  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:19:25.0078 5356  viaide - ok
23:19:25.0110 5356  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:19:25.0125 5356  volmgr - ok
23:19:25.0141 5356  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:19:25.0156 5356  volmgrx - ok
23:19:25.0172 5356  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:19:25.0172 5356  volsnap - ok
23:19:25.0203 5356  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:19:25.0219 5356  vsmraid - ok
23:19:25.0266 5356  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
23:19:25.0312 5356  VSS - ok
23:19:25.0328 5356  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:25.0344 5356  vwifibus - ok
23:19:25.0375 5356  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:25.0406 5356  vwififlt - ok
23:19:25.0437 5356  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:19:25.0468 5356  W32Time - ok
23:19:25.0500 5356  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:19:25.0515 5356  WacomPen - ok
23:19:25.0562 5356  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
23:19:25.0593 5356  WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
23:19:25.0593 5356  WajamUpdater - detected UnsignedFile.Multi.Generic (1)
23:19:25.0624 5356  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:19:25.0671 5356  WANARP - ok
23:19:25.0671 5356  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:19:25.0702 5356  Wanarpv6 - ok
23:19:25.0765 5356  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
23:19:25.0796 5356  wbengine - ok
23:19:25.0812 5356  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:19:25.0827 5356  WbioSrvc - ok
23:19:25.0843 5356  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:19:25.0858 5356  wcncsvc - ok
23:19:25.0874 5356  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:19:25.0890 5356  WcsPlugInService - ok
23:19:25.0905 5356  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:19:25.0921 5356  Wd - ok
23:19:25.0936 5356  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:19:25.0952 5356  Wdf01000 - ok
23:19:25.0968 5356  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:19:25.0999 5356  WdiServiceHost - ok
23:19:25.0999 5356  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:19:26.0014 5356  WdiSystemHost - ok
23:19:26.0061 5356  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
23:19:26.0077 5356  WebClient - ok
23:19:26.0092 5356  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:19:26.0139 5356  Wecsvc - ok
23:19:26.0170 5356  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:19:26.0202 5356  wercplsupport - ok
23:19:26.0217 5356  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:19:26.0264 5356  WerSvc - ok
23:19:26.0280 5356  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:26.0326 5356  WfpLwf - ok
23:19:26.0326 5356  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:19:26.0342 5356  WIMMount - ok
23:19:26.0373 5356  WinDefend - ok
23:19:26.0373 5356  WinHttpAutoProxySvc - ok
23:19:26.0436 5356  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:19:26.0482 5356  Winmgmt - ok
23:19:26.0545 5356  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:19:26.0607 5356  WinRM - ok
23:19:26.0638 5356  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:19:26.0654 5356  WinUsb - ok
23:19:26.0701 5356  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:19:26.0732 5356  Wlansvc - ok
23:19:26.0748 5356  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:26.0763 5356  WmiAcpi - ok
23:19:26.0794 5356  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:19:26.0810 5356  wmiApSrv - ok
23:19:26.0841 5356  WMPNetworkSvc - ok
23:19:26.0872 5356  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:19:26.0919 5356  WPCSvc - ok
23:19:26.0935 5356  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:19:26.0982 5356  WPDBusEnum - ok
23:19:26.0997 5356  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:19:27.0044 5356  ws2ifsl - ok
23:19:27.0060 5356  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
23:19:27.0091 5356  wscsvc - ok
23:19:27.0091 5356  WSearch - ok
23:19:27.0153 5356  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:19:27.0216 5356  wuauserv - ok
23:19:27.0216 5356  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:19:27.0247 5356  WudfPf - ok
23:19:27.0278 5356  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:27.0325 5356  WUDFRd - ok
23:19:27.0356 5356  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:19:27.0403 5356  wudfsvc - ok
23:19:27.0418 5356  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:19:27.0450 5356  WwanSvc - ok
23:19:27.0481 5356  ================ Scan global ===============================
23:19:27.0496 5356  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:19:27.0528 5356  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:19:27.0543 5356  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:19:27.0559 5356  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:19:27.0606 5356  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:19:27.0606 5356  [Global] - ok
23:19:27.0606 5356  ================ Scan MBR ==================================
23:19:27.0621 5356  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:19:27.0840 5356  \Device\Harddisk0\DR0 - ok
23:19:27.0840 5356  ================ Scan VBR ==================================
23:19:27.0840 5356  [ 0A9414F44EA6067B8DC70A4A95A4E2E7 ] \Device\Harddisk0\DR0\Partition1
23:19:27.0840 5356  \Device\Harddisk0\DR0\Partition1 - ok
23:19:27.0855 5356  [ 303722901FE22B500219D1AB2C648C33 ] \Device\Harddisk0\DR0\Partition2
23:19:27.0855 5356  \Device\Harddisk0\DR0\Partition2 - ok
23:19:27.0871 5356  [ B8F6950478465028C3BBF1EE5368E560 ] \Device\Harddisk0\DR0\Partition3
23:19:27.0886 5356  \Device\Harddisk0\DR0\Partition3 - ok
23:19:27.0886 5356  ============================================================
23:19:27.0886 5356  Scan finished
23:19:27.0886 5356  ============================================================
23:19:27.0886 3784  Detected object count: 1
23:19:27.0886 3784  Actual detected object count: 1
23:19:33.0939 3784  WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:33.0939 3784  WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 25.09.2012, 22:32   #8
markusg
/// Malware-holic
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



hi
poste mal otl logs der anderen beiden pcs, nummerieren bitte, + die funde der instalierten antimalware programme
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.09.2012, 22:35   #9
Jiimbo
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



ok, das werde ich morgen machen.
Danke schon mal soweit!

Alt 25.09.2012, 22:46   #10
markusg
/// Malware-holic
 
telekom Abuse Meldung malware - Standard

telekom Abuse Meldung malware



kein prob
bitte die rechner nur dann online bringen, wenn unbedingt nötig, ansonsten netzwerkkabel raus, bzw wlan aus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu telekom Abuse Meldung malware
.dll, adware, avg, avira, beseitigung, botnetzbetreiber, brief, computer, desktop, euro, gesperrt, home, kunde, malware, modul, ntdll.dll, problem, programm, prozesse, registry, server, services.exe, sinkhole, spam, svchost.exe, temp, warnung, windows, winlogon.exe, wuauclt.exe



Ähnliche Themen: telekom Abuse Meldung malware


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Telekom Abuse-Meldung Bedep
    Log-Analyse und Auswertung - 15.06.2015 (15)
  5. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  6. urlzone2 Infektion Meldung von abuse telekom
    Log-Analyse und Auswertung - 31.10.2014 (9)
  7. Telekom Abuse Brief
    Log-Analyse und Auswertung - 09.09.2013 (19)
  8. "Abuse-Meldung" von Telekom erhalten - Verdacht auf Schadsoftware..
    Log-Analyse und Auswertung - 03.09.2013 (13)
  9. Telekom schickt abuse Brief (Sinkhole)
    Log-Analyse und Auswertung - 06.07.2013 (36)
  10. Spam Verdacht Telekom Abuse
    Log-Analyse und Auswertung - 25.06.2013 (6)
  11. Telekom Abuse
    Log-Analyse und Auswertung - 12.03.2013 (20)
  12. Telekom Brief Abuse bzgl. Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (12)
  13. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  14. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
  15. Telekom Abuse: Spamversand
    Log-Analyse und Auswertung - 23.07.2012 (1)
  16. Telekom Abuse Meldung: Rootkit
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (14)
  17. Telekom Abuse - Mailversandsperre - Malware(?) gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (11)

Zum Thema telekom Abuse Meldung malware - Hallo Zusammen. Ich habe heute einen Brief von der Telekom bekommen, dass von meinem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind. Ich habe bisher nur ein auffälliges Problem feststellen - telekom Abuse Meldung malware...
Archiv
Du betrachtest: telekom Abuse Meldung malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.